Virus Problem – USB Drives Infected

[Pencheven]

Hi guys, I know I don’t post here very often but I’m in need of some help and was wandering if any of you kind folk could lend me a hand.


Little Backdrop:

Main Home PC – Games Etc, XP Home (x2 HD, AVG AntiVirus (Free))
Sony Vaio Laptop – Important Stuff, Vista (x1 HD, NOD32 (Paid))
x4 PenDrives (Bytestor, 1GB, 2GB, 8GB, 16GB)
x1 120 HD Western Digital

I’m a computing student here at a University (England) and on Tuesday we were working in our sandbox computing labs in order to test out bootable OS’s from pen drives etc.

We all work on these machines and you would expect to have some kind of warning if any virus’s would be on the damnd machines, but it turns out the PC’s we were working on had an infectious virus.

Iv been using my small collection of pen drives, and stupidly I brought along my external HD which I used to back my media up onto before I formatted each pen drive.
I also use this HD to back my stuff up from home (I mean I then have it backed up on 3 different drives, so youd have thought it would be alright, hah)

So unbeknownst to me I came home to update some more work, switch the pc on, plug in my shiny new 16GB pen drive (only got it last week), pc acts really slow, word crashes and soon the PC freezes, reboot to find out AVG is shouting about a virus, details:

Trojan Horse PSQ.OnlineGames_r.AP
Found in Windows\System32\c.exe

This sends alarm bells as Im very cautious about my browsing habits and haven’t had a virus in years. Plus I hadn’t physically done anything to actually download anything in-between the time of switching the pc on and plugging in my pen drive.

Automatically suspecting my pen drive must have something and already red in the face as I realised I must have picked it up from the Uni Lab computers, I stupidly plug my HD into the laptop to check I wouldn’t lose anything important by formatting the pen drive.

Obviously brain cells weren’t working as I had plugged the stupid HD into the lab computers as well earlier in the day. Fortunately NOD32 automatically blocked the infection on the HD (I don’t know if its deleted it or just quarantined it) and it hasn’t complained after me unplugging the HD right after, so I can only guess NOD32 must have stopped it in its tracks, details:

G:\6phx.com - Win32/PSW.OnLineGames.NNU trojan

2009-06-16 18:26:13
Real-time file system protection
file G:\Autorun.inf Win32/PSW.OnLineGames.NNU trojan
cleaned by deleting - quarantined
NT AUTHORITY\SYSTEM
Event occurred during an attempt to access the file by the application: C:\Windows\system32\svchost.exe.

Iv looked but no c.exe in the Laptop system 32, but I don’t know if Vista would act differently to the infection if it were, im only praying that it isn’t infected.

So right now I have x3 Pen Drives, my HD (which is supposed to be my back up) and my main pc all infected and im not sure what to do, id format everything, but iv exhausted all of my backups, so right now I have a ton of data id like to save and no way of knowing if I can save this data and format everything without dragging the infection with me.

After doing a little more research this apparently copies itself to all drives on a machine including external drives, and then attempts to infect a new host with every pc it is inserted too. Iv also read that NOD32 cant actually get rid of it, and this is the usual “password stealing, computer compromising” Trojan.

Im not exactly sure how I can clean any of the drives without infecting the machine Iv plugged it into?

Any help?
Thanks

[Pencheven]

Well not that I think anyone will really be too bothered about this, but I thought I better make a follow up just incase some one finds this post on Google or something with the same problem (I know thats what I was actually using to remember the damn things name while I searched for a solution at Uni)

After alot of scanning I *think* the problem has been solved, as I cant seem to find any reference to the files which being detected. This was solved through the use of NOD32, Malwarebytes & SpyBot S&D.

Remove previous system restore points, as suggested attacked with all 3 programs on the Desktop machine, and used NOD32's online scanner and Malwarebytes to scan x4 Pen Drives and x1 External HD which are all now showing as clean.

Im still a little paranoid though, the Trojan might not have been as bad (Mainly aimed at Gamers and stealing passwords) however it was highly infectious and got me off guard.

I installed CCleaner (which iv never used before) and along with a load of other things, found one last refference to the Trojan:

"Missing MUI Reference" for both locations "D:\8gig0ofk.com" & "C:\8gig0ofk.com"
From the looks of things origioanlly each of those were comming up as threats in scans, but im guessing these are just there as shadows of the former files?

I actually have a question about CCleaner if anyone has read this far down; its come up with a fair few registry and application fixes in analysis, im a little weary to just clicking "fix all" as im not sure if we need to actually be aware of certain things which should be omitted, is it alright to just nuke everything?

[jamps3]

I always delete everything with CCleaner and just fix them all registry issues
Sometimes you have to do a double search to find all the registry issues.
No noticeable problems so far...

[curtis0432]

Ya i find AVG useless when it comes to the removal of viruses(especially the free version) but it sure is good at dectecting viruses. Ya malware bytes is a good free malicious software removal tool. sounds like it was resolved preety easily. good to know.