Potential Virus (VB.exe)[norton system service?]
Posted on 2007-04-04
So a user comes up to me one day and says "I cannot get online"
He was unable to access 95% of the network resorces. I say 95% cause he was actually able to access one network drive. Aside from that he was not able to surf the net do email or anything. He was able to ping all server and external addresses. Everything seemed to be setup correctly.
After looking through the system I found the source of the problem. A process called "vb.exe" was running, and when you closed this process everything was working again.
This file is located in the system32, as well as the prefetch.
There was also a registry entry in the HKLM...bla bla bla...Microsoft Run folder vb.exe, the string beside it says it was a "norton system service"
Well throughout the day user 2 came to me and had the same problem. This is when I got worried. I removed the enteries the files the process and it has been fixed for these users. Never heard anything back.
Well as I am writing this (Next day) I have recieved 3 people tell me this morning in 45 mins that they have the same problem.
How can I find out how this file is replicating? How can I find out where it's coming from or where it came from, what can I do?
We run a 25-30 server environment of Windows 2003/2000 with Symantec 10.0 rolled out to all clients and servers with updated definitions. Symantec is reporting no problem.