Autorun.inf Virus - Help
We have been unfortunate enough to come accross this virus.
It seems to reside in some of our shared folders....
As far as anti virus goes we have got sophos, but even when we do a full system scan it seems to come back.
I have read that it spreads through UNC paths and that there is a possibility that it might be on every client so just cleaning the server wont work.
Anyone had this?
or solved it?
[QUOTE=craigg;299934]We have been unfortunate enough to come accross this virus.[QUOTE]
We can sometimes class the autorun.inf file as part of a virus when we detect it's trying to call a viral file. The autorun.inf file on its own isn't harmful. Only that it's had its settings changed to load a virus that is (or was) on the removal device.
What virus is actually being detected?
i've seen sophos pick this up when kids stick memory sticks into the machiens... since sophos emails me about the threats its detected and cleaned....
i guess the key is to use software restrictions policies to stop anything being executed from paths other than where you have "programs" that way it has less chance of getting in in the first place!
Someone recommended "autorun eater" a few weeks agos if you do a search. I installed it and it works a treat on USB drives etc to stop it getting into your system in the first place.
Our SRP stops this running for kids when they try and put it into one of our machines. I have found that our AV sometimes detects it and other times it doesn't. I can tell you for a fact the last one I had couldn't removed by Sophos or NOD. It was one that kept turning view hidden files off. Luckily my machine was dual boot with Ubuntu and clam seemed to nail it.
I wrote about our recent battle with the worm and our findings here.