Swen.A mystery

Discussion in 'Computer Support' started by Ron Goodenow, Dec 18, 2003.

  1. Ron Goodenow

    Ron Goodenow Guest

    I'm running three systems on a home net. Win98SE server, Win98SE client,
    XP client. Cable broadband. Netscape 7.1 on all systems. WinProxy
    software firewall on server.

    Every few hours the Worm_Swen.A virus is identified on my server,
    normally *.exe files identified as in either WinProxy's cache or the
    MXCYCLE directory in V-Com's Fix-It program by my virus checker,
    Trend-Micro, which is part of Fix-It. This seems to happen after I have
    gone on line with one of my client computers.

    I have:

    -run virus checker on all systems frequently, and on regular scans no
    virus is found.
    -run Symantec's Swen cleanup tool, which never finds the virus
    -run Computer Associate's tool, which does not identify any problem.
    -made sure that all messages possibly containing Swen are deleted
    -have checked to see if any strange programs running; never any
    indication of any
    -looked in my registry; can't find anything
    -have WinPatrol running on system; it never picks up new exe files
    -immediately upon identification of *.exe files, and before trying to
    clean them, tried to find them with the Windows find engine without any
    luck whatsoever. They seem invisible to everything but my virus checker.

    Any ideas on what could be going on here?

    Thanks.
     
    Ron Goodenow, Dec 18, 2003
    #1
    1. Advertising

  2. Ron Goodenow

    William Guest

    "Ron Goodenow" <> wrote in message
    news:...
    > I'm running three systems on a home net. Win98SE server, Win98SE client,
    > XP client. Cable broadband. Netscape 7.1 on all systems. WinProxy
    > software firewall on server.
    >
    > Every few hours the Worm_Swen.A virus is identified on my server,
    > normally *.exe files identified as in either WinProxy's cache or the
    > MXCYCLE directory in V-Com's Fix-It program by my virus checker,
    > Trend-Micro, which is part of Fix-It. This seems to happen after I have
    > gone on line with one of my client computers.
    >
    > I have:
    >
    > -run virus checker on all systems frequently, and on regular scans no
    > virus is found.
    > -run Symantec's Swen cleanup tool, which never finds the virus
    > -run Computer Associate's tool, which does not identify any problem.
    > -made sure that all messages possibly containing Swen are deleted
    > -have checked to see if any strange programs running; never any
    > indication of any
    > -looked in my registry; can't find anything
    > -have WinPatrol running on system; it never picks up new exe files
    > -immediately upon identification of *.exe files, and before trying to
    > clean them, tried to find them with the Windows find engine without any
    > luck whatsoever. They seem invisible to everything but my virus checker.
    >
    > Any ideas on what could be going on here?
    >
    > Thanks.
    >


    It may be hiding in XP's system restore.......I believe you need to turn off
    system restore, then run your virus protection.
     
    William, Dec 18, 2003
    #2
    1. Advertising

  3. Ron Goodenow

    Unk Guest

    If I remember right, you need to turn off XP's System Restore, delete all
    the previously saved restore points, reboot, then run your antivirus
    software. I remember reading somewhere that AV software can't remove virii
    from restore points.

    To disable System Restore, Click Start, Programs, Accessories, System Tools,
    System Restore, System Restore Settings, "System Restore" tab, and check the
    box. "Turn Off System Restore on all drives", click "Apply" and "OK".

    To delete previous restores Click Start, Accessories, System tools, Disk
    Cleanup, "More Options" tab, "System Restore" section, "Clean up" button,
    click Yes



    On Wed, 17 Dec 2003 22:46:15 -0500, Ron Goodenow <> wrote:

    >I'm running three systems on a home net. Win98SE server, Win98SE client,
    >XP client. Cable broadband. Netscape 7.1 on all systems. WinProxy
    >software firewall on server.
    >
    >Every few hours the Worm_Swen.A virus is identified on my server,
    >normally *.exe files identified as in either WinProxy's cache or the
    >MXCYCLE directory in V-Com's Fix-It program by my virus checker,
    >Trend-Micro, which is part of Fix-It. This seems to happen after I have
    >gone on line with one of my client computers.
    >
    >I have:
    >
    >-run virus checker on all systems frequently, and on regular scans no
    >virus is found.
    >-run Symantec's Swen cleanup tool, which never finds the virus
    >-run Computer Associate's tool, which does not identify any problem.
    >-made sure that all messages possibly containing Swen are deleted
    >-have checked to see if any strange programs running; never any
    >indication of any
    >-looked in my registry; can't find anything
    >-have WinPatrol running on system; it never picks up new exe files
    >-immediately upon identification of *.exe files, and before trying to
    >clean them, tried to find them with the Windows find engine without any
    >luck whatsoever. They seem invisible to everything but my virus checker.
    >
    >Any ideas on what could be going on here?
    >
    >Thanks.
     
    Unk, Dec 18, 2003
    #3
  4. Ron Goodenow

    Miggsee Guest

    Yup!
    http://support.microsoft.com/default.aspx?scid=kb;en-us;831829&Product=winxp

    "Unk" <> wrote in message
    news:...
    > If I remember right, you need to turn off XP's System Restore, delete all
    > the previously saved restore points, reboot, then run your antivirus
    > software. I remember reading somewhere that AV software can't remove virii
    > from restore points.
    >
    > To disable System Restore, Click Start, Programs, Accessories, System

    Tools,
    > System Restore, System Restore Settings, "System Restore" tab, and check

    the
    > box. "Turn Off System Restore on all drives", click "Apply" and "OK".
    >
    > To delete previous restores Click Start, Accessories, System tools, Disk
    > Cleanup, "More Options" tab, "System Restore" section, "Clean up" button,
    > click Yes
    >
    >
    >
    > On Wed, 17 Dec 2003 22:46:15 -0500, Ron Goodenow <>

    wrote:
    >
    > >I'm running three systems on a home net. Win98SE server, Win98SE client,
    > >XP client. Cable broadband. Netscape 7.1 on all systems. WinProxy
    > >software firewall on server.
    > >
    > >Every few hours the Worm_Swen.A virus is identified on my server,
    > >normally *.exe files identified as in either WinProxy's cache or the
    > >MXCYCLE directory in V-Com's Fix-It program by my virus checker,
    > >Trend-Micro, which is part of Fix-It. This seems to happen after I have
    > >gone on line with one of my client computers.
    > >
    > >I have:
    > >
    > >-run virus checker on all systems frequently, and on regular scans no
    > >virus is found.
    > >-run Symantec's Swen cleanup tool, which never finds the virus
    > >-run Computer Associate's tool, which does not identify any problem.
    > >-made sure that all messages possibly containing Swen are deleted
    > >-have checked to see if any strange programs running; never any
    > >indication of any
    > >-looked in my registry; can't find anything
    > >-have WinPatrol running on system; it never picks up new exe files
    > >-immediately upon identification of *.exe files, and before trying to
    > >clean them, tried to find them with the Windows find engine without any
    > >luck whatsoever. They seem invisible to everything but my virus checker.
    > >
    > >Any ideas on what could be going on here?
    > >
    > >Thanks.

    >
     
    Miggsee, Dec 18, 2003
    #4
  5. Ron Goodenow

    Greg M Guest

    If looking into the *Restore* suggestions doesn't handle the situation,
    try an online av scan.

    I highly recommend HouseCall, http://housecall.trendmicro.com/ by
    TrendMicro.

    Quite thorough.


    Or provided by Panda,

    http://www.pandasoftware.com/activescan/com/activescan_principal.htm

    <watch the wrap>

    Writes a report too IIRC.

    Ron Goodenow <> wrote in
    news::

    > I'm running three systems on a home net. Win98SE server, Win98SE
    > client, XP client. Cable broadband. Netscape 7.1 on all systems.
    > WinProxy software firewall on server.
    >
    > Every few hours the Worm_Swen.A virus is identified on my server,
    > normally *.exe files identified as in either WinProxy's cache or the
    > MXCYCLE directory in V-Com's Fix-It program by my virus checker,
    > Trend-Micro, which is part of Fix-It. This seems to happen after I
    > have gone on line with one of my client computers.
    >
    > I have:
    >
    > -run virus checker on all systems frequently, and on regular scans no
    > virus is found.
    > -run Symantec's Swen cleanup tool, which never finds the virus
    > -run Computer Associate's tool, which does not identify any problem.
    > -made sure that all messages possibly containing Swen are deleted
    > -have checked to see if any strange programs running; never any
    > indication of any
    > -looked in my registry; can't find anything
    > -have WinPatrol running on system; it never picks up new exe files
    > -immediately upon identification of *.exe files, and before trying to
    > clean them, tried to find them with the Windows find engine without
    > any luck whatsoever. They seem invisible to everything but my virus
    > checker.
    >
    > Any ideas on what could be going on here?
    >
    > Thanks.
    >




    --
    "Few things are harder to put
    up with than the annoyance of
    a good example."
    Mark Twain (1835-1910)
     
    Greg M, Dec 18, 2003
    #5
  6. Ron Goodenow

    Ron G Guest

    Thanks for help. I had disabled my XP system's Restore function to use
    one provided by Fix-It. I uninstalled Fix-It on server and clients and
    all ok. Reinstalled it on server and XP machine and problem reappeared
    as soon as I used the XP. I thought all previous settings had been
    removed but perhaps not, and so I will need to deal with the Fix-It
    people to see if they have a solution. I still welcome ideas!

    In messing around I screwed up Netscape, hence a different address on
    this message.

    /ron

    Greg M wrote:

    > If looking into the *Restore* suggestions doesn't handle the situation,
    > try an online av scan.
    >
    > I highly recommend HouseCall, http://housecall.trendmicro.com/ by
    > TrendMicro.
    >
    > Quite thorough.
    >
    >
    > Or provided by Panda,
    >
    > http://www.pandasoftware.com/activescan/com/activescan_principal.htm
    >
    > <watch the wrap>
    >
    > Writes a report too IIRC.
    >
    > Ron Goodenow <> wrote in
    > news::
    >
    >
    >>I'm running three systems on a home net. Win98SE server, Win98SE
    >>client, XP client. Cable broadband. Netscape 7.1 on all systems.
    >>WinProxy software firewall on server.
    >>
    >>Every few hours the Worm_Swen.A virus is identified on my server,
    >>normally *.exe files identified as in either WinProxy's cache or the
    >>MXCYCLE directory in V-Com's Fix-It program by my virus checker,
    >>Trend-Micro, which is part of Fix-It. This seems to happen after I
    >>have gone on line with one of my client computers.
    >>
    >>I have:
    >>
    >>-run virus checker on all systems frequently, and on regular scans no
    >>virus is found.
    >>-run Symantec's Swen cleanup tool, which never finds the virus
    >>-run Computer Associate's tool, which does not identify any problem.
    >>-made sure that all messages possibly containing Swen are deleted
    >>-have checked to see if any strange programs running; never any
    >>indication of any
    >>-looked in my registry; can't find anything
    >>-have WinPatrol running on system; it never picks up new exe files
    >>-immediately upon identification of *.exe files, and before trying to
    >>clean them, tried to find them with the Windows find engine without
    >>any luck whatsoever. They seem invisible to everything but my virus
    >>checker.
    >>
    >>Any ideas on what could be going on here?
    >>
    >>Thanks.
    >>

    >
    >
    >
    >
     
    Ron G, Dec 18, 2003
    #6
  7. Ron Goodenow

    Greg M Guest

    Sure. C00L.

    I have FixIt v4, the av is TrendMicro. Cna't say I've had any problems I
    didn't cause myself. <hah!>

    *Mike* made mention, somewheres, that the av might not, in a case I had,
    might not deem certain crap as a problem.

    Not to say you don't want to know everything, but I had some spew in a
    temp file and it also didn't report it.


    Ron G <> wrote in
    news::

    > Thanks for help. I had disabled my XP system's Restore function to
    > use one provided by Fix-It. I uninstalled Fix-It on server and
    > clients and all ok. Reinstalled it on server and XP machine and
    > problem reappeared as soon as I used the XP. I thought all previous
    > settings had been removed but perhaps not, and so I will need to deal
    > with the Fix-It people to see if they have a solution. I still
    > welcome ideas!
    >
    > In messing around I screwed up Netscape, hence a different address on
    > this message.
    >
    > /ron
    >
    > Greg M wrote:
    >
    >> If looking into the *Restore* suggestions doesn't handle the
    >> situation, try an online av scan.
    >>
    >> I highly recommend HouseCall, http://housecall.trendmicro.com/ by
    >> TrendMicro.
    >>
    >> Quite thorough.
    >>
    >>
    >> Or provided by Panda,
    >>
    >> http://www.pandasoftware.com/activescan/com/activescan_principal.htm


    --
    "Few things are harder to put
    up with than the annoyance of
    a good example."
    Mark Twain (1835-1910)
     
    Greg M, Dec 18, 2003
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?ISO-8859-1?Q?R=F4g=EAr?=

    Swen

    =?ISO-8859-1?Q?R=F4g=EAr?=, Sep 19, 2003, in forum: Computer Support
    Replies:
    2
    Views:
    685
  2. Boomer
    Replies:
    8
    Views:
    507
    Jimmy Dean
    Sep 20, 2003
  3. Michael Thompson

    Swen Worm

    Michael Thompson, Sep 19, 2003, in forum: Computer Support
    Replies:
    12
    Views:
    971
    Goonigoogoo
    Sep 20, 2003
  4. Thore Schmechtig
    Replies:
    17
    Views:
    832
    Gregg Dotoli
    Sep 27, 2003
  5. Thore Schmechtig

    [SWEN tiny FAQ] How to filter Swen mails with M$OE 6

    Thore Schmechtig, Sep 25, 2003, in forum: Computer Security
    Replies:
    19
    Views:
    616
    kd7sk
    Sep 27, 2003
Loading...

Share This Page