Posted on 2009-02-20
We have pretty much cleaned this off of all of our servers and got WSUS setup to send out MS updates to all of the machines, but we are still have the virus pop up from time to time. We also have Cisco Security Agent 4.5 on all of our machines and it has pretty much been useless when it comes to this virus. I am not sure how it is able to write to the registry and windows\system32 with CSA on all of the machines. Anyway...
When I do a virus scan (norton endpoint 11)on one of the servers it scans S:\autorun.inf during the scan. I know this is how the virus is spreading itself, but when I go to our file server and do a scan, it finds nothing. I made sure there are no hidden files and the autorun.inf is no where to be found. How could this be?
People connecting to our VPN with no mapped drives get the virus notification pretty much as soon as they sign on. I really need to get this cleaned off completely. Any advice on the best practice for doing this would be greatly appreciated.