Windows Thread, New Virus? in Technical; Something is spreading round on our mapped/removable drives. Basically what it seems to do is shove itself in the root ...
10th October 2008, 12:46 PM #1
Something is spreading round on our mapped/removable drives. Basically what it seems to do is shove itself in the root of mapped/removable drives and setup an autorun so when you double click it minesweeper or notepad comes up. The file names are usually gibberish and are hidden system files.
Sophos doesnt seem to pick it up in its current state, which is troubling. It doesnt seem to do anything other then spread itself and setup the autoruns in the mapped/removable drive at the moment.
Anyone seen this?
10th October 2008, 12:47 PM #2
Look like it double posts as well.
I'll have a looksie around.
10th October 2008, 12:50 PM #3
Have you got a spare box where you can place one of the infected and run NOD32 / ESET on it. Malbytes AntiMalware is also worth running either before or afterwards.
Thanks to ninjabeaver from:
10th October 2008, 12:50 PM #4
10th October 2008, 12:51 PM #5
Yeah the virus is on a virtual machine at the moment and being tested
10th October 2008, 12:52 PM #6
10th October 2008, 01:00 PM #7
You could submit it to VirusTotal and see if anything picks it up.
VirusTotal - Free Online Virus and Malware Scan
If sophos isn't picking it up, and you've checked your sophos installation is up to date, submit it to them too. They usually get an IDE update out fairly quickly in response.
Sample submission form - Sophos
10th October 2008, 02:05 PM #8
Ok Thanks for all the input guys.. it turns out that Sophos did pick up the virus and cleaned it but thats all it did. It left the files behind so it was still doing the autorun thing but not propagating. I knew i seen a report about it before..
10th October 2008, 02:12 PM #9
We've had similar floating around our system for months now - our lack of anti-virus software makes eradicating it somewhat impossible (fortunately, our lack of a real network also stops it spreading that much... It's a feature, not a bug...). My latest plan is to make our reimaging system also do anti-virus with ClamAV - boot the machines into Linux, scan the NTFS partition, reboot into Windows. I plan to write a script to remove the autorun.inf cruft.
Originally Posted by apeo
By chrbb in forum Windows
Last Post: 26th January 2008, 01:57 PM
By karldenton in forum Web Development
Last Post: 21st November 2007, 12:56 PM
By jlr58 in forum Windows
Last Post: 27th June 2007, 09:06 PM
By sidewinder in forum Windows
Last Post: 9th February 2007, 03:31 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)