Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] virus?

> From: at [mailto:discuss-
> at] On Behalf Of Stephen Adler
> The content of the Autorun.inf basically causes rundll.exe to execute.

Doesn't sound like normal behavior to me (I've never seen it before).  So yeah, most likely it is a virus.

Greg said scan it with AV so you can figure out how to deal with it - My experience is that this approach doesn't work.  I have cleaned hundreds of viruses, and I have 100% failure rate.  Even when you can identify a specific vulnerability that allowed a specific virus into a computer, and Mcafee or Symantec releases a utility specifically to eliminate that particular virus - and you clean the virus, apply updates and close the hole - Viruses always install additional hooks or backdoors in order to get themselves back in after cleaning.  The only effective defense is to completely nuke the affected systems after infection (reinstall the OS).  Run regular whole-system backups, try to prevent viruses getting in there (apply updates regularly, run antivirus) and then if something gets in, restore yesterday's backup.

Bill said thanks to autorun, most likely all the other windows machines are infected by now.  I believe this is false, depending on the version of windows.  Old versions would blindly and stupidly obey the autorun, but since Vista, they're much more restrictive and less likely to heed the autorun.  So your XP machines (which should be destroyed) are probably infected, and anything later is most likely not.  But the best way to detect is to run some AV on the clients.

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /