2 Antworten zu diesem Thema

[cherfaoui]

how to eradicate this virus permanently Win32.HLLW.Autoruner.5555 making havoc in the network and yet we use
Dr.Web^® Enterprise Server version 6.00.0.201009100

[SergM]

http://vms.drweb.com/virus/?i=172457&lng=en
Use the Google Translator

[hekto]

how to eradicate this virus permanently Win32.HLLW.Autoruner.5555 making havoc in the network and yet we use

Some backgroud. As you might already know, the virus uses two way to infect machines in the network
- vulnerability in the windows service
- weak passwords on the administrator accounts
So the first step is to apply all patches from the Windows Update. If this is not possible for now, then I'd suggest to disable Task Scheduler service. It might help too (virus will be injected to computer but won't be able to start).
Then you have to set strong password on all local computer administrator accounts as well as to all domain administrator accounts.

Normally SpiderGuard prevents infection of the computer. But if you have at least one unprotected machine in the network, it will try to infect other computers again and again.
Run GUI scanner (Drweb32W, fast scan option) one some suspicious computers to see if they are really infected. If they are infected, then you will have to cure the whole network, otherwise only a few machines that are unprotected for now.
If the machine will be infected again, then use security audit events to see the source of the infection. It will help you to find unprotected/infected computers in the network.

BTW, a bit more details about what you observes and what you already did would be very helpful