+ Post New Thread
Page 8 of 9 FirstFirst ... 456789 LastLast
Results 106 to 120 of 121
Windows Thread, Annoying Virus (confick-E) in Technical; Sounds kinda how I feel with it at the mo, Sophos caught and "blocked" the autorun.inf on the USB sticks ...
  1. #106
    gshaw's Avatar
    Join Date
    Sep 2007
    Location
    Essex
    Posts
    2,716
    Thank Post
    175
    Thanked 227 Times in 209 Posts
    Rep Power
    68
    Sounds kinda how I feel with it at the mo, Sophos caught and "blocked" the autorun.inf on the USB sticks it found and there was 1 machine that got it but luckily the hardware went wrong the same day so it's out of service now

    Killed autorun by GPO as well, amazing that not that many people seem to miss it, makes a change!

    Really glad I did the paranoia run on the teaching machines during half term and admin machines are WSUS'ed now so fingers crossed... but you can never be 100% sure these days

  2. #107

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,850
    Thank Post
    110
    Thanked 598 Times in 514 Posts
    Blog Entries
    1
    Rep Power
    227
    You should follow up the 'autorun.inf' detections as it may indicate secondary infections on home pcs and laptops.

  3. #108
    gshaw's Avatar
    Join Date
    Sep 2007
    Location
    Essex
    Posts
    2,716
    Thank Post
    175
    Thanked 227 Times in 209 Posts
    Rep Power
    68
    Quote Originally Posted by Geoff View Post
    You should follow up the 'autorun.inf' detections as it may indicate secondary infections on home pcs and laptops.
    Yup we caught one near enough as it happened yesterday and spoke to the tutor afterwards, he's gonna warn the student about it next class and keep those USB sticks out of the PC, also will recommend cleanup tools.

    If anything now I reckon the number of PCs in the botnet must be shrinking rather than growing as the amount of cleanup tools and savvy users is growing?

  4. #109

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,850
    Thank Post
    110
    Thanked 598 Times in 514 Posts
    Blog Entries
    1
    Rep Power
    227
    The botnet stablised at around 10million infections some time ago.

  5. #110
    gshaw's Avatar
    Join Date
    Sep 2007
    Location
    Essex
    Posts
    2,716
    Thank Post
    175
    Thanked 227 Times in 209 Posts
    Rep Power
    68
    Seems like the botnet's looking like it'll be divided up and sold to spammers... and there was me thinking we could have an e-war on our hands

  6. #111

    Join Date
    Mar 2009
    Location
    Lancashire
    Posts
    23
    Thank Post
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Hey sophos picks up the virus and on any PC or pen drive it will give me the "clean up" option and just go through and delete it. On the server that option is not available, it seems to be in a folder RECYCLE. Anyone know how I go about sophos removing it on the server. Cheers

  7. #112
    mullet_man's Avatar
    Join Date
    Oct 2005
    Location
    Oldham
    Posts
    738
    Thank Post
    35
    Thanked 48 Times in 46 Posts
    Rep Power
    28
    Quote Originally Posted by xeroxxe View Post
    Hey sophos picks up the virus and on any PC or pen drive it will give me the "clean up" option and just go through and delete it. On the server that option is not available, it seems to be in a folder RECYCLE. Anyone know how I go about sophos removing it on the server. Cheers
    You just need to do a full scan i think! Although may take a good few hours depending on how much is on their.

    Before you do the scan, click clear from list, so Sophos does a full rescan.

    Or use the Microsoft Malicous Software remover, this got rid of it effectively for me.

  8. #113
    jc1875's Avatar
    Join Date
    Feb 2009
    Posts
    128
    Thank Post
    9
    Thanked 23 Times in 19 Posts
    Rep Power
    15
    We've got Sunbelt Software VIPRE and have our DNS set to forward to OpenDNS.
    Touch wood *knock knock* we've been relatively clean from viruses for some time. Once in a blue moon a browser hijack gets picked up but it's quickly cleaned out.

  9. #114
    zag
    zag is offline
    zag's Avatar
    Join Date
    Mar 2007
    Posts
    3,964
    Thank Post
    971
    Thanked 463 Times in 390 Posts
    Blog Entries
    12
    Rep Power
    95
    Apparently its pretty easy to scan an entire network for conficker.

    Slashdot | Taming Conficker, the Easy Way

    Havn't actually seen an easy to use tool yet though.

  10. #115

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,270
    Thank Post
    884
    Thanked 2,747 Times in 2,321 Posts
    Blog Entries
    11
    Rep Power
    785
    Quote Originally Posted by ittech View Post
    Apparently its pretty easy to scan an entire network for conficker.

    Slashdot | Taming Conficker, the Easy Way

    Havn't actually seen an easy to use tool yet though.
    After a little delay and a false start or two the instructions for scannig for it using nmap are here: http://www.edugeek.net/forums/securi...free-easy.html

    There is also a scan and fix tool in that thread too but only for a single pc.

  11. #116

    synaesthesia's Avatar
    Join Date
    Jan 2009
    Location
    Northamptonshire
    Posts
    6,383
    Thank Post
    613
    Thanked 1,135 Times in 869 Posts
    Blog Entries
    15
    Rep Power
    497
    Started a (late!) March SIMS upgrade at a school today. Flunks out half way through, lost the internet connection. Bugger.
    In comes a frantic ICT Co-ordinator. Appears all the curriculum (CC3) computers have lost internet connection, with exception of 3 machines for some reason.
    Pants.
    CC3 server, no internetty. Bridget Jones pants.
    Hour of scanning the network, checking the servers and random machines with MSRT/symantecs scanner, nothing.
    Noticed something playing funny buggers with the computers. Trying to load Google - IE was visibly attempting google.edu google.com.tw google.co.uk google.us google.de, every combination possible. Odd, not seen/noticed that before.

    Turned out the DNS had decided to just die for absolutely no reason. Sorted that, and phoned the office to keep them updated.

    Got a very elated and relieved manager, who informed me that she'd had to send out every member of staff in sight that knew what a computer was to help with several actual and active infections in our area :/ Not good. Just relieved I didn't have to run around like a maniac trying to sort this one out :|

  12. #117


    Join Date
    Feb 2007
    Location
    Northamptonshire
    Posts
    4,703
    Thank Post
    352
    Thanked 806 Times in 721 Posts
    Rep Power
    348
    Heh, we survived. Long live Northants

  13. #118
    AyatollahPies's Avatar
    Join Date
    Jan 2008
    Location
    Earth
    Posts
    900
    Thank Post
    48
    Thanked 105 Times in 95 Posts
    Rep Power
    42
    Quote Originally Posted by kmount View Post
    Heh, we survived. Long live Northants
    Anyone else slightly disappointed that Conficker didn't being the world to a standstill yesterday?

    Not from a support point of view of course. I was however hoping to read about at least one PFI project that was brought to a halt due to the worm. (Cough Cough EDS/HP Cough Cough)

    There is still time I suppose.

  14. #119
    Marci's Avatar
    Join Date
    Jun 2008
    Location
    Wakefield, West Yorkshire
    Posts
    896
    Thank Post
    84
    Thanked 235 Times in 194 Posts
    Rep Power
    83
    Is there a way to set Sophos to delete the relevant files on USB Sticks etc automatically using on-access scan rather than having to manually initiate a full scan from console? We've just switched from Symantec to Sophos, and Symantec handled Conficker much better - if it found one of Conficker's autorun.inf files it deleted it immediately along with the RECYCLER folder created. Sophos just blocks access to them, but leaves them on the drive. Staff go home or elsewhere, and end up taking the virus with them - if wherever they go isn't protected then they just assist in spreading it. I'd rather it just killed it immediately on contact rather than just blocking it til a full scan is run...

  15. #120
    PEO
    PEO is offline
    PEO's Avatar
    Join Date
    Oct 2007
    Posts
    2,096
    Thank Post
    457
    Thanked 152 Times in 96 Posts
    Rep Power
    72
    Quote Originally Posted by Marci View Post
    Is there a way to set Sophos to delete the relevant files on USB Sticks etc automatically using on-access scan rather than having to manually initiate a full scan from console? We've just switched from Symantec to Sophos, and Symantec handled Conficker much better - if it found one of Conficker's autorun.inf files it deleted it immediately along with the RECYCLER folder created. Sophos just blocks access to them, but leaves them on the drive. Staff go home or elsewhere, and end up taking the virus with them - if wherever they go isn't protected then they just assist in spreading it. I'd rather it just killed it immediately on contact rather than just blocking it til a full scan is run...
    I would imagine if your machines are setup identically, then the usb stick would choose the same drive letter. therfore you could custom sophos to check the drive.



SHARE:
+ Post New Thread
Page 8 of 9 FirstFirst ... 456789 LastLast

Similar Threads

  1. [Video] Most Annoying Runner Ever
    By mattx in forum Jokes/Interweb Things
    Replies: 1
    Last Post: 13th January 2009, 02:51 PM
  2. Top 10 annoying technologies
    By FN-GM in forum IT News
    Replies: 14
    Last Post: 8th December 2008, 12:05 PM
  3. Annoying thing!
    By chrbb in forum Windows Vista
    Replies: 3
    Last Post: 2nd September 2008, 03:10 PM
  4. Annoying Error Message
    By firefox_2006 in forum Windows
    Replies: 7
    Last Post: 7th April 2007, 09:14 PM
  5. Bloddy annoying
    By GrumbleDook in forum Jokes/Interweb Things
    Replies: 28
    Last Post: 12th July 2006, 02:09 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •