Posted on 2004-09-16
a user (the CEO) brought an infected laptop onto our network. It was mostly infected with BeagleAG. There was no blatant noticable affect to our network, no slowness nothing bogged down, even the PC itself was not running too bad...
1. the virus definitions had not been updated since 21 July. He was running SAV 8.1. Live Update appeared to have been disabled. updated to SAV 9.0, same def. date. completely removed SAV and reinstalled 9.0 updated to current definitions.
2. SAV found 250 infected fles and quarantined them all. Ran removal tools, and a full system scan. Also ran full system scan in safe mode. the removal tools and scans found nothing else. System restore had been disabled before scanning.
3. The other executives began getting emails 'from' other execs with the BeagleAG virus. None of these other PC's are infected. No one outside of the Sr Mgt group is recievng the messages. All viruses are being detected and quarantined.
Why is the message still being sent to other Execs?? And if the message is being decteted and quarantined why/how is it still getting forwarded?
keep in mind that we are talking about 5 out of 100 users and that the messages are only being sent to this specific group. No one else in the company is getting these messages from these or any other users.
OS is WinXPSp1 on all clients. SAV9.0, Exchange 5.5
Thanks for the help