Hello there Guest, welcome to betaPod. To read more about betaPod, please visit our About betaPod page.
Not a member? Join betaPod now for free!
Not a member? Join betaPod now for free!
Welcome to betaPod
we hear the betas, and you.Welcome to betaPod, the largest software BETA discussion center on the internet.
Windows: Drive Spreading Worm "Worm.Delf.Yrj"
| Authors | Posts |
betaPod Techtalk
Worms that spread through thumbdrives or other removable disks are common. However, there was a recent attack on my robotics lab's laptops and our thumbdrives all contained the worm "worm.delf.yrj" which copies itself and place itself on all writable drives available. In this issue, we are going to talk about how I removed the worm and successfully fixed its effects. Worm.delf.yrj, is a simple worm that copies itself. However, it might be deadly as it may also copy other viruses that may affect USB functions. In my case, it was spreaded to all laptops in my lab through our thumbdrives without us knowing. In all the drives, i noticed that the worm appeared as "auto.exe" and "autorun.inf". However, it also copies the USB affecting "IO.pif" virus. No matter how you find and delete the virus and worm on the disk root, it will still copy itself back. Removal of this problem has to be quick. When i saw this, I checked for the 3 files mentioned and found it hidden as files with System and Hidden attributes. I used Command Prompt to change the attributes of the files to Normal and immediately i ended the process of IO.pif via Task Manager. Then i safely delete the files and that's all! Also, I checked for startup links to the files then removed them. Next, I gave the computer a restart and my laptop worked again! The symtoms of this worm is that all drives in your My Computer is unable to open successfully with Windows Explorer and that an unknown process with filename "IO.pif" running. Also, I am unable to show system and hidden files from the Folders Options of Windows Explorer. It seems that the worm disabled the ability to show system and hidden files. These are what I did and know about the worm from what i experienced today. Thanks alot for viewing this article from betaPod Techtalk
© Sam Yong 2007-2008 All Rights Reserved. Written by Sam Yong.
| |
 $hojx93 Date joined: 30 Jun 07 Total posts: 47 Location: Singapore | 10 Sep 07 at 3:26pm Last Edit: 22 Sep 07 at 2:25pm RE: Windows: Drive Spreading Worm This certainly is scary. This is why we should always be careful of what's actually running in our PCs to prevent a whole lab of computers being affected. Easy way out is to use Mac though. :) It has no threats. Any idea on where it actually comes from(other than USBs) and how it actually affects our PCs(e.g. what IO.pif does)? A quick check on google gives me betaPod and other chinese webpages. ---  |
 @Hellclanner i love betaPod :) Date joined: 25 Apr 07Total posts: 525 Location: Woodlands, Singapore | 11 Sep 07 at 7:53am Last Edit: 1 Oct 07 at 10:57pm RE: Windows: Drive Spreading Worm IO.pif actually prevents you from safety removal of removal drives because the process is running. It also prevents you from opening your drive from "My Computer" as the autorun.inf messed it up. It also causes slowdowns on your computer has it sometimes takes up much process time. And it is also annoying as when I shutdown the laptop, explorer immediately freezes. So we had to force shutdown it until i fixed it. worms aren't that much of a threat but it may be harrassing. so it's best to fix it right for the start. you can try adaware, AVG, and other free softwares for help. |
^top |
