cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

FakeAV.LH virus detected on CPS 10d program files

Danielson
Level 3

‎10-27-2008 02:51 AM

My AV software (CA etrust) recently discovered the FakeAV.LH virus in the file c:\program files\veritas\continuous protection server\services\rxmsg.dll on our CPS 10d server.  I ran a scan and it was also detected in C:\Program Files\VERITAS\Continuous Protection Server\Install\data1.cab.  I then inserted the original CPS 10d installation cd and discovered that the infected file rxmsg.dll was included in the original data1.cab!!

 

When I pushed out the CPS agent to my servers, the infected data1.cab was used which means they are all infected too.  Has anyone else detected any variants of "fakeAV" in your CPS installation (rxmsg.dll) or is this some kind of false positive?

 

To clean it, I stopped the CPS services and scanned/cleaned the PF\veritas folder.

 

Thanks for any input.  Dan

0 Kudos
1 REPLY 1

Danielson
Level 3

‎10-27-2008 03:25 AM

I'm fairly sure this is a false positive because the original installation file on the cdrom was also detected as a virus.  In any case, my AV software actually removed the rxmsg.dll file which rendered my CPS installation unusable.  I excluded the pf\veritas\cps\services folder from the realtime scan and reextracted the rxmsg.dll back to this folder so now it's working again.

0 Kudos