cloudycun
asked on
Error: Access denied when using webmail
Nowadays, in my city apprear 1 problem: When open a website, having popup in China words (I see that is W32.FialaM virus ( W32.Dashfer) from China). And then, network speed is slow; sometimes, we cannot using webmail, error: Access Denied. We used Symantec but not usefull.
Can you fix that
Can you fix that
Download Combofix as well
Disable Antivirus
Attach the log here
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Disable Antivirus
Attach the log here
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Few other steps you should have to apply.
Clean your TEMP Folder
Disable All startup Items.
Clean your Temp folder located in windows folder
Disable your System restore.
Re-enable it and create a system restore point.
Also download Spyware Scanner
Install and scan
http://www.411-spyware.com/spyware-scanner/confirmation.php
Hopefully this will remove it
Clean your TEMP Folder
Disable All startup Items.
Clean your Temp folder located in windows folder
Disable your System restore.
Re-enable it and create a system restore point.
Also download Spyware Scanner
Install and scan
http://www.411-spyware.com/spyware-scanner/confirmation.php
Hopefully this will remove it
ASKER
I will try on my computer. But, there are more computers on my network, they have been already infected. Must I do on each computer? One computer is infected, it will make others computers infected (if I don't scan virus on all computer at the time>
How many Pcs do you have on this network? Do you have server installed ?
Cleaning temp on a network is easy, you can create a script and submit it to the network if you have windows server environment.
I'm not sure if combofix will work if it was processed with a script or not.
Cleaning temp on a network is easy, you can create a script and submit it to the network if you have windows server environment.
I'm not sure if combofix will work if it was processed with a script or not.
ASKER
We have about more 112 pcs and ten servers. Can you guide me create a script to clean on my network?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Pleased check log file. Thanks a lot
hijackthis.log
hijackthis.log
ASKER
Please check my combox log file
(message from Kaspersky.doc is message from Kaspersky when we broswer website)
logcombox.txt
message--from-Kaspersky.doc
(message from Kaspersky.doc is message from Kaspersky when we broswer website)
logcombox.txt
message--from-Kaspersky.doc
Please check this blog for more info
http://quangntenemy.blogsp
it appears to be using an ARP / man in the middle attack like the late W32.ARPIFRAME worm
http://www.symantec.com/security_response/writeup.jsp?docid=2007-061222-0609-99
The risk of this worm , is that it has most likely inflitrated your LAN, i.e. if there are more computers on your network they might be already infected.
from the machine you are experiencing the problem , Please post a hijack this log
download from http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php
Install it , restart into safe mode, run a system scan & choose to save log file
Please attach log here.
we should be able to identify the infection entries.
also if you can right click the window of any of the pop ups , choose VIEW SOURCE , save the text file & attach it as well, this could be helpful in tracking / blocking this attack.