Jump to content

autorun.inf


Guest remixed

Recommended Posts

Guest remixed

Seem to be receiving this on various Pc's (Home & Work)

Malwarebytes' Anti-Malware 1.18

Database version: 883

00:03:11 24/06/2008

mbam-log-6-24-2008 (00-03-03).txt

Scan type: Quick Scan

Objects scanned: 44234

Time elapsed: 5 minute(s), 42 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\autorun.inf (Malware.Trace) -> No action taken.

Virus Total...

AhnLab-V3 2008.6.24.0 2008.06.23 -

AntiVir 7.8.0.59 2008.06.23 -

Authentium 5.1.0.4 2008.06.23 -

Avast 4.8.1195.0 2008.06.23 -

AVG 7.5.0.516 2008.06.24 -

BitDefender 7.2 2008.06.24 -

CAT-QuickHeal 9.50 2008.06.23 -

ClamAV 0.93.1 2008.06.23 -

DrWeb 4.44.0.09170 2008.06.23 -

eSafe 7.0.15.0 2008.06.23 -

eTrust-Vet 31.6.5897 2008.06.23 -

Ewido 4.0 2008.06.23 -

F-Prot 4.4.4.56 2008.06.23 -

F-Secure 7.60.13501.0 2008.06.20 -

Fortinet 3.14.0.0 2008.06.23 -

GData 2.0.7306.1023 2008.06.23 -

Ikarus T3.1.1.26.0 2008.06.23 -

Kaspersky 7.0.0.125 2008.06.24 -

McAfee 5323 2008.06.23 -

Microsoft 1.3604 2008.06.24 -

NOD32v2 3210 2008.06.23 -

Norman 5.80.02 2008.06.23 -

Panda 9.0.0.4 2008.06.23 -

Prevx1 V2 2008.06.24 -

Rising 20.50.02.00 2008.06.23 -

Sophos 4.30.0 2008.06.23 -

Sunbelt 3.0.1153.1 2008.06.15 -

Symantec 10 2008.06.24 -

TheHacker 6.2.92.358 2008.06.21 -

TrendMicro 8.700.0.1004 2008.06.23 -

VBA32 3.12.6.8 2008.06.23 -

VirusBuster 4.5.11.0 2008.06.23 -

Webwasher-Gateway 6.6.2 2008.06.23 -

Additional information

File size: 25 bytes

MD5...: 96893f1e189b3c381426d3275fa99f73

SHA1..: 1c5a75491b2056ffb4b39e283b3ae122dfb5eb37

SHA256: 8508893cab8f713127ee54f9fb4c0e40e6af24808f96e2440a5de4946e5946ca

SHA512: eb9151485534707f294a974417afb780ff7c7ffc3d45cdb69c9ba82cc94f0885

a79c544eab4c8e2665a0b0be635819b7285e92e0c2ac26277ef955caac5d539c

Link to post
Share on other sites

Guest remixed
This is used by several infections to run files every time you open your C:\ drive .

If you know of legit software that uses this please let me know .

In this instance...

vista.ico > www.vistaico.com

Link to post
Share on other sites

  • 6 months later...

@spt

that looks like a recent infection, not daemon tools

Folders Infected: C:\resycled (Trojan.DNSChanger) -> No action taken. Files Infected: C:\autorun.inf (Trojan.DNSChanger) -> No action taken. C:\resycled\ntldr.com (Trojan.DNSChanger) -> No action taken. C:\Programme\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> No action taken.

I would have an expert look over my HJT log in that forum

Have you used sub's flash disinfector?

Link to post
Share on other sites

Have you used sub's flash disinfector?

No, what's that?

I also think it is an infection, because I can't connect to this forum on the other machine :)

One file can't be deleted by MBAM ;) How can I get rid of this:

Files Infected:

C:\WINDOWS\system32\gaopdxxwhowipl.dll (Trojan.DNSChanger) -> No action taken.

mbam_log_2009_01_18__14_02_27_.txt

mbam_log_2009_01_18__14_02_27_.txt

Link to post
Share on other sites

sub's flash disinifector put's an empty autorun.inf on each partition and removable drive as an immunization from these type of infections that move thru storage devices

If your infection is surviving an updated MBAM scan then you definitely need to post in the HJT forum, not here

http://www.malwarebytes.org/forums/index.php?showforum=7

http://www.malwarebytes.org/forums/index.php?showtopic=9573

Link to post
Share on other sites

  • 2 weeks later...
Autorun.inf does not belong in the root of your C: drive.

I just joined the forum today and I am thus far quite pleased with MBAM. I digress, perhaps, but as an FYI there's an enlightening, pertinent, albeit lengthy discussion of Windows Autorun and Autoplay this week over on BBR DSL Reports forums. I recently did this registry fix offered in that thread on my WinXP Home machine to prevent Autorun from ever executing any malware on my system. Had to shut down Comodo FW (Defense + HIPS) which blocks alterint this reg entry (IniFileMapping) area of the registry is by default protected by Defense +. But it finally merged OK for me. This fix, like the US CERT article states, prevents Autorun from executing automatically on ALL drives.

http://www.dslreports.com/forum/r21779069-...lert-on-autorun

Hope this may be helpful to other members.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.