Spywares at the Faculty Lounge

While waiting for some of my students who will consult about their Finals Project at the MMA Faculty Lounge this morning, I installed Spybot Search & Destroy on the second PC (from the door). Here’s what I got after running a spyware check:

Earlier (at around 0100H), cleaning my PC got me busy. I was wondering why everytime I plug my flashdisk, which I only use for class purposes, any Windows application will simply not launch. A further research revealed that my system was infected by the Agobot virus, which resides on my flashdisk.

How to know if you are infected with this virus?

1. Hold down the SHIFT key while you plug in your flash disk. Do not let go of the SHIFT key not until you see the removable hardware icon on the taskbar. It is also advisable to disable AUTOPLAY when checking/cleaning your flashdisk for the Agobot virus.

2. Launch the Command Prompt (shortcut, click on Start > Run > type CMD). Type the drive letter of your flashdisk followed by a colon. Example, if your flashdisk is mapped as drive H in your PC, simply key-in “H:” (without the quotation marks) and hit the ENTER key.

3. Now, you are already inside your flashdisk. Run the command “dir /ah” to show the files that are hidden. If you see NETSVCS.exe as one of the files, then your flashdisk is infected.

4. Since NETSVCS.exe is hidden, you may not delete it right-away. Do not attempt to use the Explorer in Windows to show and delete this file, as this will infect your system further.

5. The best thing to do is to change the attributes of this file using the command “attrib NETSVCS.exe -s -h” and hit the ENTER key. Now, you are ready to delete the file, just use the command “del NETSVCS.exe” and hit the ENTER key.

6. Do the same thing for the AUTOPLAY.INF file, as it may contain codes referring to the propagation of the virus.

7. Reboot your PC.

Share this:

Add Comment

Required fields are marked *. Your email address will not be published.