Hi,
My warning log contains:
03/11/2006 21:23:12 1162585392 SYSTEM 1772 Sign of “Win32:Medbot-AM [Trj]” has been found in “C:\Documents and Settings\All Users\Documents\setup.exe[UPX]” file.
and I found a file named “autorun.inf” in the shared folder containing the lines :
[autorun]
open=setup.exe
icon=setup.exe,0
The modification date of the file was 21:22 and when I was warn by Avast, I suppress the setup.exe file.
I can’t know if the exe file may have been executed on my machine, could I ?
I try to get more information on this “troyan”, I search the web for a description … unsuccessfully
I remove the rigth to write in the “Shared Documents” folder.
I try to understand how my computer has been infected. : I was running “Google” in IE and a 3D navigator called ActiveWorlds. Can a simple web page install a Setup ?
What are the effect of this troyan if the setup is run ?
I dont know in wich cases the autorun file can launch the setup file, is it when I open the folder, or when another computer try to conect a drive on this folder ?
help would be appreciated.
Fib