+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 19
Windows Thread, W32/SillyFDC-D virus infecting pen drives in Technical; W32/SillyFDC-D virus infecting pen drives and computers Sophos detects the virus and quarantines it after a full system scan, but ...
  1. #1
    selu's Avatar
    Join Date
    Feb 2007
    Location
    blackpool
    Posts
    37
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0

    W32/SillyFDC-D virus infecting pen drives

    W32/SillyFDC-D virus infecting pen drives and computers

    Sophos detects the virus and quarantines it after a full system scan, but has no option to delete it.

    This virus seems to be spreading via autorun.inf on any pen drive plugged into any infected computer uninfected computers instantly get infected.

    After a full system scan from within windows the virus is then put into quarantine but remains on the pen drive ready to infect the next unfortunate laptop or computer it is plugged into to.

    How do I check all the computers on the network for this worm virus when the system is running as a peer to peer network with no server to run enterprise console on?

    Without having to manually fix 80+ possibly infected computers! I have looked on the Sophos website the fix looks like it might take 30-60mins per machine.
    What should I do please help.

  2. #2
    contink's Avatar
    Join Date
    Jul 2006
    Location
    South Yorkshire
    Posts
    3,791
    Thank Post
    303
    Thanked 327 Times in 233 Posts
    Rep Power
    118

    Re: W32/SillyFDC-D virus infecting pen drives

    Wouldn't the registry fix to turn off auto-run have the desired effect?

    Not sure how you do that on a pendrive but that might give you an idea for a possible solution.

  3. #3
    contink's Avatar
    Join Date
    Jul 2006
    Location
    South Yorkshire
    Posts
    3,791
    Thank Post
    303
    Thanked 327 Times in 233 Posts
    Rep Power
    118

    Re: W32/SillyFDC-D virus infecting pen drives


  4. #4
    ChrisP's Avatar
    Join Date
    Apr 2007
    Location
    norfolk
    Posts
    150
    Thank Post
    4
    Thanked 8 Times in 8 Posts
    Rep Power
    16

    Re: W32/SillyFDC-D virus infecting pen drives

    Disabling autoplay is not a fix sadly.

    A more robust solution is here: One quick trick prevents AutoRun attacks

  5. #5
    selu's Avatar
    Join Date
    Feb 2007
    Location
    blackpool
    Posts
    37
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Re: W32/SillyFDC-D virus infecting pen drives

    Thanks for the quick replys I will be using the reg fix but what do I do now with the 80 that may be already infected when sophos will not remove it itself why did it not stop it itself on the way in ? Have I missed something or do you need enterprise to set no access to viruses instead of just letting them in.

  6. #6
    Pete10141748's Avatar
    Join Date
    Nov 2007
    Posts
    1,365
    Thank Post
    106
    Thanked 220 Times in 130 Posts
    Rep Power
    86

    Re: W32/SillyFDC-D virus infecting pen drives

    We had the same thing happen here selu. No idea why sophos didnt catch it (it does now), but it casued total havok here for a few days!

    We eventually got rid of it by going to each infected computer/laptop (including staff and pupil laptops too), and doing the following;


    Open a cmd prompt, and type;
    del C:\autorun.* /f /a /s /q

    this removed the file and gave access back to the infected drive.

    Next, open regedit and go to
    HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run

    look for any entries marked with "avpo.exe" and delete them.

    lastly, do a registry search for "netde1ect.com" (notel thats a ONE, NOT a T!) and delete any entries you find.

    1 machine clean. 79 to go We had about 120 to do here, took the best part of 3 days.

    Oh, and if I were you, I'd make a very stern warning not to use USB memory sticks until you have finished every machine!

    Hope that helps!

    Pete


    oh, almolst forgot, you'll need to change the del C:\ to whatever drive letter a usb stick is given to clean the sticks as well!

  7. #7
    selu's Avatar
    Join Date
    Feb 2007
    Location
    blackpool
    Posts
    37
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Pete you r the man

    Thanks this is the answer I was expecting loads of work.
    Will post results. No more infections via this door since I presume?

  8. #8

    webman's Avatar
    Join Date
    Nov 2005
    Location
    North East England
    Posts
    8,403
    Thank Post
    637
    Thanked 961 Times in 661 Posts
    Blog Entries
    2
    Rep Power
    319

    Re: Pete you r the man

    Fantastic.

    Oh, it's this thread

  9. #9
    selu's Avatar
    Join Date
    Feb 2007
    Location
    blackpool
    Posts
    37
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Re: W32/SillyFDC-D virus infecting pen drives

    Thanks Pete this is the answer I was expecting loads of work.
    Will post results. No more infections via this door since I presume?

  10. #10
    selu's Avatar
    Join Date
    Feb 2007
    Location
    blackpool
    Posts
    37
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Re: Pete you r the man

    Sorry can this be deleted?

  11. #11

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,839
    Thank Post
    876
    Thanked 1,677 Times in 1,459 Posts
    Blog Entries
    12
    Rep Power
    444

    Re: Pete you r the man

    Was this suposed to be a PM or something?

  12. #12
    selu's Avatar
    Join Date
    Feb 2007
    Location
    blackpool
    Posts
    37
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Re: Pete you r the man

    No i managed to create a new thread by accident. I have corrected it but now need a moderator to remove this as its not relevent to anything .
    Steve

  13. #13

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,839
    Thank Post
    876
    Thanked 1,677 Times in 1,459 Posts
    Blog Entries
    12
    Rep Power
    444

    Re: Pete you r the man

    Oh right easy mistake to make they will probably lock the topic instead.

    Z

  14. #14
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    4,999
    Thank Post
    120
    Thanked 280 Times in 258 Posts
    Rep Power
    106

    Re: W32/SillyFDC-D virus infecting pen drives

    Post merged let the confusion cease!

  15. #15
    selu's Avatar
    Join Date
    Feb 2007
    Location
    blackpool
    Posts
    37
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Re: W32/SillyFDC-D virus infecting pen drives

    Batch file
    ***********************
    del C:\autorun.* /f /a /s /q
    delrun.reg
    fix.reg
    del k:\autorun.* /f /a /s /q
    ***********************

    Fix reg file
    -----------------------------------------------------
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    @=""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MSFS]
    "Installed"="1"

    --------------------------------------------------------------------------------------


    Delrun.reg file
    ----------------------------------------------------------
    Windows Registry Editor Version 5.00

    -HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\

    --------------------------------------------------------------------------------

    All works but delreg file wont delete the run key what am I doing wrong ?
    I recon this might fix it via a login script if i can get it to delete the whole run folder

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Website Virus
    By karldenton in forum Web Development
    Replies: 6
    Last Post: 21st November 2007, 11:56 AM
  2. Virus Question
    By jlr58 in forum Windows
    Replies: 2
    Last Post: 27th June 2007, 08:06 PM
  3. Virus False Positive?
    By nawbus in forum Windows
    Replies: 3
    Last Post: 25th April 2007, 08:02 AM
  4. Possible virus spreading?
    By sidewinder in forum Windows
    Replies: 4
    Last Post: 9th February 2007, 02:31 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •