Weird Security Incident - Help Needed!

Networking/Security Forums -> Computer Forensics and Incident Response

Author: dump2sia PostPosted: Fri Oct 23, 2009 12:08 am    Post subject: Weird Security Incident - Help Needed!

I have a weird issue thats going on the network. Some of the Windows XP machines are either infected or affected by this problem. i cant call it a virus because there is nothing on Symantec's website or on the internet or maybe i havent looked hard enough...but right i am desperate more and more pcs are getting this. the symptoms are as follows :-

unknown folders created in C drive - named as X or multiple "X" - the contents are randomly picked up from other folders on the machine e.g. i386

Outlook gives an error message and when outlook is restarted it will not link to the pst file due to insufficient rights

Application uninstall by itselft including Symantec Endpoint Security 11, Oracle client, Avaya IP Softphone, etc.

PC does not boot up due to the system folder is missing or the files in system folder is missing - data is still intact

We have Symantec Endpoint Protection Manager as the AV Server nothing is reported the PC's affected do not show any sort of virus attack or such. i am baffled....has anyone come across this kind of situation.

What should I do next? We had scanned infected PCs's hard disk using latest Symantec & McAfee anti-virus by attching hard disk as USB drive on a clean PC. Also run number of anti-rootkits tools but... ;(

I'm not sure whether this is insider job - sabotage our IT system. Any tools I can use or any log should I be looking at now.... had checked Windows event viewer but can not find anything that is suspicious

Networking/Security Forums -> Computer Forensics and Incident Response

output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group