Virus Riddle

doo_much · Post by **doo_much** » 24 Jul 2010, 15:52

Riddle me this...

I have two machines running MSE, both XP Home, both connected to the net via seperate 3G connections, not networked. Windows update are running on both etc etc. Basically they are identical software wise.

So I transfer data from the one (Joe*) to the other (Bob*) and am informed that the memory stick has a virus on it. Rimecud!inf none the less.
Fair enough, stuff happens.
MSE on Bob cleans the infection and I'm a happy puppy. Plug the stick into Joe, no issues are reported and I'm still happy.

10 minutes later we need to print some more files and the stick is plugged into Bob again. And the presence of the same virus is reported.

Hmmm, seems Joe has the flue (not a speliing mistake), so we update the virus definitions on it and run a full scan. ~3 hours later Joe is given a clean bill of health. The offending memory stick is formatted and plugged as is into Bill.

Same virus.

So what now. Joe refuses to acknowledge the problem but Bill does. And both use the same tool to do so?

*Names added to prevent obfuscation

garp · Post by **garp** » 24 Jul 2010, 16:35

Why not try plugging it into... um... Chris... and see what he says... haha but ok really, try another machine and see if the AV complaines about anything

doo_much · Post by **doo_much** » 24 Jul 2010, 17:50

Hmmm, haven't considered that. Although I'll probably have to fake ignorance if Chris finds the same virus.

And then I'll be left with the same conundrum...

Why does one instance of MSE see a virus and another doesn't?

Bladerunner · Post by **Bladerunner** » 25 Jul 2010, 19:00

Joe has the virus on its harddisk. Everytime you plug the USB back into Joe, the virus is transferred to the memory stick again. That's fairly obvious.

Could it be possible that you need a GOOD antivirus and not MSE?

You can try AVG but I'm not a fan. I prefer Nod32.

doo_much · Post by **doo_much** » 25 Jul 2010, 19:20

That's quite possible Blade - abou tme needing a decent paid for anti-virus. Which is what I do on my work laptop.

What gets my goose is that MSE finds the virus on the memory stick - but only on one machine and not the other.

I mean WTF???? It should either find it or not at all???

Bladerunner · Post by **Bladerunner** » 25 Jul 2010, 19:57

doo_much wrote:That's quite possible Blade - abou tme needing a decent paid for anti-virus. Which is what I do on my work laptop.

What gets my goose is that MSE finds the virus on the memory stick - but only on one machine and not the other.

I mean WTF???? It should either find it or not at all???

So I suggest you try AVG Free and check if you get different results. Perhaps even the Nod32 trial.

garp · Post by **garp** » 25 Jul 2010, 20:35

Bladerunner wrote:Joe has the virus on its harddisk. Everytime you plug the USB back into Joe, the virus is transferred to the memory stick again. That's fairly obvious.

Could it be possible that you need a GOOD antivirus and not MSE? You can try AVG but I'm not a fan. I prefer Nod32.

*hits self over the head until unconscious, wakes up and wonders how could I have missed the most obvious...

Post by **KALSTER** » 26 Jul 2010, 00:03

On both computers (is the second one Bill or Bob?) in command type: dir /ah . Do you see an *.inf file? If you do, type: type [name of file].inf . Does the file refer to an executable?

doo_much · Post by **doo_much** » 26 Jul 2010, 00:05

People...

I am NOT worried about the flippen virus!!!!!

What worries me is that one instance of MSE picks it up and another doesn't!!!!

Yes. Multiple exclamation marks. I know...

SykomantiS · Post by **SykomantiS** » 26 Jul 2010, 10:27

doo, is this maybe one of those virus(es- or whatever) that once it infects a machine, it prevents said machine's AV from knowing it's present?

rustypup · Post by **rustypup** » 26 Jul 2010, 10:51

first guess?

auto-run is disabled on joe but enabled on bob/bill - MSE plays the 'on-access' game, so those machines accessing the stick using auto-run are effectively triggering an access scan, whereas joe isn't?..

still sounds like joe is a dirty tramp needing a reset...

doo_much · Post by **doo_much** » 26 Jul 2010, 10:59

Joe is mum's PC so you never know what dodgy sites she'd been to...

Thanks I'll have a look at the auto-run settings.

Post by **KALSTER** » 26 Jul 2010, 14:45

KALSTER wrote:On both computers (is the second one Bill or Bob?) in command type: dir /ah . Do you see an *.inf file? If you do, type: type [name of file].inf . Does the file refer to an executable?

2.0

doo_much · Post by **doo_much** » 26 Jul 2010, 16:05

2.0 ??

Post by **KALSTER** » 26 Jul 2010, 16:46

Sorry, did you try that? I have had similar behaviour from Autorun.inf viruses in the past. Once you locate the hidden *.inf file, then you can check inside it using the 'type' command to see which file it references so you can nuke it. Usually once I had deleted the *.inf file (after changing the attributes) and rebooted, the AV was suddenly able to pick it up. I had to format the flash drive as well before rebooting, otherwise it would sometimes reinfect the PC.

doo_much · Post by **doo_much** » 26 Jul 2010, 17:02

No hidden inf files.

@rusty - yep spot on. I've disabled auto run on the other PC as well. Will install decent anti virus later this week and clean up on both.

Thanks for all the advice. Let's treat this as resolved?

PCFormat Forum Archive

Virus Riddle

Virus Riddle

Re: Virus Riddle

Re: Virus Riddle

Re: Virus Riddle

Re: Virus Riddle

Re: Virus Riddle

Re: Virus Riddle

Re: Virus Riddle

Re: Virus Riddle

Re: Virus Riddle

Re: Virus Riddle

Re: Virus Riddle

Re: Virus Riddle

Re: Virus Riddle

Re: Virus Riddle

Re: Virus Riddle