Windows Thread, Virus Issue in Technical; Hi Guys,
Looks like we have had a virus travel around our network "artimus" by the looks of things, now ...
23rd November 2009, 01:12 PM #1
Looks like we have had a virus travel around our network "artimus" by the looks of things, now mcafee has removed the virus, its leaving a messy registry entries with pop ups telling me that an .exe file of random letters cannot be found hence cannot start which is a nag to be honest. Also we have issues with USB keys which doesn't delete files but changes the icon for the removable device to a folder and the only way to get to the files is to right click and explore lol. What I want is a program which will sweep through pcs and correct and delete orphan reg entries and to clean up all profiles on the pc's..
Any ideas, or has anyone had this happen to them?
IDG Tech News
23rd November 2009, 05:31 PM #2
Very common infection.
These exe files. Are they 424kb in size?
Is there also a hidden explorer.exe/setup.exe in the c:\ root ?
Grab a live Linux CD/DVD to use in a laptop/desktop of choice. Invaluable tool for removing nasties from USB pens - delete the autorun.inf and the exe file it points to (typically hidden in the RECYCLER/RECYCLED folder, common names are INFO2, hn.exe etc).
Also: Disable USB autorun on all your machines, and create a folder called autorun.inf on the USB pens - make it hidden, read only and a system file (attrib +R+A+S+H)
Stops it being re-created.
You can do all the above using various freely available tools and bootable CDs but it's generally safer this way, IMO.
Last edited by synaesthesia; 23rd November 2009 at 05:35 PM.
23rd November 2009, 05:37 PM #3
Hi thanks for responding, to be honest we still haven't tracked down as to where its stemmed from although McAfee seems to be deleting it, its just not so great at the tidy up job after lol.
Im gonna check a working staff room pc that MAY a suspect for the hidden C files
and will report back later!
23rd November 2009, 05:55 PM #4
Ok, to save you a little time and just in case it is the one I'm thinking of:
Grab an XP cd (bootable one, same service pack as what's installed - assuming this is of course XP)
Boot up and head into recovery console
You'll need to attrib -R-A-S-H the exe file in c:\ as well as the exe files it's probably plonking in c:\windows\system32 (with the random names you mentioend above) then delete them
Also it creates "cffmon.exe" (not to be confused with ctfmon.exe) - do the same to that
Restart the PC
Use regedit or msconfig and remove the entries referring to those .exe files and cffmon.exe - I generally do a manual search of regedit just to be sure.
Should be job done.
PS : When closing the machines down, does a CMD.EXE window come up twice, doing nothing othe than stopping a shutdown for the first time?
Last Post: 24th September 2009, 09:29 AM
Last Post: 10th October 2008, 02:12 PM
Last Post: 4th July 2008, 05:22 PM
By mrbios in forum Windows
Last Post: 17th December 2007, 01:40 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)