• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Weird Security Incident - Help Needed!

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Computer Forensics and Incident Response

View previous topic :: View next topic  
Author Message
dump2sia
Just Arrived
Just Arrived


Joined: 22 Oct 2009
Posts: 0


Offline

PostPosted: Fri Oct 23, 2009 12:08 am    Post subject: Weird Security Incident - Help Needed! Reply with quote

Hi,

I have a weird issue thats going on the network. Some of the Windows XP machines are either infected or affected by this problem. i cant call it a virus because there is nothing on Symantec's website or on the internet or maybe i havent looked hard enough...but right i am desperate more and more pcs are getting this. the symptoms are as follows :-

unknown folders created in C drive - named as X or multiple "X" - the contents are randomly picked up from other folders on the machine e.g. i386

Outlook gives an error message and when outlook is restarted it will not link to the pst file due to insufficient rights

Application uninstall by itselft including Symantec Endpoint Security 11, Oracle client, Avaya IP Softphone, etc.

PC does not boot up due to the system folder is missing or the files in system folder is missing - data is still intact

We have Symantec Endpoint Protection Manager as the AV Server nothing is reported the PC's affected do not show any sort of virus attack or such. i am baffled....has anyone come across this kind of situation.

What should I do next? We had scanned infected PCs's hard disk using latest Symantec & McAfee anti-virus by attching hard disk as USB drive on a clean PC. Also run number of anti-rootkits tools but... ;(

I'm not sure whether this is insider job - sabotage our IT system. Any tools I can use or any log should I be looking at now.... had checked Windows event viewer but can not find anything that is suspicious
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Computer Forensics and Incident Response All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register