Autorun.inf Virus - Help

**craigg** · 5th March 2009, 09:44 AM

We have been unfortunate enough to come accross this virus.

It seems to reside in some of our shared folders....

As far as anti virus goes we have got sophos, but even when we do a full system scan it seems to come back.

I have read that it spreads through UNC paths and that there is a possibility that it might be on every client so just cleaning the server wont work.

Anyone had this?

or solved it?

**SYSMAN_MK** · 5th March 2009, 09:46 AM

Take a look here.

**bossman** · 5th March 2009, 10:05 AM

And here: Unsupported Browser

**Sophos-Support-5** · 6th March 2009, 10:34 PM

[QUOTE=craigg;299934]We have been unfortunate enough to come accross this virus.[QUOTE]

We can sometimes class the autorun.inf file as part of a virus when we detect it's trying to call a viral file. The autorun.inf file on its own isn't harmful. Only that it's had its settings changed to load a virus that is (or was) on the removal device.

What virus is actually being detected?

**k-strider** · 6th March 2009, 10:49 PM

i've seen sophos pick this up when kids stick memory sticks into the machiens... since sophos emails me about the threats its detected and cleaned....

i guess the key is to use software restrictions policies to stop anything being executed from paths other than where you have "programs" that way it has less chance of getting in in the first place!

**rdk** · 8th March 2009, 10:55 AM

Someone recommended "autorun eater" a few weeks agos if you do a search. I installed it and it works a treat on USB drives etc to stop it getting into your system in the first place.

**mattx** · 8th March 2009, 11:00 AM

Originally Posted by rdk

Someone recommended "autorun eater" a few weeks agos if you do a search. I installed it and it works a treat on USB drives etc to stop it getting into your system in the first place.

Good tool to use - may add it to the Admin Bar at some point.

Download Autorun Eater 2.3 - Scan and Remove Suspicious 'autorun.inf' Files Automatically! - Softpedia

is the link.

**ChrisH** · 8th March 2009, 12:29 PM

Our SRP stops this running for kids when they try and put it into one of our machines. I have found that our AV sometimes detects it and other times it doesn't. I can tell you for a fact the last one I had couldn't removed by Sophos or NOD. It was one that kept turning view hidden files off. Luckily my machine was dual boot with Ubuntu and clam seemed to nail it.

**spchappell** · 8th March 2009, 03:17 PM

I wrote about our recent battle with the worm and our findings here.
http://spchappell.blogspot.com

Simon

LinkBack

Thread Tools

Search Thread

Autorun.inf Virus - Help

Thanks to Sophos-Support-5 from:

3 Thanks to mattx:

Conficker battle

Similar Threads

USB Flash Disk - autorun.inf - nightmare

2K8/vista compatible CMDHERE.INF (hurrah!)

Question on Sysprep.inf

Thread Information

Users Browsing this Thread

Posting Permissions