Been there done that. Spent the whole of an Easter holiday, Friday Night through to Tuesday morning sleeping on the office floor at night to get rid of a virus which was caught from an infected pen stick. Only one machine was not infected and that was an XP 64 bit and the pen drives could be examined on it and the virus just deleted.
Cheers Peter Peter Hart Computers. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Leland Jackson Sent: 23 September 2010 20:46 To: ProFox Email List Subject: Re: [NF] "Stuxnet Malware" This sound like the virus may use autorun.ini file that can be placed on CD/DVDs, disk drives, flash sticks, etc. The autorun.ini file would be run automatically by the OS, as soon as it recognized the device was present in the cd/dvd or usb port. The autorun.ini file would be in a folder of the device, like autorun, and could be in a binary format. Below is an example of such a setup, that came with my Western Digital Elements 2 TB usb disk drive: #=============== autorun.ini ============ [autorun] icon=autorun\wdlogo.ico #=================================== The above is the content of my autorun.ini file in the root directory of my WD Elements 2TD disk drive. It runs the wdlogo.ico file, which is a binary, housed in the autorun folder. It place a pretty Western Digital icon on my Fedora 13 x86_64 desktop each time the drive is mounted. The behavior of the binary file could be conditioned on what operating system it detected. Like any virus, once initiated, it would spread throughout the network attacking computers. If your production operation is heavily automated and relative insecure, the virus might shut down operations. #-------------------- Excerpt: like taking control of a computer system without the user taking any action or clicking any button, other than inserting an infected memory stick. #----------------------- Regards, LelandJ On 09/23/2010 12:29 PM, Jarvis, Matthew wrote: > like taking > control of a computer system without the user taking any action or > clicking any button other than inserting an infected memory stick. [excessive quoting removed by server] _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/a57fa4cf19531343a2ee11b57db8e3af100...@server.peterhartcomputers.local ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
