June 18th, 2009, 06:51 AM #1
- Join Date
- Jul 2008
Virus Problem Ė USB Drives Infected
Hi guys, I know I donít post here very often but Iím in need of some help and was wandering if any of you kind folk could lend me a hand.
Main Home PC Ė Games Etc, XP Home (x2 HD, AVG AntiVirus (Free))
Sony Vaio Laptop Ė Important Stuff, Vista (x1 HD, NOD32 (Paid))
x4 PenDrives (Bytestor, 1GB, 2GB, 8GB, 16GB)
x1 120 HD Western Digital
Iím a computing student here at a University (England) and on Tuesday we were working in our sandbox computing labs in order to test out bootable OSís from pen drives etc.
We all work on these machines and you would expect to have some kind of warning if any virusís would be on the damnd machines, but it turns out the PCís we were working on had an infectious virus.
Iv been using my small collection of pen drives, and stupidly I brought along my external HD which I used to back my media up onto before I formatted each pen drive.
I also use this HD to back my stuff up from home (I mean I then have it backed up on 3 different drives, so youd have thought it would be alright, hah)
So unbeknownst to me I came home to update some more work, switch the pc on, plug in my shiny new 16GB pen drive (only got it last week), pc acts really slow, word crashes and soon the PC freezes, reboot to find out AVG is shouting about a virus, details:
Trojan Horse PSQ.OnlineGames_r.AP
Found in Windows\System32\c.exe
This sends alarm bells as Im very cautious about my browsing habits and havenít had a virus in years. Plus I hadnít physically done anything to actually download anything in-between the time of switching the pc on and plugging in my pen drive.
Automatically suspecting my pen drive must have something and already red in the face as I realised I must have picked it up from the Uni Lab computers, I stupidly plug my HD into the laptop to check I wouldnít lose anything important by formatting the pen drive.
Obviously brain cells werenít working as I had plugged the stupid HD into the lab computers as well earlier in the day. Fortunately NOD32 automatically blocked the infection on the HD (I donít know if its deleted it or just quarantined it) and it hasnít complained after me unplugging the HD right after, so I can only guess NOD32 must have stopped it in its tracks, details:
G:\6phx.com - Win32/PSW.OnLineGames.NNU trojan
Real-time file system protection
file G:\Autorun.inf Win32/PSW.OnLineGames.NNU trojan
cleaned by deleting - quarantined
Event occurred during an attempt to access the file by the application: C:\Windows\system32\svchost.exe.
Iv looked but no c.exe in the Laptop system 32, but I donít know if Vista would act differently to the infection if it were, im only praying that it isnít infected.
So right now I have x3 Pen Drives, my HD (which is supposed to be my back up) and my main pc all infected and im not sure what to do, id format everything, but iv exhausted all of my backups, so right now I have a ton of data id like to save and no way of knowing if I can save this data and format everything without dragging the infection with me.
After doing a little more research this apparently copies itself to all drives on a machine including external drives, and then attempts to infect a new host with every pc it is inserted too. Iv also read that NOD32 cant actually get rid of it, and this is the usual ďpassword stealing, computer compromisingĒ Trojan.
Im not exactly sure how I can clean any of the drives without infecting the machine Iv plugged it into?
June 19th, 2009, 05:39 PM #2
- Join Date
- Jul 2008
Well not that I think anyone will really be too bothered about this, but I thought I better make a follow up just incase some one finds this post on Google or something with the same problem (I know thats what I was actually using to remember the damn things name while I searched for a solution at Uni)
After alot of scanning I *think* the problem has been solved, as I cant seem to find any reference to the files which being detected. This was solved through the use of NOD32, Malwarebytes & SpyBot S&D.
Remove previous system restore points, as suggested attacked with all 3 programs on the Desktop machine, and used NOD32's online scanner and Malwarebytes to scan x4 Pen Drives and x1 External HD which are all now showing as clean.
Im still a little paranoid though, the Trojan might not have been as bad (Mainly aimed at Gamers and stealing passwords) however it was highly infectious and got me off guard.
I installed CCleaner (which iv never used before) and along with a load of other things, found one last refference to the Trojan:
"Missing MUI Reference" for both locations "D:\8gig0ofk.com" & "C:\8gig0ofk.com"
From the looks of things origioanlly each of those were comming up as threats in scans, but im guessing these are just there as shadows of the former files?
I actually have a question about CCleaner if anyone has read this far down; its come up with a fair few registry and application fixes in analysis, im a little weary to just clicking "fix all" as im not sure if we need to actually be aware of certain things which should be omitted, is it alright to just nuke everything?---
June 26th, 2009, 02:33 PM #3
- Join Date
- Jun 2009
I always delete everything with CCleaner and just fix them all registry issues
Sometimes you have to do a double search to find all the registry issues.
No noticeable problems so far...
June 26th, 2009, 05:51 PM #4
- Join Date
- Jan 2009
Ya i find AVG useless when it comes to the removal of viruses(especially the free version) but it sure is good at dectecting viruses. Ya malware bytes is a good free malicious software removal tool. sounds like it was resolved preety easily. good to know.
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
By Mombo323 in forum Storage RelatedReplies: 30Last Post: October 7th, 2009, 06:59 PM
By live4nothing in forum Technical SupportReplies: 15Last Post: March 28th, 2006, 10:11 PM
By Theophylact in forum Security and Privacy IssuesReplies: 6Last Post: February 2nd, 2005, 03:15 PM
By DVNT1 in forum Security and Privacy IssuesReplies: 8Last Post: November 3rd, 2003, 08:14 AM
By Richard Cranium in forum Multimedia and AudioReplies: 1Last Post: December 19th, 2002, 06:22 AM