EICAR_test on a network

Toggle sidebar Toggle sidebar
DrPizza

DrPizza

Administrator Elite Member Goat Whisperer
Mar 5, 2001
49,601
167
111
www.slatebrookfarm.com
I'm on a network at school. From what I understand, Eicar_test is a test file to make sure your antivirus is operating - to make sure it finds it.

Everyone on our network is getting pop-up after pop-up alerting us to EICAR_test. We're in the middle of a huge transition from our old network administrator (ended last week) to a new network administrator (combining two positions & he's really better at the software/application end & getting teachers more integrated with technology.) Lots of other hands in the matter from outside the district to figure this "problem" out.

Anyone have a clue where the "eicar_test attack" could be coming from?? i.e. would it be coming from outside our network? Are our antivirus programs (AVG) configured wrong so that they're scanning the entire network & just not our personal machines, thus they keep finding this file somewhere?

They're clueless, I'm hoping someone on the forums here might have run into something like this before. (It'll make me a hero.)

I'm assuming this isn't enough information, but if it is & you can help,

Thanks.
-Tom (DrPizza)
 
S

seepy83

Platinum Member
Nov 12, 2003
2,132
3
71
(I've never used AVG)

When you get alerted, does it give you a path to the file? Even if it's not in the alert that pops up, check the Event Logs or any log that AVG writes to.

Like you said, it could be that the computers are configured incorrectly and they are scanning the entire network (or at least shares that they can access) and they are all alerting to the same file in the same place.

Without more details from the AVG alert, it's going to be hard to track down.
 
DrPizza

DrPizza

Administrator Elite Member Goat Whisperer
Mar 5, 2001
49,601
167
111
www.slatebrookfarm.com
Ahhh, the more useful information I probably could have provided:
Processname: C:\Windows\system32\svchost.exe

Soooo..... I'm stuck wondering which of the svchost processes, and which particular service under that process.
 
RebateMonger

RebateMonger

Elite Member
Dec 24, 2005
11,586
0
0
I know that, by default, Computer Associates' AV enterprise software does remote scanning of network shares and that can cause problems. I'd disable any network scanning feature of AVG and see if that fixes the problem. There's really not any need for it that I can think of if your servers and desktops all have their own AV running.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom