I have seen that one,
I would guess, it came through Shared folder having everyone full access.
Blakemal virus, turn any file it finds in shared folder into EXE.
So, basically, if they had taken a output of some AD query and named file as full OU path.txt
virus just loaded itself into it and renamed it to EXE.
If Symantec definitions are up to date, they will most likely not find that file on server.
It must have been moved to quarantine.
So, either be paranoid and rebuild the DC or remove sharing of that folder and do a complete thorough scan of DC with latest def files.
--
Kamlesh
On 2/21/06, joe <[EMAIL PROTECTED]> wrote:
The first thing I would do is find out if there actually is or was a file by that name on my DC.If there was the second thing I would do is find out where it came from and who put it there so I could process their termination paperwork. :o)
From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Noah Eiger
Sent: Monday, February 20, 2006 3:01 PM
To: [email protected]
Subject: [ActiveDir] Is the Directory Infected?
An associate emailed me yesterday and asked if he should be concerned about this which popped up on his DC console from Norton AV Corp Edition:
"Message from DC03 to DC01 on 2/19/2006.
Virus Found!Virus name: [EMAIL PROTECTED] in DC01 CN=Schema,CN=Configuration,DC=company,DC=com-DC03.exe"
I said "yes, looks like you have a virus on your DC." But what is actually infected here? Is the Directory infected? And why does it list that as an exe?
Thanks.
- nme
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.375 / Virus Database: 267.15.11/264 - Release Date: 2/17/2006
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Be the change you want to see in the World"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
