I am a Network Administrator in a local company. A week ago, a user who uses a laptop reported that it's been notified by "Symantec Antivirus" about a virus infection being cleaned. The infection notice pops up from time to time several times a day. The context what Symantec writes is:
[codebox]Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Backdoor.IRC.Bot
File: C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\QBKHW5AX\x[6]
Location: C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\QBKHW5AX
Computer: PROXY
User: XXX
Action taken: Clean failed : Quarantine failed : Access denied
Date found: Tue Jul 21 10:26:48 2009[/codebox]
I went on the internet and googled a couple of things. Some websites told me that it was a moderate threat leveled trojan of some sort and is almost harmless. I have a firewall installed in the premises though. After 3-4 days I started getting multiple reports about the "Symantec Notification". Now, I started to worry a little. Tried Symantec, a-Squared, MalwareBytes, SpyHunter, Kaspersky Online Scanner and other scanners but this virus is spreading all over my network. I need a solution which I could implement on all my infected PC's and on all the servers too. Our server's are running "Windows 2000 Server's" and "Windows 2003 Server's". I need help and I would appreciate if I could get it fast.
Attaching the files along with the post. An additional log has ben attached which defines the prompts I have started to get on my Proxy Server.
Thanks for all the Help provided.