Battering my head against a virus here at work.
It's being spread my memory sticks, via autorun.inf
the memory stick infection is called ubs.exe (hidden, readonly, system file attributes) the icon is green cartoon fish
when an infected stick is plugged into a pc it's generating 4 files, it takes the first 4 letters of the pc name to create a prefetch and exe (in c:\windows) and adds that to the startuplist.
It also uses the first 6 letters of the pc name to create a 2nd prefetch and exe, this is the active running program that will infect any memory stick plugged in.
So far it's been ease to manually stop and delete, ok there could be more of it hidden away, but stopping the (6 letter pc name) exe then maanually deleteing out the exe's and prefetches is stoping it running at startup and infecting clean memory sticks.
However the big issue I've had is that Sophos (our anti-virus software) is not detecting it.
So I've currently got no idea what it actually is.
I've sent off a sample to Sophos and I'm going to try it out on a few other bits of anti-virus to see if it can go undetected by them.
students and their
infected usb sticks, dirty
![]()
they just click on any
link and open any
email, no
matter how many
times we try to drum in into their thick
skulls, they are still
virus ridden breeding grounds.
In 5 years time I pity the state computers and the net are going to be in if this is the state of future users.


LinkBack URL
About LinkBacks
students and their 
Reply With Quote









the servers, just to force the issue and get it redone from scratch rather than trying to nurse it along.
