Fucking viruses. Can you tell I am pissed. This is another AOL IM virus that hit our network. I think it is only 2 machines and 1 with a confirmed infection. I have been working on this since 4:30 and I am still not finished.
From reports from users I was able to get a copy of the file. which was on the C:\sp.exe. It also had a batch file called a.bat. I ran it on a lab machine and confirmed that it starts a process called iPODusb.exe, writes some junk to the registry to make it start. changes from proxy settings. I then submit the file to McAfee get an extra.dat, test it, test it again with a larger group. Set all desktops to pull the extra.dat. Force the infected machine to scan it’s self. I am now waiting on a bindview report coming back that looks for these files on all computers. So far it has found 2 hits which is why I think it only attempted to infect 2 machines. So 4 hours of my life wasted just because someone clicked on a link in IM.

3 Responses to “”

  1. Anonymous says:

    iPODusp.exe

    Hey, my sister got the same virus. How did you get rid of it?

  2. Ian says:

    Re: iPODusp.exe

    deleted the IPODusb file from c:\windows\system32 then rebooted. McAfee has included the file in there daily dats so if you have that then do an update now then an on demand scan should clean it.

  3. Anonymous says:

    i pod

    I downloaded Microsoft Anti spyware and it stops it from starting but still can’t figure out how to get rid of it myself.

Leave a Reply

OpenID

Anonymous