Hello everyone,

I recently had a user upload a malicious file to my server, the virus was "Worm.Tenga.A" according to ClamAV.

This virus looks like it spidered its way through my server, infecting just about every file on my Raid0 array, my root drive, and my samba drives.

ClamAV has detected 1249 infections across the whole system, and clam looks like it will only let me remove/quarantine each file 1-by-1.

My question to you guys is what would be a good software i would be able to install into the server to scan and remove all potential infections/threats?

Server is running CentOS 6.3 x64
Services that run on this system:
Webmin, Usermin, Samba, SSH, FTP, VPN, RDP, Apache, MySQL, Sendmail, and some others i cant think of at the moment.

Should i be worried about anything else on the system/network?

thanks in advance

Tenga / Gael targets PE, not ELF.


Whatever software you think your data is worth?


I think the nfo in http://www.f-secure.com/v-descs/tenga_a.shtml and http://www.securelist.com/en/descriptions/old88153 sums it up pretty much so make that a yes.

1 members found this post helpful.

A large security firm was called in to try to fix a government's office. The big firm did their normal load and try to clean and after a few days it kept failing. The solution offered was to turn off every computer (thousands) and reload it from scratch.

As to how to protect it is another matter. You can try one or two of the commercial products. None can fully protect a system from random users downloading what they please.

1 members found this post helpful.

thanks guys , that pretty much answers my question, i was hoping i wouldn't have to re-image the server but i dont mind doing so.

Most of the files that were on there were all personal files, the majority of the infection was in my two networked samaba drives, thats mainly where i keep all my files and installers, basically anything i like to keep but not on my own hard drive. Most of it i can re download it was there for my own convenience, but i can always re download what i had.

most of the files on my server were portable exe's, game patches, setup files, drivers and what not. i did notice in the scan tho that there were more than just exe's that got infected. im just hope it didnt get into my pictures.

The server is basically a small home hosted webserver/game server(s). One of the users of a server i was renting out uploaded what looked like an addon to a game server but actually did some damage.

I thought AVG was giving me false positives the past few days, i just opened one of my mapped samba drives and AVG said every file and folder had an infection, i found it hard to believe until i ran clam on the server its self.

I guess ill just get the thing offline start looking through what i need the most and start from scratch..
i might also re-install windows on the several pc's i had mapped to that server. Should be a fun weekend.

Once again, thanks for the help!