Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month, online, via Jitsi Meet.

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] virus?



Guys,

I'm not sure if this is the right forum to post this question, but here 
goes.

I have a linux server box in my lab which I'm using to run a samba 
service and server up some disk space to some laboratory equipment which 
have computer consoles operating them running windows. As it turns out, 
on one of the equpiement, I mounted the samba served network folder and 
lo and behold Autorun.inf and a rundll.exe file suddenly appeared in the 
top level directory of the mounted network folder. I proceeded to delete 
the files on the linux side (on my linux server) and within seconds the 
two files reappeared.

The content of the Autorun.inf basically causes rundll.exe to execute.

I'm thinking I'm looking at a virus on the lab equipments windows PC 
doing its thing to propagate itself. If I plug a thumb drive into the 
equipment's PC, that'll copy those to files onto the thumb drive and my 
guess the rundll.exe code gets executed when the thumb drive gets 
plugged into another windows PC.

Can you guys concur this? If I mount the network folder from my 
"infected" linux server onto another PC, will the Autorun.inf tell the 
2nd PC which mounted this drive to execute the rundll.exe file? Or does 
this only happen when you plug a thumb drive in?

Again, sorry if this is the wrong forum to ask this kind of question.

Cheers. Steve.




BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org