Forum Archive Home -> Computer -> Question about specific virus that affects USB memory stick
| Question about specific virus that affects USB memory stick |
| jimdagys posted 2008 Sep 26 04:04 |
| I picked up a strange virus with the following characteristics:
1) On my usb memory stick, some existing folders were duplicated and these duplicated folders all had the exe extension mysteriously added to the original folder name 2) On the usb memory stick, some of the original folders became hidden (dimmed). I had to change the folder attributes to un-hide them. 3) Even if I corrected the above problems, after rebooting the computer, the exact same problems reappeared on the memory stick. 4) On some of the Winwar files on the usb memory stick, although I could open the compressed file, I could not extract the file. I got a winwar error message. So the winwar file got corrupted. From the the above characteristics, I am wondering somebody could tell me what kind of virus causes these problems and where does the virus reside in the computer. |
| Ai Haibara posted 2008 Sep 26 05:13 |
| Are you sure it's the result of a virus? Have you scanned your computer and the USB drive for viruses and malware/spyware? Are any unusual processes running?
Have you run a disk-checking utility, like scandisk/chkdsk on it? It could simply be the result of a corrupted filesystem. Winwar? Do you mean WinRAR? That should also have a function to check archives and possibly try to repair them. (I don't know, since I don't use WinRAR.) |
| jimdagys posted 2008 Sep 26 06:39 |
| Yes, Winrar. I ended up restoring the c drive from a Ghost dvd image and now the problem is gone. No, I didn't scan the computer for viruses/malware. I just thought, since the effects on the computer of this virus are so definite, maybe someone else had run into an identical virus and could tell me more about it. |
| Ai Haibara posted 2008 Sep 26 19:49 |
| To be honest, it sounds more like filesystem corruption than a virus, to me. I'm willing to admit I could be wrong, though. |
| guns1inger posted 2008 Sep 26 21:12 |
| There are a few virii that do love to jump onto USB sticks to move around. A few of them are particularly difficult to get rid of once they hit your PC, although on the USB stick they are vulnerable. The ones I have seen have not done the type of damage you have described, which does sound much like file system damage possibly caused by pulling the stick out without properly ejecting it from the system.
Have you actually installed an anti-virus program yet ? |
| jimdagys posted 2008 Sep 26 22:51 |
| Since the mysterious files are added only on bootup, I was thinking of checking the startup utility, Start >Run>
type msconfig>OK>Startup (see screenshot) and see if there is something there isn't supposed to be there and: 1) stop the process 2) see if I could trace the offending file and delete it I'm not sure how to do step 2. Under "Command" heading there seems to list the location of the files, like C:\... Should I just delete the file (that shouldn't be there)? But what about "Location" heading, like HKLM\...? I don't know what that is. Is that part of the registry? Should I also delete the offending entry in the registry? For your information, I made a Ghost image of the c drive when the computer was exhibiting this problem. Then I restored the c drive from a known good image so the problem doesn't exist any more. If I want to analyze the problem, I would have to restore the c drive from the Ghost image that contains the virus. The below screenshot was taken from the restored c drive without the virus. Unfortunately, I did not look at the startup utility when the virus was on the computer, so I can't compare. I haven't changed the existing McAfee on this computer. It is not my computer, so I don't want to make any major changes because there is nobody here who can help me if I screw it up. I think it was a virus because it is "intelligent" (see my first post of description).  |
| guns1inger posted 2008 Sep 26 23:07 |
| Most Virii aren't intelligent, and in fact generally get dumber with each variant. The source virus may be written by someone with some skills, but after the source gets posted to the web, subsequent versions are usually adapted by script-kiddies with few skills, and usually contain bugs and mistakes. The number of virii that fail to trigger because they are written by morons is surprisingly high.
If you really want to see what is going on this PC, try Hijackthis instead |
Login/Register to our forum to be able to post here.