Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

SEP 11.0.5 not detecting Amdsys.exe called from autorun.inf

  • 1.  SEP 11.0.5 not detecting Amdsys.exe called from autorun.inf

    Posted May 06, 2010 02:48 AM

    Our organization uses  SEP 11.0.5 unmanaged client in many systems. Recently we found that all the USB drives are having an autorun.inf file and the contents are as follows :

    [autorun]
    open=SYSTEM\FOLDER\AmdSys.exe
    ;üÁÕÔÏÒÕÎŽÉÎƆ

    ;Nod32 Has Checked This File For Malwares ANd File Scan Result is Clean.
    action=Open folder to view files
    shell\open=Open
    shell\open\command=SYSTEM\FOLDER\AmdSys.exe
    shell\open\default=1

    We tried scanning the drive and deleting it manually but no luck.  In McAffee it is able to cure the file.
    Can anybody give some solution for this

     


  • 2.  RE: SEP 11.0.5 not detecting Amdsys.exe called from autorun.inf

    Posted May 06, 2010 03:06 AM
    Autorun.inf used the feature autoplay.Unfortunately many threats will use this feature for spreading itself .It is better to disable this feature as a safety measure.
    Have a look at this KB
    How to prevent a virus from spreading using the "AutoRun" feature