Today, as I was running the kk.exe utility on one of the servers, I discovered something VERY important that the kk.exe does not do by default, just by double clicking on the kk.exe:
It does not scan all fixed drives. but rather just the C: drive. For the sake of testing, I ran the kk.exe utility on the H: drive on do-tech, and it found about 10 instances of the autorun.inf, and the Recycle Bin folder, which are also components of the virus that were just lingering in the corresponding folders.
If you are running the kk.exe from \\do-tech\utils folder, please do run it with these flags:
kk.exe –a –t –j –z –x –y –v –f
Running these flags will ensure that any disabled services will get re-enabled, and that autorun will get disabled on the machine, as well as forcing the utility to look into all fixed drives on the machine.
I understand that these are too many flags to remember, so when you’re running the kk utility from \\do-tech\utils, please run the following file instead, which is a small batch file that contains all these flags, and you can double click it like you did the kk.exe utility. Just always make sure that the kk.exe and kk.bat are in the same folder, so you can either double click on the kk.bat straight from \\do-tech\utils.kk.bat or copy both kk.exe and kk.bat from \\do-tech\utils, and paste it on the desktop then run the kk.bat
This is by no means THE solution for our virus disaster, but if we’re running the cleanup utility, we might as well be running it so that it actually does clean the whole system, and disables some of the vulnerable point of entry of the virus.
Thank you for your attention to this matter.
No comments:
Post a Comment
Please make your comment. (GMK)
Note: Only a member of this blog may post a comment.