Windows Thread, Annoying Virus (confick-E) in Technical; Sounds kinda how I feel with it at the mo, Sophos caught and "blocked" the autorun.inf on the USB sticks ...
25th March 2009, 12:10 PM #106
Sounds kinda how I feel with it at the mo, Sophos caught and "blocked" the autorun.inf on the USB sticks it found and there was 1 machine that got it but luckily the hardware went wrong the same day so it's out of service now
Killed autorun by GPO as well, amazing that not that many people seem to miss it, makes a change!
Really glad I did the paranoia run on the teaching machines during half term and admin machines are WSUS'ed now so fingers crossed... but you can never be 100% sure these days
IDG Tech News
25th March 2009, 12:17 PM #107
You should follow up the 'autorun.inf' detections as it may indicate secondary infections on home pcs and laptops.
25th March 2009, 12:23 PM #108
Yup we caught one near enough as it happened yesterday and spoke to the tutor afterwards, he's gonna warn the student about it next class and keep those USB sticks out of the PC, also will recommend cleanup tools.
Originally Posted by Geoff
If anything now I reckon the number of PCs in the botnet must be shrinking rather than growing as the amount of cleanup tools and savvy users is growing?
25th March 2009, 12:37 PM #109
The botnet stablised at around 10million infections some time ago.
25th March 2009, 03:38 PM #110
Seems like the botnet's looking like it'll be divided up and sold to spammers... and there was me thinking we could have an e-war on our hands
27th March 2009, 12:51 PM #111
- Rep Power
Hey sophos picks up the virus and on any PC or pen drive it will give me the "clean up" option and just go through and delete it. On the server that option is not available, it seems to be in a folder RECYCLE. Anyone know how I go about sophos removing it on the server. Cheers
27th March 2009, 03:17 PM #112
You just need to do a full scan i think! Although may take a good few hours depending on how much is on their.
Originally Posted by xeroxxe
Before you do the scan, click clear from list, so Sophos does a full rescan.
Or use the Microsoft Malicous Software remover, this got rid of it effectively for me.
30th March 2009, 09:11 PM #113
We've got Sunbelt Software VIPRE and have our DNS set to forward to OpenDNS.
Touch wood *knock knock* we've been relatively clean from viruses for some time. Once in a blue moon a browser hijack gets picked up but it's quickly cleaned out.
31st March 2009, 08:52 AM #114
Apparently its pretty easy to scan an entire network for conficker.
Slashdot | Taming Conficker, the Easy Way
Havn't actually seen an easy to use tool yet though.
31st March 2009, 09:08 AM #115
After a little delay and a false start or two the instructions for scannig for it using nmap are here: http://www.edugeek.net/forums/securi...free-easy.html
Originally Posted by ittech
There is also a scan and fix tool in that thread too but only for a single pc.
1st April 2009, 05:43 PM #116
Started a (late!) March SIMS upgrade at a school today. Flunks out half way through, lost the internet connection. Bugger.
In comes a frantic ICT Co-ordinator. Appears all the curriculum (CC3) computers have lost internet connection, with exception of 3 machines for some reason.
CC3 server, no internetty. Bridget Jones pants.
Hour of scanning the network, checking the servers and random machines with MSRT/symantecs scanner, nothing.
Noticed something playing funny buggers with the computers. Trying to load Google - IE was visibly attempting google.edu google.com.tw google.co.uk google.us google.de, every combination possible. Odd, not seen/noticed that before.
Turned out the DNS had decided to just die for absolutely no reason. Sorted that, and phoned the office to keep them updated.
Got a very elated and relieved manager, who informed me that she'd had to send out every member of staff in sight that knew what a computer was to help with several actual and active infections in our area :/ Not good. Just relieved I didn't have to run around like a maniac trying to sort this one out :|
1st April 2009, 05:50 PM #117
Heh, we survived. Long live Northants
2nd April 2009, 10:38 AM #118
Anyone else slightly disappointed that Conficker didn't being the world to a standstill yesterday?
Originally Posted by kmount
Not from a support point of view of course. I was however hoping to read about at least one PFI project that was brought to a halt due to the worm. (Cough Cough EDS/HP Cough Cough)
There is still time I suppose.
5th June 2009, 08:02 PM #119
Is there a way to set Sophos to delete the relevant files on USB Sticks etc automatically using on-access scan rather than having to manually initiate a full scan from console? We've just switched from Symantec to Sophos, and Symantec handled Conficker much better - if it found one of Conficker's autorun.inf files it deleted it immediately along with the RECYCLER folder created. Sophos just blocks access to them, but leaves them on the drive. Staff go home or elsewhere, and end up taking the virus with them - if wherever they go isn't protected then they just assist in spreading it. I'd rather it just killed it immediately on contact rather than just blocking it til a full scan is run...
5th June 2009, 08:26 PM #120
I would imagine if your machines are setup identically, then the usb stick would choose the same drive letter. therfore you could custom sophos to check the drive.
Originally Posted by Marci
By mattx in forum Jokes/Interweb Things
Last Post: 13th January 2009, 01:51 PM
By FN-GM in forum IT News
Last Post: 8th December 2008, 11:05 AM
By chrbb in forum Windows Vista
Last Post: 2nd September 2008, 02:10 PM
By firefox_2006 in forum Windows
Last Post: 7th April 2007, 08:14 PM
By GrumbleDook in forum Jokes/Interweb Things
Last Post: 12th July 2006, 01:09 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)