sensei Posted January 13, 2008 Share Posted January 13, 2008 (edited) I work in a place where the computers are severly infected with a worm (i think) that copies an autorun.inf file on my flash drive whenever I plug it in. It also places a copy of one of several files there named service.exe, display.vbs.dll, and scvhost.exe to which the autorun file points to. The infection has aken over the system of most of the computers there. I can't even access the Task Manager which apparently got disabled at startup. Getting in to the folder options is another impossible task because when you click on Tools to find the folder options, it is'nt there. I have removed their patched copy of NOD32 and tried to replace it with AVIRA AntiVir. When I install the new antivirus, the computer goes through the normal installation process but after I finish doing so, the program doesn't appear on all Programs. when I tried to find the folder of AVIR in the programs folder, it's not even there. The infection has spread to a number of computers that are in the network. This is getiing a bit out of hand. I have tried scanning the computers from my flash drive using th potable version of Clamwin but it's just too slow... Any suggestions? Edited January 13, 2008 by sensei Link to comment Share on other sites More sharing options...
RKASA Posted January 14, 2008 Share Posted January 14, 2008 Your going to have to disconnect the network and clean each part one at a time then reconnect only after you are sure none have the bug. Link to comment Share on other sites More sharing options...
sensei Posted January 14, 2008 Author Share Posted January 14, 2008 Your going to have to disconnect the network and clean each part one at a time then reconnect only after you are sure none have the bug. Thanks RKASA I could turn off the wireless network for a few hours but my bigger problem is getting the virus out. It seems to have stopped the antivirus and prevented it from even being installed. I can't dig into the hidden files because the folder options were also removed. Even the task manager doesn't show up anymore. Link to comment Share on other sites More sharing options...
stumonster Posted January 14, 2008 Share Posted January 14, 2008 you need to clean the system without running the operating system that is on the computer. to do this you will have to boot via CD and have an OS installed in RAM then run the cleaning programs. I use UBCD4win - http://www.ubcd4win.com/ - it is a 200 meg download . you need to unpack it then use a windows cd with it to create an GUI OS to use - then update the definition files for the malware and virus detector you intend to use , there are a few different ones in the UBCD pack , and then build a disc image and burn it to a CD. then boot the CD , it will come up with a GUI and then run the programs needed to clean your system. it is not that hard , plenty of FAQs available. Link to comment Share on other sites More sharing options...
stumonster Posted January 14, 2008 Share Posted January 14, 2008 (edited) and when you are done and boot back into windows - turn autoplay off Edited January 14, 2008 by stumonster Link to comment Share on other sites More sharing options...
sensei Posted January 14, 2008 Author Share Posted January 14, 2008 Thanks stumonster... I guess this is worth trying. you need to clean the system without running the operating system that is on the computer.to do this you will have to boot via CD and have an OS installed in RAM then run the cleaning programs. I use UBCD4win - http://www.ubcd4win.com/ - it is a 200 meg download . you need to unpack it then use a windows cd with it to create an GUI OS to use - then update the definition files for the malware and virus detector you intend to use , there are a few different ones in the UBCD pack , and then build a disc image and burn it to a CD. then boot the CD , it will come up with a GUI and then run the programs needed to clean your system. it is not that hard , plenty of FAQs available. Link to comment Share on other sites More sharing options...
chevykanteve Posted January 14, 2008 Share Posted January 14, 2008 I work in a place where the computers are severly infected with a worm (i think) that copies an autorun.inf file on my flash drive whenever I plug it in. It also places a copy of one of several files there named service.exe, display.vbs.dll, and scvhost.exe to which the autorun file points to.The infection has aken over the system of most of the computers there. I can't even access the Task Manager which apparently got disabled at startup. Getting in to the folder options is another impossible task because when you click on Tools to find the folder options, it is'nt there. I have removed their patched copy of NOD32 and tried to replace it with AVIRA AntiVir. When I install the new antivirus, the computer goes through the normal installation process but after I finish doing so, the program doesn't appear on all Programs. when I tried to find the folder of AVIR in the programs folder, it's not even there. The infection has spread to a number of computers that are in the network. This is getiing a bit out of hand. I have tried scanning the computers from my flash drive using th potable version of Clamwin but it's just too slow... Any suggestions? We've had the same problem on the network computers where I work. I also removed our patched copy of NOD32 (which in my personal opinion is next to useless) and replaced it with AVG Anti-Spyware and AVG Anti-Virus. No problem now for many days. It was a pain in the neck before, because when I'd plug in my handydrive, about 100 .vbs files would pop up on the handydrive directory, along with the autorun.inf you mentioned above. Anyhow, no APPARENT problems now (knock on wood...). Link to comment Share on other sites More sharing options...
pete_r Posted January 16, 2008 Share Posted January 16, 2008 Another tip: Have everyone in your office create a new folder on their handy drive and name it "autorun.inf". This is supposed to stop most trojans from creating their autorun.inf file, and thus reduce the risks of infection. Link to comment Share on other sites More sharing options...
stumonster Posted January 16, 2008 Share Posted January 16, 2008 or turn off auto run on your computers Link to comment Share on other sites More sharing options...
allexx Posted January 17, 2008 Share Posted January 17, 2008 or turn off auto run on your computers AVG 7.5 is #1. 5 stars. Link to comment Share on other sites More sharing options...
sensei Posted January 17, 2008 Author Share Posted January 17, 2008 or turn off auto run on your computers AVG 7.5 is #1. 5 stars. 5 Stars! Wow! I will try this. thanks... Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now