+ Post New Thread
Results 1 to 3 of 3
Windows Thread, Virus Warning!? in Technical; We've been infected by something! member of staff came in with an error message, stating a 16bit MS DOS app ...
  1. #1

    Join Date
    Nov 2007
    Location
    Nottingham
    Posts
    116
    Thank Post
    7
    Thanked 23 Times in 14 Posts
    Rep Power
    17

    Virus Warning!?

    We've been infected by something! member of staff came in with an error message, stating a 16bit MS DOS app cant run c:\windows\system32\2.exe, very suspicious name, 10mins later 4 other people had the same message. We packed 2.exe up and sent it to Sophos, we've not yet had any information back over the week however Sophos is now detecting the file as Troj/Agent-JBO so it must be new? Every machine and laptop on the network is infected with this, sophos now deletes it as soon as its created. however it just gets re infected later on. Its now also creating files in the startup folders and is rapidly getting out of hand.

    Am not sure if this is a fresh virus, but we have it and have no idea how to contain it as we don't know the source! We have informed out LEA as to warn anybody in the county this might be on the loose. but any help would be greatly appreciated

  2. #2

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,241
    Thank Post
    239
    Thanked 1,567 Times in 1,249 Posts
    Rep Power
    339
    Viewing your link, it states it creates an entry in the registry, so when the computer is restarted or someone logs on it's re-created.

    It'll be referring to:

    Code:
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    So for example, you may have Adobe Reader Speed Launcher (which is a common entry). To remove it, after the equals sign, delete everything after it and insert a minus sign. Save the file as removal.reg and then run in a logon script.

    Code:
    Windows Registry Editor Version 5.00
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"=-
    Run silently in a logon script:
    Code:
    regedit /S \\SERVERNAME\NETLOGON\Removal.reg

  3. #3
    Sophos-Support-5's Avatar
    Join Date
    Jun 2007
    Location
    Abingdon, UK
    Posts
    48
    Thank Post
    0
    Thanked 7 Times in 6 Posts
    Rep Power
    16
    Hi PRicho,

    Please call us (24/7/365) if you require assistance. If you submitted a file sample (and included an email address) you should have received a email reply with a case reference in the subject line. Please quote this when calling.

    From UK: 0844 767 4670 (0844 SOPHOS-0)
    International: +44 (0)1235 465818


    Regards,

    Sophos Technical Support

SHARE:
+ Post New Thread

Similar Threads

  1. New Virus?
    By apeo in forum Windows
    Replies: 8
    Last Post: 10th October 2008, 01:12 PM
  2. Warning on chargers
    By imiddleton25 in forum General Chat
    Replies: 6
    Last Post: 24th July 2008, 06:04 PM
  3. A word of warning
    By edie209 in forum General Chat
    Replies: 1
    Last Post: 3rd January 2007, 09:37 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •