 | Register | FAQ | Members | Social Groups | User Map | Calendar | Search | Today's Posts | Mark Forums Read |
| Notices |
Windows
Windows forum sponsored by |
 | ||
W32/SillyFDC-D virus infecting pen drives
| ||
 |
| |  | LinkBack | Thread Tools | Search Thread | Language |
| Sponsored Links |
07-12-2007, 12:43 AM
| #1 |
  Join Date: Feb 2007 Location: blackpool
Posts: 21
Thanks: 0
Thanked 1 Time in 1 Post
Rep Power: 0  |  W32/SillyFDC-D virus infecting pen drives Sophos detects the virus and quarantines it after a full system scan, but has no option to delete it. This virus seems to be spreading via autorun.inf on any pen drive plugged into any infected computer uninfected computers instantly get infected. After a full system scan from within windows the virus is then put into quarantine but remains on the pen drive ready to infect the next unfortunate laptop or computer it is plugged into to. How do I check all the computers on the network for this worm virus when the system is running as a peer to peer network with no server to run enterprise console on? Without having to manually fix 80+ possibly infected computers! I have looked on the Sophos website the fix looks like it might take 30-60mins per machine. What should I do please help. |
 |
|
07-12-2007, 10:23 AM
| #2 |
 Join Date: Jul 2006 Location: South Yorkshire
Posts: 2,722
  Thanks: 103
Thanked 96 Times in 76 Posts
Rep Power: 29  | Re: W32/SillyFDC-D virus infecting pen drives Wouldn't the registry fix to turn off auto-run have the desired effect? Not sure how you do that on a pendrive but that might give you an idea for a possible solution. |
| |
|
07-12-2007, 10:30 AM
| #3 |
| Join Date: Jul 2006 Location: South Yorkshire
Posts: 2,722
Thanks: 103
Thanked 96 Times in 76 Posts
Rep Power: 29 | Re: W32/SillyFDC-D virus infecting pen drives Found what I was looking for... Technet :: Disables the Autoplay feature on all drives of the type specified |
| |
|
07-12-2007, 12:22 PM
| #4 |
 Join Date: Apr 2007 Location: norfolk
Posts: 115
 Thanks: 2
Thanked 1 Time in 1 Post
Rep Power: 0 | Re: W32/SillyFDC-D virus infecting pen drives Disabling autoplay is not a fix sadly. A more robust solution is here: One quick trick prevents AutoRun attacks |
| |
|
07-12-2007, 04:45 PM
| #5 |
| Join Date: Feb 2007 Location: blackpool
Posts: 21
Thanks: 0
Thanked 1 Time in 1 Post
Rep Power: 0 | Re: W32/SillyFDC-D virus infecting pen drives Thanks for the quick replys I will be using the reg fix but what do I do now with the 80 that may be already infected when sophos will not remove it itself why did it not stop it itself on the way in ? Have I missed something or do you need enterprise to set no access to viruses instead of just letting them in. |
| |
|
07-12-2007, 05:15 PM
| #6 |
 Join Date: Nov 2007 Location: Bedfordshire, UK
Posts: 420
Thanks: 22
Thanked 7 Times in 7 Posts
Rep Power: 4 | Re: W32/SillyFDC-D virus infecting pen drives We had the same thing happen here selu. No idea why sophos didnt catch it (it does now), but it casued total havok here for a few days! We eventually got rid of it by going to each infected computer/laptop (including staff and pupil laptops too), and doing the following; Open a cmd prompt, and type; del C:\autorun.* /f /a /s /q this removed the file and gave access back to the infected drive. Next, open regedit and go to HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run look for any entries marked with "avpo.exe" and delete them. lastly, do a registry search for "netde1ect.com" (notel thats a ONE, NOT a T!) and delete any entries you find. 1 machine clean. 79 to go  We had about 120 to do here, took the best part of 3 days.Oh, and if I were you, I'd make a very stern warning not to use USB memory sticks until you have finished every machine! Hope that helps! Pete oh, almolst forgot, you'll need to change the del C:\ to whatever drive letter a usb stick is given to clean the sticks as well! |
| |
|
07-12-2007, 08:23 PM
| #7 |
| Join Date: Feb 2007 Location: blackpool
Posts: 21
Thanks: 0
Thanked 1 Time in 1 Post
Rep Power: 0 | Pete you r the man Thanks this is the answer I was expecting loads of work. Will post results. No more infections via this door since I presume? |
| |
|
07-12-2007, 08:50 PM
| #9 |
| Join Date: Feb 2007 Location: blackpool
Posts: 21
Thanks: 0
Thanked 1 Time in 1 Post
Rep Power: 0 | Re: W32/SillyFDC-D virus infecting pen drives Thanks Pete this is the answer I was expecting loads of work. Will post results. No more infections via this door since I presume? |
| |
|
07-12-2007, 08:54 PM
| #10 |
| Join Date: Feb 2007 Location: blackpool
Posts: 21
Thanks: 0
Thanked 1 Time in 1 Post
Rep Power: 0 | Re: Pete you r the man Sorry can this be deleted? |
| |
|
07-12-2007, 08:58 PM
| #11 |
  Join Date: Jun 2007 Location: Rochdale, Lancashire
Posts: 4,927
Thanks: 157
Thanked 162 Times in 156 Posts
Rep Power: 38 | Re: Pete you r the man Was this suposed to be a PM or something? |
| |
|
07-12-2007, 09:01 PM
| #12 |
| Join Date: Feb 2007 Location: blackpool
Posts: 21
Thanks: 0
Thanked 1 Time in 1 Post
Rep Power: 0 | Re: Pete you r the man No i managed to create a new thread by accident. I have corrected it but now need a moderator to remove this as its not relevent to anything . Steve |
| |
|
07-12-2007, 09:53 PM
| #13 |
| Join Date: Jun 2007 Location: Rochdale, Lancashire
Posts: 4,927
Thanks: 157
Thanked 162 Times in 156 Posts
Rep Power: 38 | Re: Pete you r the man Oh right easy mistake to make they will probably lock the topic instead. Z |
| |
|
07-12-2007, 11:35 PM
| #14 |
  Join Date: Jun 2005 Location: East Lancs
Posts: 3,921
 Thanks: 2
Thanked 37 Times in 31 Posts
Rep Power: 21 | Re: W32/SillyFDC-D virus infecting pen drives Post merged let the confusion cease! |
| |
|
08-12-2007, 12:30 AM
| #15 |
| Join Date: Feb 2007 Location: blackpool
Posts: 21
Thanks: 0
Thanked 1 Time in 1 Post
Rep Power: 0 | Re: W32/SillyFDC-D virus infecting pen drives Batch file *********************** del C:\autorun.* /f /a /s /q delrun.reg fix.reg del k:\autorun.* /f /a /s /q *********************** Fix reg file ----------------------------------------------------- Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MSFS] "Installed"="1" -------------------------------------------------------------------------------------- Delrun.reg file ---------------------------------------------------------- Windows Registry Editor Version 5.00 -HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\ -------------------------------------------------------------------------------- All works but delreg file wont delete the run key what am I doing wrong ? I recon this might fix it via a login script if i can get it to delete the whole run folder |
| |
|
 Register now for FREE and post messages! |
|
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Website Virus | karldenton | Web Development | 6 | 21-11-2007 12:56 PM |
| Virus Question | jlr58 | Windows | 2 | 27-06-2007 08:06 PM |
| Virus False Positive? | nawbus | Windows | 3 | 25-04-2007 08:02 AM |
| Possible virus spreading? | sidewinder | Windows | 4 | 09-02-2007 03:31 PM |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | Search Thread |
|
|
