Monday, September 08, 2008

windows cannot find 1[7].exe mapped network drive

This was an issue where a virus tried to inject itself on the file server and after removing all traces of the virus itself it managed to inject an autorun.inf into the root of a network share on the file server.

obivously the .exe is a self generated file but what you need to do is dig into the root of the windows share eg. on the server f:/driveshare/ and check for a hidden autorun.inf file.

mine contained the following info.

[AutoRun]
open=7[1].exe
shellexecute=7[1].exe
shell\Auto\command=7[1].exe

as soon as this is removed the issue dissapears, some machine were stubborn however, in one case it took a process of (on the pc itself) removing the mapped drive, mapping to an alternate letter the same path then breaking that share and letting the logon script remap it back. I can only assume a caching issue was holding it there.

 


Posted by admin in
Permalink
Page 1 of 1 pages