Tweet
Virus companies are they really doing enougth
A fifth out break of virus has arrived on our network as I predicted.
Mcafee identifies the virus's as polybotI!.hosts.
Sadly the instructions on the web site are totally wrong. None of the reg entries are present. So you conclude the virus has been succesfully removed. Working in safe mode when required.
You reboot and it's back. You check whats running and you can't see anything silly. You check the registry and you see an entry called sysconf.exe.
A quick search brings you too Sophos and they call it Agobot-fp
Two registry entires need removing from the run section.
Referances to 2nd file show no entries in this section.
You delete these make sure the admin has a password and reboot. It's back. Back to safe mode.
Regedit again and you find both files mentioned elsewhere. You remove the entries and delete sysconf.exe from the hard drive.
Reboot it's gone. However Mcafee never detects the file sysconf.exe. It cleans the host file but thats it.
Symantec have another solution for the same virus. I didn't bother looking at this as no doubt Panda and others have yet more entries.
I find this very poor by the virus companies do they really know what they're doing.
Forgot to mention the people monitoring the network have noticed that the virus isn't always using the ports claimed by symantec.
Mcafee identifies the virus's as polybotI!.hosts.
Sadly the instructions on the web site are totally wrong. None of the reg entries are present. So you conclude the virus has been succesfully removed. Working in safe mode when required.
You reboot and it's back. You check whats running and you can't see anything silly. You check the registry and you see an entry called sysconf.exe.
A quick search brings you too Sophos and they call it Agobot-fp
Two registry entires need removing from the run section.
Referances to 2nd file show no entries in this section.
You delete these make sure the admin has a password and reboot. It's back. Back to safe mode.
Regedit again and you find both files mentioned elsewhere. You remove the entries and delete sysconf.exe from the hard drive.
Reboot it's gone. However Mcafee never detects the file sysconf.exe. It cleans the host file but thats it.
Symantec have another solution for the same virus. I didn't bother looking at this as no doubt Panda and others have yet more entries.
I find this very poor by the virus companies do they really know what they're doing.
Forgot to mention the people monitoring the network have noticed that the virus isn't always using the ports claimed by symantec.
Comment