4 Replies Latest reply on Jul 13, 2012 4:37 AM by mjmurra

    New Autorun!inf.a

      Hi,

       

      I am a system admin. I would like like to ask why there I keep getting logs that user is infected with new autorun!inf.a.

       

      McAfee anti-virus should have clean it/block it  ?

      It even try to infect my file server.

       

      How to resolve this issues ?

       

      Best Regards,

      Chris

        • 1. Re: New Autorun!inf.a
          Hayton

          "New autorun!inf.a" is known to McAfee - see

          http://home.mcafee.com/virusinfo/virusprofile.aspx?key=359221

           

          See also http://home.mcafee.com/virusinfo/virusprofile.aspx?key=141387#none which has more information about this sort of infection.

           

          If McAfee is not detecting this, I need to know which McAfee program suite you are referring to. Is it the Enterprise edition?

          • 2. Re: New Autorun!inf.a

            Hi Hayton,

             

            I am not sure of the suit but I have the latest:

             

            McAfee AV version 8.8.0

            McAfee AV DAT version 6770

             

            The machine just get reinfected again and again.

            I am wondering if the auto!inf.a could have run before the anti-virus do the scan.

             

            Regards,

            Chris

            • 3. Re: New Autorun!inf.a
              Hayton

              I am wondering if the auto!inf.a could have run before the anti-virus do the scan.

               

              I don't know.  "8.8" is the current version of VirusScan Enterprise, so you have the Enterprise version of McAfee. This has functionality which I am not familiar with.

               

              The question has been moved to the Business section, VirusScan Enterprise, for the attention of one of the moderators or other users there.

              • 4. Re: New Autorun!inf.a

                Any !inf detection refers to a malicious autorun.inf file usually on a USB key, but could also be on a hard drive, network drive or other portable media.

                 

                The file itself is not a virus, but rather a malicious pointer to another file that is. On some versions of Windows, the other file is automatically run without user intervention.

                 

                Detecting the autorun itself isn't bad (McAfee blocked the attempt to infect), but you really should be trying to work out why these USB keys are ending up with worms on them - obviously they are being put into machines that are actively infected and they end up with the autorun.inf and malicious software.