Windows 7 - ircphate.exe- trojan

Asked By microsoft

28-Dec-09 01:16 AM

Hi

I am running Windows 2003 server.  This server is a member server and its
primary role is a file server.  Norton Symantec Antivirus Corproate Edition
initally detected this trojan and quarantined it.  However whenever the users
on the network access particular share the above captioned trojan file is
presented within Norton.  I then used Kapesky which indicated that the file
was deleted successfully.  However after a day the trojan has reappeared.
Has anyone ecountered this virus and if so what can I do to fully remove it.

There is not much documentation available as yet on this virus which
therefore makes it difficult to resolve and remove.

Symantec simply points o the share on teh network as the lcoation of the
trojan, how can I nfirm what is the souce and how to fully remove it.

Security Virus Discussions

Report
(1)

Corproate
(1)

Symantec
(1)

Kapesky
(1)

Windows
(1)

Sophos
(1)

Mailto
(1)

Souce
(1)

David H. Lipman replied to microsoft

28-Dec-09 06:22 AM

| Hi

| I am running Windows 2003 server.  This server is a member server and its
| primary role is a file server.  Norton Symantec Antivirus Corproate Edition
| initally detected this trojan and quarantined it.  However whenever the users
| on the network access particular share the above captioned trojan file is
| presented within Norton.  I then used Kapesky which indicated that the file
| was deleted successfully.  However after a day the trojan has reappeared.
| Has anyone ecountered this virus and if so what can I do to fully remove it.

| There is not much documentation available as yet on this virus which
| therefore makes it difficult to resolve and remove.

| Symantec simply points o the share on teh network as the lcoation of the
| trojan, how can I nfirm what is the souce and how to fully remove it.

Probably Symantec is only seeing part of the infection and is missing the major
components.|

Please submit a sample to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it.  In addition Virus
Total will provide the sample to all participating vendors.

You can also submit a suspect, one at a time, via the following email URL...
mailto:scan@virustotal.com?subject=SCAN

When you get the report, please post back the exact results.

Then you may also may want to scan the server and workstations with my Multi-AV Scanning
Tools Sophos and McAfee modules.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

Previous Discussion: Where to send suspected viruses?

Troubleshooting Long Boot Time? Windows 7

Troubleshooting Long Boot Time? Windows 7 Just re-imaged my PC last nite. The image was not from that long boot time has gone completely down the tubes. I am getting 1:25 to the Windows Desktop, but at that point there is no connectivity to my NAS box. TeamViewer, OTOH trial-and-error removal of everything optional startup that I can think of? - - Pete Cresswell Windows XP Discussions WINDOWS system32 (1) Office (1) Vista (1) Adobe (1) Backup (1) Disk (1) Bit (1) XP know what: = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = XPBA 1.0 21.1.2012 20:11:21.276 = = = ProcessId -1 C: \ WINDOWS \ system32 \ ntkrnlpa.exe 21.01.2012 20:09:19.703 0 ms { C: \ WINDOWS \ system32 \ ntkrnlpa.exe 21.01.2012 20:09:19.703 C: \ WINDOWS \ system32 \ hal.dll 21.01.2012 20:09:19.703 C WINDOWS \ system32 \ KDCOM.DLL 21.01.2012 20:09:19.703 C: \ WINDOWS \ system32 \ BOOTVID.dll

cannot access WINDOWS UPDATE successfully . . . keeps soliciting New!Get Microsoft Update today! Windows 7

cannot access WINDOWS UPDATE successfully . . . keeps soliciting New!Get Microsoft Update today! Windows 7 I am running Windows XP SP3 Home Edition on 1 of 4 PC's and it is been updated through early April 2011. Prior to this, accessing Windows Updates (via http: / / www.update.microsoft.com / windowsupdate / v6 / default.aspx?ln = en-us) worked to understand why. Recently, around the middle of April 2011, each time I went to Windows Update, the page initially appears and I can briefly see the 2 buttons (of which my PC running XP SP3 Home Edition because my other 3 PC's, all running Windows XP SP3 Professional with Internet Explorer 6 are having no problems with Windows Update. This is also why I prefer not upgrading to Internet Explorer 8 on my Edition. Because my 3 PC's running XP Professional XP3 are not having problems accessing Windows Update with Internet Explorer 6, it seem reasonable to conclude that this is an XP

Why do you still use Windows XP? Windows 7

Why do you still use Windows XP? Windows 7 Give your reasons. Do you plan to upgrade ever? If so, when and why point where this OS will be problematic with new hardware? Personally I am waiting for Windows 8 to release a second service pack. XP sucked when it first came out until did not work, it had to enabled then disabled to be disabled for real. Sigh. . . Windows XP Discussions Windows XP (1) Windows Embedded (1) Windows Server (1) Microsoft Word (1) Windows Media (1) PowerPoint (1) Smart Card (1) Outlook 2010 (1) | Give your reasons. | | Do you

Import Calendar from Outlook 2003, or from csv file? Windows 7

Import Calendar from Outlook 2003, or from csv file? Windows 7 The title says it all - is this possible? Windows Live Mail Desktop Discussions Windows XP (1) Microsoft Exchange (1) Windows Mail Windows Live Mail (1) Outlook 2003 (1) Windows 7 (1) Office (1) Vista (1 Windows Live Photo Gallery (1) I do not believe that there is any option to import main calendar to the Hotmail Calendar in Outlook and these will sync to the server. Windows Live Mail will then sync these back down. Do note that this newsgroup exists only

Vista 64 SP2 will not install KB976325 and KB974318. . . Windows 7

Vista 64 SP2 will not install KB976325 and KB974318. . . Windows 7 Hi I get error code 8007065E and 800B0100 when trying to update my Vista no luck. I have also tried disable AVG 9.0 before updating. Here is my windows update log: 2010-01-14 11:43:58:786 1264 1a48 AU Getting featured update download = 1 2010-01-14 11:58:08:075 1264 150c Agent * Title = Sikkerhedsopdatering til Windows Vista til x64-baserede systemer (KB974318) 2010-01-14 11:58:08:075 1264 150c 150c Handler Generating request for CBS update 673B8528-6EBA-4289-AB96-A74F8CBF4B1C in sandbox C: \ Windows \ SoftwareDistribution \ Download \ 07ee3389e33ec259fc95ee152a21f7e1 2010-01-14 11:58:08:291 1264 150c Handler Selected payload 11:58:09:681 1264 150c Agent * Title = Samlet sikkerhedsopdatering til Internet Explorer 8 til Windows Vista x64-baserede systemer (KB976325) 2010-01-14 11:58:09:681 1264 150c Agent 150c Handler Generating request for CBS update 2D805CB4-66F8-4EC2-9C93-24E7E9E95D93 in sandbox C: \ Windows \ SoftwareDistribution \ Download \ cb2dfaf69b5d9c329d595538fb0b0321 2010-01-14 11:58:10:937 1264 150c Handler Selected payload 58:42:774 1264 150c Agent * ** ** ** ** ** ** 2010-01-14 11:58:42:779 1264 150c Report REPORT EVENT: {C466F170-D3B2-4466-90AA-6E4709131E42} 2010-01-14 11:58:08:946+0100 1