BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] virus?
- Subject: [Discuss] virus?
- From: adler at stephenadler.com (Stephen Adler)
- Date: Mon, 27 Oct 2014 18:21:24 -0400
Guys, I'm not sure if this is the right forum to post this question, but here goes. I have a linux server box in my lab which I'm using to run a samba service and server up some disk space to some laboratory equipment which have computer consoles operating them running windows. As it turns out, on one of the equpiement, I mounted the samba served network folder and lo and behold Autorun.inf and a rundll.exe file suddenly appeared in the top level directory of the mounted network folder. I proceeded to delete the files on the linux side (on my linux server) and within seconds the two files reappeared. The content of the Autorun.inf basically causes rundll.exe to execute. I'm thinking I'm looking at a virus on the lab equipments windows PC doing its thing to propagate itself. If I plug a thumb drive into the equipment's PC, that'll copy those to files onto the thumb drive and my guess the rundll.exe code gets executed when the thumb drive gets plugged into another windows PC. Can you guys concur this? If I mount the network folder from my "infected" linux server onto another PC, will the Autorun.inf tell the 2nd PC which mounted this drive to execute the rundll.exe file? Or does this only happen when you plug a thumb drive in? Again, sorry if this is the wrong forum to ask this kind of question. Cheers. Steve.
- Follow-Ups:
- [Discuss] virus?
- From: blu at nedharvey.com (Edward Ned Harvey (blu))
- [Discuss] virus?
- From: jabr at blu.org (John Abreau)
- [Discuss] virus?
- From: greg at freephile.com (Greg Rundlett (freephile))
- [Discuss] virus?
- Prev by Date: [Discuss] nginx reporting
- Next by Date: [Discuss] virus?
- Previous by thread: [Discuss] nginx reporting
- Next by thread: [Discuss] virus?
- Index(es):