+ Post New Thread
Results 1 to 9 of 9
Windows Thread, New Virus? in Technical; Something is spreading round on our mapped/removable drives. Basically what it seems to do is shove itself in the root ...
  1. #1
    apeo's Avatar
    Join Date
    Sep 2005
    Location
    Lost
    Posts
    1,612
    Thank Post
    95
    Thanked 115 Times in 111 Posts
    Rep Power
    41

    New Virus?

    Something is spreading round on our mapped/removable drives. Basically what it seems to do is shove itself in the root of mapped/removable drives and setup an autorun so when you double click it minesweeper or notepad comes up. The file names are usually gibberish and are hidden system files.

    Sophos doesnt seem to pick it up in its current state, which is troubling. It doesnt seem to do anything other then spread itself and setup the autoruns in the mapped/removable drive at the moment.

    Anyone seen this?

  2. #2
    ninjabeaver's Avatar
    Join Date
    Jun 2005
    Location
    Norfolk
    Posts
    1,087
    Thank Post
    182
    Thanked 100 Times in 88 Posts
    Rep Power
    46
    Look like it double posts as well.

    I'll have a looksie around.

  3. #3
    ninjabeaver's Avatar
    Join Date
    Jun 2005
    Location
    Norfolk
    Posts
    1,087
    Thank Post
    182
    Thanked 100 Times in 88 Posts
    Rep Power
    46
    Have you got a spare box where you can place one of the infected and run NOD32 / ESET on it. Malbytes AntiMalware is also worth running either before or afterwards.

  4. Thanks to ninjabeaver from:

    apeo (10th October 2008)

  5. #4

    mattx's Avatar
    Join Date
    Jan 2007
    Posts
    9,236
    Thank Post
    1,057
    Thanked 1,067 Times in 624 Posts
    Rep Power
    740
    Something like this you mean ?

    MAL_OTORUN1 - Description and solution

  6. Thanks to mattx from:

    apeo (10th October 2008)

  7. #5
    apeo's Avatar
    Join Date
    Sep 2005
    Location
    Lost
    Posts
    1,612
    Thank Post
    95
    Thanked 115 Times in 111 Posts
    Rep Power
    41
    Yeah the virus is on a virtual machine at the moment and being tested

  8. #6
    ninjabeaver's Avatar
    Join Date
    Jun 2005
    Location
    Norfolk
    Posts
    1,087
    Thank Post
    182
    Thanked 100 Times in 88 Posts
    Rep Power
    46
    Quote Originally Posted by apeo View Post
    Yeah the virus is on a virtual machine at the moment and being tested
    **Suspicious noteped.exe and AutoRun.inf files** - Wilders Security Forums

    May be?

  9. #7

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,802
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    You could submit it to VirusTotal and see if anything picks it up.

    VirusTotal - Free Online Virus and Malware Scan

    If sophos isn't picking it up, and you've checked your sophos installation is up to date, submit it to them too. They usually get an IDE update out fairly quickly in response.

    Sample submission form - Sophos

  10. Thanks to Geoff from:

    apeo (10th October 2008)

  11. #8
    apeo's Avatar
    Join Date
    Sep 2005
    Location
    Lost
    Posts
    1,612
    Thank Post
    95
    Thanked 115 Times in 111 Posts
    Rep Power
    41
    Ok Thanks for all the input guys.. it turns out that Sophos did pick up the virus and cleaned it but thats all it did. It left the files behind so it was still doing the autorun thing but not propagating. I knew i seen a report about it before..

  12. #9

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,611
    Thank Post
    1,226
    Thanked 772 Times in 670 Posts
    Rep Power
    234
    Quote Originally Posted by apeo View Post
    Something is spreading round on our mapped/removable drives. Basically what it seems to do is shove itself in the root of mapped/removable drives and setup an autorun so when you double click it minesweeper or notepad comes up. The file names are usually gibberish and are hidden system files.
    We've had similar floating around our system for months now - our lack of anti-virus software makes eradicating it somewhat impossible (fortunately, our lack of a real network also stops it spreading that much... It's a feature, not a bug...). My latest plan is to make our reimaging system also do anti-virus with ClamAV - boot the machines into Linux, scan the NTFS partition, reboot into Windows. I plan to write a script to remove the autorun.inf cruft.

    --
    David Hicks

SHARE:
+ Post New Thread

Similar Threads

  1. virus on server
    By chrbb in forum Windows
    Replies: 6
    Last Post: 26th January 2008, 12:57 PM
  2. Website Virus
    By karldenton in forum Web Development
    Replies: 6
    Last Post: 21st November 2007, 11:56 AM
  3. Virus Question
    By jlr58 in forum Windows
    Replies: 2
    Last Post: 27th June 2007, 08:06 PM
  4. Possible virus spreading?
    By sidewinder in forum Windows
    Replies: 4
    Last Post: 9th February 2007, 02:31 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •