+ Post New Thread
Results 1 to 4 of 4
Windows Thread, Virus Issue in Technical; Hi Guys, Looks like we have had a virus travel around our network "artimus" by the looks of things, now ...
  1. #1

    Join Date
    Jun 2009
    Location
    Watford
    Posts
    845
    Thank Post
    355
    Thanked 89 Times in 65 Posts
    Rep Power
    42

    Virus Issue

    Hi Guys,

    Looks like we have had a virus travel around our network "artimus" by the looks of things, now mcafee has removed the virus, its leaving a messy registry entries with pop ups telling me that an .exe file of random letters cannot be found hence cannot start which is a nag to be honest. Also we have issues with USB keys which doesn't delete files but changes the icon for the removable device to a folder and the only way to get to the files is to right click and explore lol. What I want is a program which will sweep through pcs and correct and delete orphan reg entries and to clean up all profiles on the pc's..


    Any ideas, or has anyone had this happen to them?

    Regards,

    Andy T

  2. #2

    synaesthesia's Avatar
    Join Date
    Jan 2009
    Location
    Northamptonshire
    Posts
    5,488
    Thank Post
    527
    Thanked 876 Times in 683 Posts
    Blog Entries
    15
    Rep Power
    438
    Very common infection.
    These exe files. Are they 424kb in size?
    Is there also a hidden explorer.exe/setup.exe in the c:\ root ?

    Grab a live Linux CD/DVD to use in a laptop/desktop of choice. Invaluable tool for removing nasties from USB pens - delete the autorun.inf and the exe file it points to (typically hidden in the RECYCLER/RECYCLED folder, common names are INFO2, hn.exe etc).
    Also: Disable USB autorun on all your machines, and create a folder called autorun.inf on the USB pens - make it hidden, read only and a system file (attrib +R+A+S+H)
    Stops it being re-created.
    You can do all the above using various freely available tools and bootable CDs but it's generally safer this way, IMO.
    Last edited by synaesthesia; 23rd November 2009 at 04:35 PM.

  3. #3

    Join Date
    Jun 2009
    Location
    Watford
    Posts
    845
    Thank Post
    355
    Thanked 89 Times in 65 Posts
    Rep Power
    42
    Hi thanks for responding, to be honest we still haven't tracked down as to where its stemmed from although McAfee seems to be deleting it, its just not so great at the tidy up job after lol.

    Im gonna check a working staff room pc that MAY a suspect for the hidden C files

    and will report back later!

    Cheers

    Andy T

  4. #4

    synaesthesia's Avatar
    Join Date
    Jan 2009
    Location
    Northamptonshire
    Posts
    5,488
    Thank Post
    527
    Thanked 876 Times in 683 Posts
    Blog Entries
    15
    Rep Power
    438
    Ok, to save you a little time and just in case it is the one I'm thinking of:

    Grab an XP cd (bootable one, same service pack as what's installed - assuming this is of course XP)
    Boot up and head into recovery console

    You'll need to attrib -R-A-S-H the exe file in c:\ as well as the exe files it's probably plonking in c:\windows\system32 (with the random names you mentioend above) then delete them

    Also it creates "cffmon.exe" (not to be confused with ctfmon.exe) - do the same to that
    Restart the PC

    Use regedit or msconfig and remove the entries referring to those .exe files and cffmon.exe - I generally do a manual search of regedit just to be sure.

    Should be job done.

    PS : When closing the machines down, does a CMD.EXE window come up twice, doing nothing othe than stopping a shutdown for the first time?

SHARE:
+ Post New Thread

Similar Threads

  1. Virus or No Virus?
    By gmiller in forum Mac
    Replies: 8
    Last Post: 24th September 2009, 08:29 AM
  2. New Virus?
    By apeo in forum Windows
    Replies: 8
    Last Post: 10th October 2008, 01:12 PM
  3. Virus removal issue
    By JAW$ in forum Windows
    Replies: 3
    Last Post: 4th July 2008, 04:22 PM
  4. Logon issue and Printers issue
    By mrbios in forum Windows
    Replies: 2
    Last Post: 17th December 2007, 12:40 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •