Hi There,
Is there someone who could look at the attached zip file and tell me how to protect my system against future attacks. My SEP is up to date but it cant find this. The infection seems to be called rioahim.exe. What it seems to do is change the attributes of the folders to hidden and then create shortcuts to the folders. Only thing is the shortcuts are actually to the infected file. It seems to change network folders, then when a user tried to access the folder, unaware that it is a shortcut, they get infected. I was able to just delete the rioahim file and other associated files, but the trouble is removing the hidden status.
The only way I have been able to do this is with the attrib -h command line function. Now I have to go through roughly 30 folders individually to remove the hidden property. Would anyone know of an easier way to do this, as having to type attrib "folder name" -s -h ( and sometimes -r aswell) is taking a bit of time.
I have a feeling it came from an SD-Card from one of my users, unintentionally. I did notice that SEP was removing the rioahim.exe and rioahim.src files, so it is at least picking up that the files are bad but it is not getting rid of the dll files.
Please can someone let me know when there is more info about this. The only thing i found online was,
http://www.prevx.com/filenames/3184973258685196133-X1/RIOAHIM.EXE.html but I think this is jsut a bot response as it is one of those annoying sites that doesn't really help.
Note : Recently uploaded media files are still processing: