[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1954
  • Last Modified:

Trend-Micro viruses detected but infected file not cleaned nor quarrantined

We have Trend-Micro on our Server and pushed to all clients in the network.  The log says that "Virus were detected but infected files can neither be cleaned or quarrantined".  Does this mean the viruses are now in the network and what to do with them.  There were already 2 computers that are dead and doesn't start by pressing the ON button in front of the case.  Thanks in advance.
3 Solutions
First, the 2 computers that won't turn on when you press the power button - this has nothing to do with the virus, probably a hardware problem. What model are they?

Re. the virus that cannot be cleaned, can you post any details, such as the name and location of the file that could not be cleaned.

Even better, do the following on one of the machnes you know to be infected:

Download and run HijackThis from http://www.hijackthis.de/
(use the "direct download" link in the upper-right corner)
Copy-and-paste the resulting log here.

In short, yes it is saying you have viruses on the network.  But it may be grouping spyware or even 'hostile cookies' in to that message. So the details matter a lot.

r-k is right that the dead computers are really not likely related.  While it is technically possible for a virus to have a payload that makes a machine not boot there are few if any in existence that will do that.  Failure to power up is a failure with the power supply, motherboard, cpu, or RAM.  (mostly commonly the machine isn't plugged into power, but I'm sure you already looked at that.)

What to do?  Look at your Trend-Micro logs and see which files in which locations are reported as infected.    Consider the location of the file, type of file, and threat listed in evaluating your response.  EXE's are replaced easily enough.  Cookies can just be deleted.  Some things are harder.
When you can't delete a virus, it means it is a terminate and stay resident program or it is running services that can't be stopped. Get a good boot up antivurs.

Also some antivurs removal tools for that particular virus work best. Symantec makes some real good ones for tough viruses.

Some things you should know of when removing a virus:
Some viruses take advantage of system restore or can run an install script upon startup. You will have to aid your antivirus in deleting this stuff.
Disable system restore and go into msconfig and stop all but basic startup programs.

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now