Forefront doesnt clean virus W32.Bancos in some instances
Hi I am having trouble with forefront client cleaning bancos virus. It doesnt seem to clean it successfully across all machines. given below info from MOM
Severity: Security Issue
Maintenance Mode: False
Domain:
Computer:
Time Last Modified: 8/2/2009 1:20:30 PM
Resolution State: New
Time in State: 8/2/2009 8:43:39 AM
Problem State: 0
Repeat Count: 3
Name: Malware on Network - Failed Response (Alert Level 2)
Source: Microsoft Forefront Client Security Threat ID = 2147627172
Ticket Id:
Owner:
Description: Client Security failed to eliminate the following threat:
- Threat name: TrojanSpy:Win32/Bancos.OH
- Attempted action: RemoveThe antimalware engine on the client computer returned the following:
- Error code: 0x80508024
- Error message: To finish removing spyware and other potentially unwanted software, you need to run a full scan. For information about scanning options, see Help and Support.
To investigate and resolve this incident:
1. Learn about the threat and its mitigation. Consult the Microsoft Malicious Software Encyclopedia:
http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanSpy:Win32/Bancos.OH
2. Identify computers infect with this malware. Consult the Malware Detail Report:
tab.
Time of Last Event: 8/2/2009 1:20:29 PM
Time Raised: 8/2/2009 12:43:37 PM
Alert Id: bd634331-b0be-40c1-bea1-ab35d3ac6d83
Rule Id: 2182f53c-a676-478d-a758-9280b908e181
Rule Name: Malware on Network - Failed Response (Alert Level 2)
CustomField1: Microsoft Forefront Client Security
CustomField2: Threat
CustomField3: 2147627172
CustomField4:
CustomField5:
Time Added: 8/2/2009 12:43:39 PM
Time of First Event: 8/2/2009 12:43:37 PM
Time Resolved:
Resolved By:
Modified By: NT AUTHORITY\NETWORK SERVICE
Computer Custom Data 1:
Computer Custom Data 2:
Maintenance Mode End:
Maintenance Mode User:
Maintenance Mode Reason:
Answers
- Hi!
This is hard to troubleshoot. I would contact Microsoft support, they will help you (i won't promise anything but they will probably help you fro free since its a security incident).
If you can get your hands on a sample, please upload it to Microsofts AntiMalware portal so they can analyse and create definition files.
https://www.microsoft.com/security/portal
/Johan
MCSE, forefront spec | www.msforefront.com- Marked As Answer byNick Gu - MSFTMSFT, ModeratorMonday, August 17, 2009 1:36 AM
All Replies
- sorry i forgot to add that this is inspite of running a full scan multiple times.. on one of the machines, i had to reinstall norton trial and have it remove the virus, but its not possible to do this on all infected machines..
- Hi!
This is hard to troubleshoot. I would contact Microsoft support, they will help you (i won't promise anything but they will probably help you fro free since its a security incident).
If you can get your hands on a sample, please upload it to Microsofts AntiMalware portal so they can analyse and create definition files.
https://www.microsoft.com/security/portal
/Johan
MCSE, forefront spec | www.msforefront.com- Marked As Answer byNick Gu - MSFTMSFT, ModeratorMonday, August 17, 2009 1:36 AM
