Jump to content
You are not logged in ▶️ Click to sign-up or login ×

Stubborn Infection

sensei

By sensei
in IT and Computers

 Share

Recommended Posts

sensei Silver Member

sensei

Posted
Posted (edited)

I work in a place where the computers are severly infected with a worm (i think) that copies an autorun.inf file on my flash drive whenever I plug it in. It also places a copy of one of several files there named service.exe, display.vbs.dll, and scvhost.exe to which the autorun file points to.

The infection has aken over the system of most of the computers there. I can't even access the Task Manager which apparently got disabled at startup. Getting in to the folder options is another impossible task because when you click on Tools to find the folder options, it is'nt there.

I have removed their patched copy of NOD32 and tried to replace it with AVIRA AntiVir. When I install the new antivirus, the computer goes through the normal installation process but after I finish doing so, the program doesn't appear on all Programs. when I tried to find the folder of AVIR in the programs folder, it's not even there.

The infection has spread to a number of computers that are in the network.

This is getiing a bit out of hand. I have tried scanning the computers from my flash drive using th potable version of Clamwin but it's just too slow...

Any suggestions?

Edited by sensei
Link to comment
Share on other sites
sensei Silver Member

sensei

Posted
  • Author
Posted
Your going to have to disconnect the network and clean each part one at a time then reconnect only after you are sure none have the bug.

Thanks RKASA I could turn off the wireless network for a few hours but my bigger problem is getting the virus out. It seems to have stopped the antivirus and prevented it from even being installed. I can't dig into the hidden files because the folder options were also removed. Even the task manager doesn't show up anymore.

Link to comment
Share on other sites
stumonster Platinum Member

stumonster

Posted
Posted

you need to clean the system without running the operating system that is on the computer.

to do this you will have to boot via CD and have an OS installed in RAM then run the cleaning programs.

I use UBCD4win - http://www.ubcd4win.com/ - it is a 200 meg download .

you need to unpack it then use a windows cd with it to create an GUI OS to use - then update the definition files for the malware and virus detector you intend to use , there are a few different ones in the UBCD pack , and then build a disc image and burn it to a CD.

then boot the CD , it will come up with a GUI and then run the programs needed to clean your system.

it is not that hard , plenty of FAQs available.

Link to comment
Share on other sites
sensei Silver Member

sensei

Posted
  • Author
Posted

Thanks stumonster... I guess this is worth trying.

you need to clean the system without running the operating system that is on the computer.

to do this you will have to boot via CD and have an OS installed in RAM then run the cleaning programs.

I use UBCD4win - http://www.ubcd4win.com/ - it is a 200 meg download .

you need to unpack it then use a windows cd with it to create an GUI OS to use - then update the definition files for the malware and virus detector you intend to use , there are a few different ones in the UBCD pack , and then build a disc image and burn it to a CD.

then boot the CD , it will come up with a GUI and then run the programs needed to clean your system.

it is not that hard , plenty of FAQs available.

Link to comment
Share on other sites
chevykanteve Silver Member

chevykanteve

Posted
Posted
I work in a place where the computers are severly infected with a worm (i think) that copies an autorun.inf file on my flash drive whenever I plug it in. It also places a copy of one of several files there named service.exe, display.vbs.dll, and scvhost.exe to which the autorun file points to.

The infection has aken over the system of most of the computers there. I can't even access the Task Manager which apparently got disabled at startup. Getting in to the folder options is another impossible task because when you click on Tools to find the folder options, it is'nt there.

I have removed their patched copy of NOD32 and tried to replace it with AVIRA AntiVir. When I install the new antivirus, the computer goes through the normal installation process but after I finish doing so, the program doesn't appear on all Programs. when I tried to find the folder of AVIR in the programs folder, it's not even there.

The infection has spread to a number of computers that are in the network.

This is getiing a bit out of hand. I have tried scanning the computers from my flash drive using th potable version of Clamwin but it's just too slow...

Any suggestions?

We've had the same problem on the network computers where I work. I also removed our patched copy of NOD32 (which in my personal opinion is next to useless) and replaced it with AVG Anti-Spyware and AVG Anti-Virus. No problem now for many days. It was a pain in the neck before, because when I'd plug in my handydrive, about 100 .vbs files would pop up on the handydrive directory, along with the autorun.inf you mentioned above. Anyhow, no APPARENT problems now (knock on wood...).

Link to comment
Share on other sites
pete_r Silver Member

pete_r

Posted
Posted

Another tip: Have everyone in your office create a new folder on their handy drive and name it "autorun.inf". This is supposed to stop most trojans from creating their autorun.inf file, and thus reduce the risks of infection.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.






×
×
  • Create New...