General discussion

New infection found. Yet to be named....

CtDrvMvi.exe is just one of the file name in C:\windows\system32\ This file is requres the conime in the same folder to rum and has some entries in the registry also. This infection slows down the internet browsing speed. Brings in pops like "CtDrvMvi.exe encountered a problem and needed to close". Spreads fast in a network.
The five alpghabets(CtDrvM?.exe) remain the same but the rest keeps on changing

Has anyone come across this infection. if so please let me know if there is a resolution. well there are solutions on an indonesian website http://www.corozilla.net/2010/03/19/conime-exe-dan-ctdrvmgq-exe/ but that does not help.

Discussion is locked

Follow
Reply to: New infection found. Yet to be named....
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: New infection found. Yet to be named....
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
What an odd claim.

Today such things only spread to machines that the owners didn't protect with firewalls and more.

Why would you setup such a system?
Bob

- Collapse -
Corporate network with symantec Enpoint protection.

well that is rite ! but this is a corporate network with sysmantec end point protection. we also have PIX firewalls installed. This does not seem to be spreading between VLANS. This is just seen in one particular VLAN.

- Collapse -
Which doesn't sound like anything new.

Such infections and worms exploit such setups. Nothing seems new about this.
Bob

- Collapse -
Nothing new but the virus is..........

Sorry for the repost!

What such setups ? i did not get you there. So is there a solution that you might know to resolve the same.

Thank in advance,
Anish

- Collapse -
The usual setups.

File shares leave the servers wide open to some user opening a trojan or virus and infecting the servers.

It's a shame your IT staff failed you so badly here. There are well accepted protocols for ridding a network of worms and more but wouldn't your IT staff know this and pick up the phone if they didn't?

I'd reconsider those IT staffer's jobs and ask them to perform their jobs or risk getting fired.
Bob

PS. If you truly are unaware of the usual protocols, try the Cnet Antispyware forum and ask there. This is the XP forum so a little too far off topic.

- Collapse -
Corporate Network with Symantec Endpoint

Thanks for the reply Bob !

We are a Corporate network with Symantec Endpoint protection behind a PIX Firewall. Tried all possible ways to get this out of the network and failed. This infection does not seem to be spreading between VLAN's, just this VLAN.

- Collapse -
Given your story.

Your IT staff failed you. The better IT staffer knows to pick up the phone to Symantec to learn what to do next.

Your story is sadly a repeat of what has happened before.
Bob

- Collapse -
Well i guess.......

We've contacted them and we are waiting for there reply. I was hoping that i'd get a resolution form here.

- Collapse -
Let's see your disaster plan.

Your post makes some announcement about a new pest but didn't share the details. I took it as the usual post about that but later you reveal it's some company network.

At this point you need to task your IT staff to begin the usual disaster plan. All network shares are set to READ ONLY if not removed outright and you call up your support line at Symantec to see how to send in the new pest so they can share how to use their product to remove it from the infected machines.

This is not the entire protocol but your post didn't tell the full story but now that we know it's a business and a bit more all that seems to be missing is your well trained IT staff and their disaster plans.
Bob

- Collapse -
will check with antispyware forum

will check with the Cnet Antispyware forum.

Thanks,
Anish

CNET Forums

Forum Info