Re: weird virus auto duplicate whenever usb inserted


What antivirus program are you running ?





On Sat, 26 Jan 2008 15:00:50 +0000, scyap <scyap.1e1087f@xxxxxxxxxxxx>
wrote:


_*Hello_everyone,_i_totally_need_help__cuz_my_pc_is_in_trouble..._i_am_infected_with_

some_unknown_virus...*_

HOW IT HAPPENED?
I put my portable hard disc into a friend's pc, uploaded data, and when
i connect my
portable HD to my own PC, its infected, im sure its infects via USB

HOW IT EXECUTES?
well before that i didnt know its infected, so i just double clicked my
portable HD

(from
my pc) and nothing happened, after a few tries, i right click and saw
"auto-play", i was
shocked and then i use OPEN, and i saw some autorun.inf and
windows.scr, autorun.inf is
commanded(i know, wrong word) to execute windows.scr as auto play. BOTH
FILES ARE
SYSTEM+HIDDEN, i did turn on ability to view HIDDEN and SYSTEM long ago
(yeah i know the
risks but i wont simply accidentally delete a file)

.SCR FORMAT?
Its windows screen saver format but its an infected one, it says right
here (link

below)
and it claims to be a extension used to transmit TROJAN
http://filext.com/file-extension/scr

COULDN'T YOU JUST DELETE WINDOWS.SCR AND AUTORUN.INF ?
Yes i did try but it didnt work, my computer is ALREADY infected cuz the
first time

i
double clicked it (and it autorun)

WHAT U MEAN INFECTED?
i have no problems deleting windows.scr and autorun.inf BUT when i
insert the USB

(or any USB memory sticks, tested), it will re-create those two files
(Yes, it will re-

create it instantly once u insert it in, checked using the Created on :
<date>)

DOES THIS WORK IN SAFE MODE?
YES, WHAT A VIRUS !!!
It works and STILL SPREADS via usb in safe mode

DO U HAVE A SCREEN SHOT OF YOUR RUNNING PROCESSES IN SAFE MODE?
Yes i do, here is link below
http://img184.imageshack.us/img184/900/wthhhhri1.jpg


INSTALL THIS ANTI VIRUS, AND THAT, AND THE OTHER ONE, AND THAT TOO !!!
I use AVG 7.5 AntiVirus Professional (registered)
I use AVG AntiSpyware (registered)
I use Ad-Aware 07

U DIDNT UPDATE EH?
ALL UPDATED

U USE THOSE ANTI VIRUS AND UPDATED IT BUT DID U SCAN?
Yes, full system scan with NOTHING (sigh)

SCAN REMOVEABLE?
yes i did scan my usb...

NO NORTON FROM SYMANTEC ?
Yeah i have 2003 but since its so old, i downloaded 2008, but blue
screen when

Norton 2008 starts on startup, so i went to safe mode, use
NortonRemovalTool and blasted it

out of my pc, i guess its the clash with AVG, it did warn me during
installation but i am

not dumping AVG, i paid !

WHAT OTHER TRICKS U DID??
I tried renaming and changing its extension, but failed, it re-creates
the same copy

again

IS HARDDISK AFFECTED BY THIS AUTORUN?
NO, only Removeable Discs

GOT HIJACKTHIS?
Yes, is it needed?

ANY MORE?
Yea, i was once affected by this virus long time ago, it will create a
Copy of the

autorun etc in EVERY DRIVE (including HDD) and put an autorun, and when
u run the autorun,

it will check if the process to spread is ON or not, if not, it will on
it, and then it

will copy itself to ANY DISKS . This is very obvious cuz its in HDD as
autorun too and its

in Processes, which i obviously know where its from, so i terminated,
and cleared all the

files, which made this virus permanently disappear but this is
something new...

AND as far as im concerned, there MUST be a process to check if i have
inserted a
RemoveableDrive or not, right? Like a looping check everyone 1 second?
Well this is what i think, it may not be true... cuz i cant find this
process
i always check at processlibrary.com

..hmmm , everything in my processes look clean, my only suspect is why
so many svchost,

last time i didnt have that many




[b]I have two screen shots :
_-Safe_Mode_all_processes_
http://img184.imageshack.us/img184/900/wthhhhri1.jpg

_-Normal_Windows_All_processes_
http://img168.imageshack.us/my.php?image=tasknq3.jpg


Help pls...
.

Relevant Pages

  • RE: weird virus auto duplicate whenever usb inserted
    ... portable HD to my own PC, its infected, im sure its infects via USB ... DOES THIS WORK IN SAFE MODE? ... IS HARDDISK AFFECTED BY THIS AUTORUN? ...
    (microsoft.public.windowsxp.help_and_support)
  • weird virus auto duplicate whenever usb inserted
    ... portable HD to my own PC, its infected, im sure its infects via USB ... DOES THIS WORK IN SAFE MODE? ... IS HARDDISK AFFECTED BY THIS AUTORUN? ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Controlling specific USB devices on Windows XP
    ... I saw it first hand with a USB device bought from Best Buy that had a hard coded partition which mimicked a CD-ROM. ... When inserted, that partition would be recognized as a CD-ROM device, and would autorun the content. ... While the device will not execute autorun.inf upon insertion, there is another means by which autorun can be used to accomplish this task fairly simply. ... I get the Autoplay window that asks me what I want to do: Copy pictures, View a slideshow, Open a folder, or take no action. ...
    (Focus-Microsoft)
  • RE: Security with USB Devices
    ... Couldn't one just as easily make a CD with autorun on it and put ... both that and a USB stick into the target machine. ... The views expressed in this email are not necessarily those held by VNL, ... This email has been scanned for all known viruses by the MessageLabs Email Security System. ...
    (Pen-Test)
  • USB delivered attacks - lessons learned/summary (so far)
    ... All my testing so far has been done on a Windows ... USB devices don't use autorun - well, they seem to do something with it ... drives in your machine, why assume that his USB thumbdrive is so ...
    (Pen-Test)