From: FromTheRafters on
<vjp2.at(a)at.BioStrategist.dot.dot.com> wrote in message
news:hn67g9$7dr$1(a)reader1.panix.com...
>
> So IRCBRUTE works through the file system?

Devices, not files. Well, there are files on the device...

When the USB device is inserted, the OS "recognises" the device and
there is a feature that allows data on the device to cause the OS to
invoke a player (autoplay) or otherwise chose a program to execute
(autorun). If your home computer has this feature disabled (as it
should), then you were in no danger. It seems to me that the library has
the worm, and inserting your USB device caused the worm to try and load
an autorun.inf and program (worm body) on the device so as to infect the
next vulnerable (autorun=on) computer it got plugged into.

There is no way to tell (from here) how the library's computer got
infested, there are *other* channels (vectors) used by the worm to
spread.

> *+-There was no need to destroy the fob.
>
> I agree, but no one was willing to help me fix it.

That's too bad.


From: vjp2.at on
I had to log on to the library with password.

Clamwin (updated) found nothing on my main machine,
so it does seem the library was the source.
I checked the CDs going back. No infection, no autorun, no RESTORE.

THe infected fob never had contact to my machines except via CDROMS
burned from it.

But CLAMWIN did find a chkdisk error on an 8MB PDF on the 4GB USB fob.

- = -
Vasos Panagiotopoulos, Columbia'81+, Reagan, Mozart, Pindus, BioStrategist
http://www.panix.com/~vjp2/vasos.htm http://www.facebook.com/vasjpan2
---{Nothing herein constitutes advice. Everything fully disclaimed.}---
[Homeland Security means private firearms not lazy obstructive guards]
[Urb sprawl confounds terror] [Phooey on GUI: Windows for subprime Bimbos]



From: FromTheRafters on
<vjp2.at(a)at.BioStrategist.dot.dot.com> wrote in message
news:hn84pa$sp3$2(a)reader1.panix.com...

>I had to log on to the library with password.

Thus giving you a false sense of security.

> Clamwin (updated) found nothing on my main machine,
> so it does seem the library was the source.

I use ClamWin as a second opinion scanner, but I still don't trust it
completely. It does have its share of false positives, and I suspect its
share of false negatives as well. If it detects the malware on the USB
device, but not on the machine, my guess is that your machine is not
infested.

> I checked the CDs going back. No infection, no autorun, no RESTORE.
>
> THe infected fob never had contact to my machines except via CDROMS
> burned from it.

Then how was it detected as being infected with an autorun worm?


From: vjp2.at on
*+->
*+-> THe infected fob never had contact to my machines except via CDROMS
*+-> burned from it.

*+-Then how was it detected as being infected with an autorun worm?


On a machine at another library I went to download info from

Actually, I got no warning - I just saw something Resote/Taquito
(faded) on the fob, and when it didn't let me delete it, got
suspicious and right clicked virus scan.


- = -
Vasos Panagiotopoulos, Columbia'81+, Reagan, Mozart, Pindus, BioStrategist
http://www.panix.com/~vjp2/vasos.htm http://www.facebook.com/vasjpan2
---{Nothing herein constitutes advice. Everything fully disclaimed.}---
[Homeland Security means private firearms not lazy obstructive guards]
[Urb sprawl confounds terror] [Phooey on GUI: Windows for subprime Bimbos]



From: Dustin Cook on
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in
news:hn6hs8031al(a)news3.newsguy.com:

> From: <vjp2.at(a)at.BioStrategist.dot.dot.com>
>
>
>| So IRCBRUTE works through the file system?
>
>| *+-There was no need to destroy the fob.
>
>| I agree, but no one was willing to help me fix it.
>
> It loaded via an AutoRun worm.
> That's why you should disable AutoPlay/AutoRun on a PC where you use
> random-read/random-write media.
>
>
>
>

Hold down right shift key when inserting your media if you don't know or
cannot disable the autorun. This will do it for you, but ONLY for that
go around.


--
"Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh..
nudge this boulder right down a cliff." - Goblin Warrior

First  |  Prev  |  Next  |  Last
Pages: 1 2 3 4 5 6
Prev: Reasons Why People Use Windows
Next: Is this a virus or???