Jump to content
Guest remixed

autorun.inf

Recommended Posts

Guest remixed

Seem to be receiving this on various Pc's (Home & Work)

Malwarebytes' Anti-Malware 1.18

Database version: 883

00:03:11 24/06/2008

mbam-log-6-24-2008 (00-03-03).txt

Scan type: Quick Scan

Objects scanned: 44234

Time elapsed: 5 minute(s), 42 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\autorun.inf (Malware.Trace) -> No action taken.

Virus Total...

AhnLab-V3 2008.6.24.0 2008.06.23 -

AntiVir 7.8.0.59 2008.06.23 -

Authentium 5.1.0.4 2008.06.23 -

Avast 4.8.1195.0 2008.06.23 -

AVG 7.5.0.516 2008.06.24 -

BitDefender 7.2 2008.06.24 -

CAT-QuickHeal 9.50 2008.06.23 -

ClamAV 0.93.1 2008.06.23 -

DrWeb 4.44.0.09170 2008.06.23 -

eSafe 7.0.15.0 2008.06.23 -

eTrust-Vet 31.6.5897 2008.06.23 -

Ewido 4.0 2008.06.23 -

F-Prot 4.4.4.56 2008.06.23 -

F-Secure 7.60.13501.0 2008.06.20 -

Fortinet 3.14.0.0 2008.06.23 -

GData 2.0.7306.1023 2008.06.23 -

Ikarus T3.1.1.26.0 2008.06.23 -

Kaspersky 7.0.0.125 2008.06.24 -

McAfee 5323 2008.06.23 -

Microsoft 1.3604 2008.06.24 -

NOD32v2 3210 2008.06.23 -

Norman 5.80.02 2008.06.23 -

Panda 9.0.0.4 2008.06.23 -

Prevx1 V2 2008.06.24 -

Rising 20.50.02.00 2008.06.23 -

Sophos 4.30.0 2008.06.23 -

Sunbelt 3.0.1153.1 2008.06.15 -

Symantec 10 2008.06.24 -

TheHacker 6.2.92.358 2008.06.21 -

TrendMicro 8.700.0.1004 2008.06.23 -

VBA32 3.12.6.8 2008.06.23 -

VirusBuster 4.5.11.0 2008.06.23 -

Webwasher-Gateway 6.6.2 2008.06.23 -

Additional information

File size: 25 bytes

MD5...: 96893f1e189b3c381426d3275fa99f73

SHA1..: 1c5a75491b2056ffb4b39e283b3ae122dfb5eb37

SHA256: 8508893cab8f713127ee54f9fb4c0e40e6af24808f96e2440a5de4946e5946ca

SHA512: eb9151485534707f294a974417afb780ff7c7ffc3d45cdb69c9ba82cc94f0885

a79c544eab4c8e2665a0b0be635819b7285e92e0c2ac26277ef955caac5d539c

Share this post


Link to post
Share on other sites

This is used by several infections to run files every time you open your C:\ drive .

If you know of legit software that uses this please let me know .

Share this post


Link to post
Share on other sites
Guest remixed
This is used by several infections to run files every time you open your C:\ drive .

If you know of legit software that uses this please let me know .

In this instance...

vista.ico > www.vistaico.com

Share this post


Link to post
Share on other sites

@spt

that looks like a recent infection, not daemon tools

Folders Infected: C:\resycled (Trojan.DNSChanger) -> No action taken. Files Infected: C:\autorun.inf (Trojan.DNSChanger) -> No action taken. C:\resycled\ntldr.com (Trojan.DNSChanger) -> No action taken. C:\Programme\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> No action taken.

I would have an expert look over my HJT log in that forum

Have you used sub's flash disinfector?

Share this post


Link to post
Share on other sites
Have you used sub's flash disinfector?

No, what's that?

I also think it is an infection, because I can't connect to this forum on the other machine :)

One file can't be deleted by MBAM ;) How can I get rid of this:

Files Infected:

C:\WINDOWS\system32\gaopdxxwhowipl.dll (Trojan.DNSChanger) -> No action taken.

mbam_log_2009_01_18__14_02_27_.txt

mbam_log_2009_01_18__14_02_27_.txt

Share this post


Link to post
Share on other sites

sub's flash disinifector put's an empty autorun.inf on each partition and removable drive as an immunization from these type of infections that move thru storage devices

If your infection is surviving an updated MBAM scan then you definitely need to post in the HJT forum, not here

http://www.malwarebytes.org/forums/index.php?showforum=7

http://www.malwarebytes.org/forums/index.php?showtopic=9573

Share this post


Link to post
Share on other sites
any portable drive inserted and autorunning will reinfect you

So I also have to format the USB stick? ;)

Share this post


Link to post
Share on other sites
If you know of legit software that uses this please let me know .

Bruce, if a legitimate software ever did that to my computer, I would be pissed. Autorun.inf does not belong in the root of your C: drive.

Share this post


Link to post
Share on other sites
Bruce, if a legitimate software ever did that to my computer, I would be pissed. Autorun.inf does not belong in the root of your C: drive.

sub's flash disinfector being the exception

Share this post


Link to post
Share on other sites
Autorun.inf does not belong in the root of your C: drive.

I just joined the forum today and I am thus far quite pleased with MBAM. I digress, perhaps, but as an FYI there's an enlightening, pertinent, albeit lengthy discussion of Windows Autorun and Autoplay this week over on BBR DSL Reports forums. I recently did this registry fix offered in that thread on my WinXP Home machine to prevent Autorun from ever executing any malware on my system. Had to shut down Comodo FW (Defense + HIPS) which blocks alterint this reg entry (IniFileMapping) area of the registry is by default protected by Defense +. But it finally merged OK for me. This fix, like the US CERT article states, prevents Autorun from executing automatically on ALL drives.

http://www.dslreports.com/forum/r21779069-...lert-on-autorun

Hope this may be helpful to other members.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.