we have had this virus & cleaned it since March.
It has made a re-appearance over the last few days & keeps returning to the same pc's. We have been hit quite a bit today!! This is what it does: W32/Deborm-Q is a network worm which carries and installs Trojans. When run, the worm searches for shares named C or C$ on the local IP subnet that have no password. If a share is found the worm will attempt to copy itself to one of the following folders in the shares: windows\start menu\programs\startup documents and settings\all users\start menu\programs\startup winnt\profiles\all users\start menu\programs\startup W32/Deborm-Q will also attempt to install the Trojans Troj/Litmus-203 and Troj/Sdbot-Fam. Even after we have changed the local admin password it still runs:eek: Is there a new variant of this out ?? any help appreciated. cheers shunty |
sorted it now anyway....
found out that it's not just admin accounts, but it takes the credentials of logeed on user & if they are in power uses locally, then it drops payload:eek: what is annoying is that sophos site (who we use) don't state this but I checked McAfee (we used to use this at last place) gave a more indepth description. I know it's been out since march as well. cheers anyway. shunty |
Give me a shout if you need a hand.
|
all sorted now Jack, but thanks for the offer.
shunty |
That little critter is a royal PITA :(, it's been running around our network too recently.
|
hello Miles...
we still have had a few this morning, nearly 100 yesterday:eek: not always dropping payload though for some reason ?? it's getting in through html link via e-mail.... a few of our senior management are allowed through mimesweep with an "allow all" type scenario, but we havn't purchased any web virus protection/scanning software. shunty |
All times are GMT +1. The time now is 03:48 PM. |
© 2024 MH Sub I, LLC dba Internet Brands