Jump to content
Posted 24 October 2008 - 06:22 PM
Posted 24 October 2008 - 09:59 PM
In our case, it's happened...:
(1) First, after the date I did a backup on my Sony VAIO to a backup drive, with USB connection, by Norton 360. The backup was completed successfully. Then this drive have a system file named "resycled" folder with a "boot.com" file and a "autorun.inf" in the root drive with the same date stamp. These files are only located in the backup drive only, not the notebook drive. Of cuase, I did not noticed their existing at the time.
(2) And later on, I used the same backup drive, but installed as internal drive, to do a backup on the Server 2003. I tried to do backup by cloning image of the Server 2003 system with Seagate Disc Wizard. The Disc Wizard failed the backup. However, all the partitions on the hard drive I wanted to backup are all infected by a "autorun.inf" file stored in the root of each drive.
All our systems are well installed and updated with Symantec's security software except Server 2003, which the security software could not be installed. Microsoft claims the Server is well protected by itself.
Well, so much about this, as I could not concluded it's a virus or not. It definitely could be affected by virus on the same date as I backed up Jessie's Sony VAIO notebook. But, it's amusing the Sony VAIO notebook has no such infection when I checked it later on.
I was surprised that the problem get into the Windows Server system. And found no help from all the Anti-virus software.
However, I found a way to solve it in our Windows Server 2003 Enterprise Edition. I guest it may work in the other Windows system as well.
It's quite simple to do it as I found.
1. Opened the My Computer
2. Right clicked the mouse on the drive having the infection.
3. Selected "Explorer" from the pop-up menu.
4. Went to the Menu bar and select Tools->Folder Option.
5. Select the View tap. and did:
a) selecting "Show hidden files and folders'
unchecking "Hide protected operating system files (recommended)"
6. Click OK.
7. I found the file named "autorun.inf" file in the root of each infected drive.
8. And I deleted the file. And I selected the other infected drive and delete all the "autorun.inf" files one by one.
9. Over the backup drive, I also deleted the "resycled" system folder as well. I think, this is the source of the infection. Or you could name it as the virus nest.
10. I went to the Desktop and open the Recycle Bin and Executed Empty Recycle Bin. It's a very important step to prevent the infection coming back!
10. Then, I rebooted the system.
11. And everyone was backed to work. Problem was solved or virus was removed, whatever you name it.
12 Of course, don't forget to change the View functions back over the "Folder Options" if they were not the original selections.
Posted 26 October 2008 - 10:45 AM
0 members, 0 guests, 0 anonymous users