Jump to content

Autrun Virus


Recommended Posts

The problem is that the infected USB drive, when is scanned-manual, MB don't find infections. Even if you install the virus. But when you scan drive C:, 2 registry keys and one file, that put the infections in everyone usb drive that will be attached to the PC.

Malwarebytes' Anti-Malware 1.40

Database version: 2667

Windows 5.1.2600 Service Pack 3

21/8/2009 09:12:37

mbam-log-2009-08-21 (09-12-37).txt

Scan type: Quick Scan

Objects scanned: 90656

Time elapsed: 3 minute(s), 2 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 2

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Microsoft Driver Setup (Worm.Palevo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Driver Setup (Worm.Palevo) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\drivers\winhost.exe (Worm.Palevo) -> Delete on reboot.

And you know the virus what do, after infected pc is restarted:

1. Put copy on all hard drives

2. Disable firewall, Task Manager, and disable function to see hidden files and system protected files.

3. Also block MalwareBytes from update with error 732( 0, 0)

4. Slow down the PC and put also various Adware.

Attached file is archived untouched version and that the file in:RECYCLER\S-51-9-25-3434476501-1644491928-601013333-1214\winhost.exe is protected with 2 level hidden and important system file.

The good news is that after all MB remove it, but don't stop it in beginning.

RECYCLER.rar

Link to post
Share on other sites

The actual infection starts when you insert the usb drive, that's why you need to be protected

Please download Flash_Disinfector.exe by sUBs and save it to your desktop.

  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.

Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

It's quite complicated tho

http://www.bleepingcomputer.com/forums/ind...t&p=1389354

Link to post
Share on other sites

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.