Q: I was analyzing the 30 days malware log file and found hundreds of "BKDR_Generic.DIT" and "TROJ_Generic.DIT" which stated questionable action result - Passed Potential Security Risk. I am sure that I have already enabled Generic Detection by adding few lines in the ofcscan.ini. Anything to worry about?
A: You have done the right thing by enabling generic detection. The purpose of this detection is to make us aware that there is a certain file that is posing some threats. There is a big possibility that this is malicious file. We are just letting it pass because we do not have still an enhanced clean pattern for that one. If we quarantine or delete that file, it is very risky. Why? It is because the file could be a system file or a .dll file that is an important file on Windows. If we quarantine/delete it, there is a chance that your Windows will hang or even BSOD.
The moment you are aware of such generic virus. The next step is to collect them. Compress the files using WinZip and put a password: virus. Send the sample files to us and we will create an enhanced pattern file for you. Also, it will be much better if you use our SIC Tool to further analyze your system for other infections. Then send the sic logs and suspect.zip. Furthermore, send the Virus logs for us to know who are being infected and find the PC that is the one infecting the system.
I hope this helps.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment