Hi,

My customer use Kaspersky Enterprise Space on his network.
Starting 22nd August, his email server ( using Windows Server 2003 R2 ) start to report several errors.
The error was various, application error or unable to locate component, & the file name that causing the error was TCPSOV101.exe, TCPSOV102.exe, qpbks.exe, icmudts.exe, uepw3bso.exe, etc.
I attached the screenshots here.
He didn't run those files, and when he google those files ( TCPSOV101.exe & TCPSPV102.exe ), only 1 result came out, the result from Antispyware software named PrevX, saying that these files was malware & their software ( PrevX 3.0 ) can clean them up.
This is the link : http://www.prevx.com/filenames/X7656554402...PSOV65.EXE.html

I'm quite confuse because :
1. No other information about this malware on Kaspersky or any other security vendor.
2. KAV installed on the email server did not report any problem, but his email server performance was slowing down & the internet traffic crowded with request to connect to websites ( mainly from China ).
3. Sometimes Internet Explorer suddenly active & wants to visit www.322311.com.cn )
His Kaspersky was up to date.
This looks like a malware has happening on his server but Kaspersky didn't respond or detect any attack.
What should I do ?

Thanks for the help & suggestion !

Hi,

Submit these files to the VirusLab: http://support.kaspersky.com/virlab/helpdesk.html
They will analyze them and add them to the antivirus databases if needed.

Hi Tybilly, I already ask him to send the files to Kaspersky HelpDesk.
Meanwhile he tried to use Norman Malware Cleaner, and detect :
- w32/smalltroj
- w32/Induct
- downloader.BT
I'm puzzled, because Kaspersky already had this malwares on their database, but why Kaspersky cannot detect it ?
But right now I'm still waiting for the files, quite curious...