Hello,
We have a small local area network running an SBS 2003 server with WFBS 6.0. I noticed a Trend Micro warning earlier today about the detection of a number of infected files - last count was about 3316. Commensurate with this was a drastic reduction of free space on the hard drive (C:) from about 3 GBS to 350 MBS.
The culprit appears to be WORM_MORTO.SM2 in the C:\Windows\Offline Web Pages\cache.txt . Just after the Trend Micro warning appeared I looked in My Computer C: Drive and noticed that this folder .... Offline Web page showed the current date (7.8.13 and about the time I noticed the Trend warning). Inside the folder was an icon named MyHome and its properties showed that it was synchronised to download Active X Components and image files.
I deleted all the quarantined files from the WFBS console. The quarantined files were located on our E: drive which is the repository for networked programmes. There are also a number of quarantined files (cache.txt*qtn)on the C: drive (Program Files\Trend Micro\Client Server Security Agent\Suspect\Backup.) Presumably I should delete these files manually in My Computer?
I highlighted all the quarantined files on the C: drive. There are 3294 objects but they only amount to 62 MBS which is hardly makes up for the missing 2.6 GBS of free space.
Looking on the Trend Micro website earlier on today, the WORM_MORTO.SM2 (http://about-threats.trendmicro.com/...WORM_MORTO.SM2) appears to be low-level malware. The first two steps are not possible on an SBS 2003 server - disable System Restore and run Trend Micro scanner in Safe Mode.
I would be grateful for best practices in resolving this issue.
Many thanks,
Mark
We have a small local area network running an SBS 2003 server with WFBS 6.0. I noticed a Trend Micro warning earlier today about the detection of a number of infected files - last count was about 3316. Commensurate with this was a drastic reduction of free space on the hard drive (C:) from about 3 GBS to 350 MBS.
The culprit appears to be WORM_MORTO.SM2 in the C:\Windows\Offline Web Pages\cache.txt . Just after the Trend Micro warning appeared I looked in My Computer C: Drive and noticed that this folder .... Offline Web page showed the current date (7.8.13 and about the time I noticed the Trend warning). Inside the folder was an icon named MyHome and its properties showed that it was synchronised to download Active X Components and image files.
I deleted all the quarantined files from the WFBS console. The quarantined files were located on our E: drive which is the repository for networked programmes. There are also a number of quarantined files (cache.txt*qtn)on the C: drive (Program Files\Trend Micro\Client Server Security Agent\Suspect\Backup.) Presumably I should delete these files manually in My Computer?
I highlighted all the quarantined files on the C: drive. There are 3294 objects but they only amount to 62 MBS which is hardly makes up for the missing 2.6 GBS of free space.
Looking on the Trend Micro website earlier on today, the WORM_MORTO.SM2 (http://about-threats.trendmicro.com/...WORM_MORTO.SM2) appears to be low-level malware. The first two steps are not possible on an SBS 2003 server - disable System Restore and run Trend Micro scanner in Safe Mode.
I would be grateful for best practices in resolving this issue.
Many thanks,
Mark