On Thursday, during my Internet Appliances lab, it was brought to the lecturer, a Mr Shankarappa Kumbar’s attention that multiple computers in the lab were infected with a virus, W32.OlderData, the lecturer’s response was simple “never mind”.
While such a task might not be his responsibility, but for a lecturer, especially one in more or less, the IT sector, to just shrug off such an alert, it is largely irresponsible and ignorant on his part and it prompts one to question his competency, among various other acts of his which I would not disclose here. However, some part of the fault also lies on me.
Out of necessity of needing to get my work done, or pure stupidity, and since the copy of Symantec antivirus on the particular system I was on wasn’t beeping with alarm unlike the others, I inserted my thumb drive into to the system to copy over some files where I had done previous at come to continue development. Big mistake. The virus passed itself onto my thumb drive, which then ultimately ended up infecting my machines back home.
All of the infected computers were Windows systems running Symantec AntiVirus, viruses def as of 22/11/06. The virus was able to replicate and elude detection until an instance of it executed, which SAV then attempted to halt it. This meant that as long as the virus didn’t attempt to meddle with system configs, it wouldn’t be detected.
Only when I became curious of that consistent floppy seek every now and then did I became curious and launch and investigation to the cause of it. As of the time this post was written, I’ve managed to stamp out all the instances I could find using scans from both Trendmicro Housecall and SAV, along with manually removing registry entries calling for the virus.
Hi, I was searching the net for information about a virus called w32.Olderdata when i came across your blog. I have the same problem as you did. My school’s system got infected and we were not told about it until in the evening after we all had already plugged in our thumbdrives/harddisks several times. I tried to delete the virus using Norton but the virus just remained in my computer. Have you managed to solve your problem? Can you teach us how to solve it? Me and my friends are all having problems with this virus. Thank you.
Hello, the same thing seems to have happened in my school. The school administration has not told anyone about it, and I found out the hard way, through the same medium – thumbdrive.
However, the computer lab admins are reformatting all the computers, but it’s too late for my case. Could you please help me solve this problem too? I’ve done all the steps on Symantec’s website (http://www.symantec.com/security_response/writeup.jsp?docid=2007-061806-4049-99&tabid=3) and even cleared my registry of all traces of boot.exe, but the problems return once I restart my computer. It’s getting frustrating.
Any help would be greatly appreciated!
It’s been a while and I’m unable to recall most of the details. The steps provided at Symantec’s site, which wasn’t available yet when I was infected, seems more or less similar to the actions I’ve taken, and it is more detailed that what I’ve done/about to provide.
1. I brought up the task manager and killed off the phony taskmgr.exe. The phony one runs under the “SYSTEM” account, while the one you just brought up runs as the current user.
2. Secondly, I cleared each drive of the malicious file. However, instead of browsing the drive by double clicking on it from “My Computer”, right click on it, and go select “Explore” instead, since if the drive is infected, doing so would just relaunch it again.
Delete both autorun.inf and boot.exe from the root of that drive.
Do the same for any removable media (thumb drive etc) you belief to be infected.
3. Navigate to C:\Documents and Settings\<username>\
Delete taskmgr.exe
Navigate to C:\Documents and Settings\<username>\
Delete Kill Brontok.exe
4. Run ‘regedit.exe’. Do a search (hit F3) for taskmgr.exe.
Delete the one the says something like “C:\Windows\Explorer.exe C:\Documents and Settings\<username>\taskmgr.exe”.
5. Update virus definitions (if not done already) and run a scan. This will clean up any leftovers. Make use of online virus scans such as Trendmicro Housecall if necessary.
6. Restart and it should be good.
Good hunting!