Hi FwF,
Sounds like a vundo file infector. If it is a problem of a virus using shares, here is another elegant solution, I give it from the author, as I did not experience it:
The virus scanners we all use do a pretty good job. The problem is that this virus looks for shared folders. If you keep getting infected, I ask you, are your drives shared? Thats how it kept getting me. My first problem was that I used "share" as the name for a shared folder, a likely guess for an attacker. Anyways here's what you have to do to make your shared folders off-limits to this virus.
First of all, if you're using simple file sharing, you're asking for trouble. Turn it off as follows:
1. Double click "My Computer"
2. Tools -> Folder Options
3. Click the view tab
4. Scroll to the very bottom
5. Make sure that "use simple file sharing (recommended)" is UNCHECKED
You now can configure what people can do to your shared folder. Go to the directory that keeps having infected files pop up. If its icon has the hand under it, right click on it and select properties. If is not shared, check its parent directory.
click sharing
Click permissions
click on "everyone"
make sure "Change" is not checked
Click ok
Click the security tab
Click "Everyone"
Uncheck everything but "Read" and "List Folder Contents"
If you had to uncheck any boxes particularly "write", you probably just fixed your problem.
This will make it much harder to map to your shared folder, since the virus would have to know a username and password of someone that can log into your computer in order to connect. As soon as I realized I was giving write privileges to everyone I was kicking myself. I had been wondering why this thing kept popping up, since I never had time to run the EXE. Scanners always got it the second it overwrote a file. Well it only overwrote files in my shared folder (of course I didn't share c:), and that is because the virus was never on my machine at all (not for more than a few seconds anyway). It was on somebody's computer who was too cheap to buy a virus scanner and it was getting to me through my shared folder. That is why every virus scanner said my drive was clean. But problem solved. I haven't seen a virus alert since i changed the permissions to read only. I bet it'll work for you too
If you want another computer to have full access to the shared folder, you need to map the share using an existing username and password, or you need to create a windows user on the computer with the shared drive (The new user need not be an administrator). Use the procedure just given but check the "full controll" boxes for this user. Then when you map the share use "connect using a different username and password" to specify the windows user you just added,
polonus
