+ Post New Thread
Results 1 to 4 of 4
General Chat Thread, Virus Help in General; looks like i have a little bug on the system wooo its the hott cold usb virus. i have it ...
  1. #1
    gibbo_ap's Avatar
    Join Date
    Nov 2007
    Location
    Staffs, UK
    Posts
    937
    Thank Post
    233
    Thanked 81 Times in 64 Posts
    Rep Power
    36

    Virus Help

    looks like i have a little bug on the system wooo

    its the hott cold usb virus. i have it on several stations (must have) including mine

    doesnt to much (as far as i can tell) other that make a usb drive appear as a folder.

    any ideas ??? btw i have done a rebuild of all stations in school due to another unrelated problem

  2. #2

    Join Date
    Feb 2006
    Location
    Derbyshire
    Posts
    1,381
    Thank Post
    181
    Thanked 211 Times in 171 Posts
    Rep Power
    65
    Disable USB autorun on all machines, upload a sample to VirusTotal to confirm the name/variant of the virus then a quick google for removal instructions. Can't do much if it's coming from an external source eg. infected staff home PC as they'll keep bringing their stick back in infected again - just need to make sure your AV is up to date and catching it properly to remove it.

    Only other handy trick I picked up which trips up a lot of USB viruses is creating a folder called Autorun.inf in the root of uninfected drives to 'innoculate' them - not a magic bullet but a lot of the code only checks for a file called autorun.inf to replace and implodes when it tries to remove a folder of the same name. Doing this to one of your own sticks means you can at least plug it into several machines to run a removal tool without having to remember to disinfect between each machine.

  3. Thanks to OutToLunch from:

    36Degrees (21st May 2010)

  4. #3
    36Degrees's Avatar
    Join Date
    Jan 2010
    Location
    Nottingham
    Posts
    1,059
    Thank Post
    165
    Thanked 152 Times in 123 Posts
    Rep Power
    52
    That explains why my trick didn't work - I was told to create my own file called autorun.inf!

    We have had a few cases of the W32/SillyFDC-AJ worm in school this week which I think was originally brought into school by a PGCE student ("my laptop at home is broken" turned into "my laptop at home is infested with viruses" after a few questions!). That creates an autorun.inf so we always have to use attrib after the main disinfection to remove that file.

  5. #4

    synaesthesia's Avatar
    Join Date
    Jan 2009
    Location
    Northamptonshire
    Posts
    5,883
    Thank Post
    575
    Thanked 1,000 Times in 772 Posts
    Blog Entries
    15
    Rep Power
    461
    Also check for exe files : usually on the root of the USB drive (hidden) called setup.exe or explorer.exe, and again in the root of the C:\ drive. If these exist, there's usually going to be a couple of exe files in c:\windows\system32 - the first called cffmon.exe and the other has a random name. They will usually be 424kb in size though. You can either delete these with a live linux CD or a bartPE bootalbe windows environment or if anyone's interested I've a little batch file which does it effectively all for you, as well as turning off USB autorunning in registry and creating dummy folders in place (as above, autorun.inf and also the .exe files in the relevant places as a double whammy).
    If anyone wants it (just a .zip with .reg snippet, the batch file and a couple of exes from the win2k3 dev thingy) drop me a PM. Made life so much easier for me when someone infected the part of our LEA where staff share their resources and favoured virus

SHARE:
+ Post New Thread

Similar Threads

  1. Anti Virus
    By rhr in forum Our Advertisers
    Replies: 4
    Last Post: 15th February 2010, 07:05 AM
  2. Virus or No Virus?
    By gmiller in forum Mac
    Replies: 8
    Last Post: 24th September 2009, 08:29 AM
  3. New Virus?
    By apeo in forum Windows
    Replies: 8
    Last Post: 10th October 2008, 01:12 PM
  4. Virus Question
    By jlr58 in forum Windows
    Replies: 2
    Last Post: 27th June 2007, 08:06 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •