Fucking viruses. Can you tell I am pissed. This is another AOL IM virus that hit our network. I think it is only 2 machines and 1 with a confirmed infection. I have been working on this since 4:30 and I am still not finished.
From reports from users I was able to get a copy of the file. which was on the C:\sp.exe. It also had a batch file called a.bat. I ran it on a lab machine and confirmed that it starts a process called iPODusb.exe, writes some junk to the registry to make it start. changes from proxy settings. I then submit the file to McAfee get an extra.dat, test it, test it again with a larger group. Set all desktops to pull the extra.dat. Force the infected machine to scan it’s self. I am now waiting on a bindview report coming back that looks for these files on all computers. So far it has found 2 hits which is why I think it only attempted to infect 2 machines. So 4 hours of my life wasted just because someone clicked on a link in IM.
3 thoughts on “”
Comments are closed.
iPODusp.exe
Hey, my sister got the same virus. How did you get rid of it?
Re: iPODusp.exe
deleted the IPODusb file from c:\windows\system32 then rebooted. McAfee has included the file in there daily dats so if you have that then do an update now then an on demand scan should clean it.
i pod
I downloaded Microsoft Anti spyware and it stops it from starting but still can’t figure out how to get rid of it myself.