Simviation Forum - Trojan Horse Infection on Primary System Through USB Thumb Drive

Jun 10^th, 2010 at 12:31am

a1 Offline
Colonel
Tied In A Knot I Am

Gender:
Posts: 8217

School systems are cesspools for all types of nasty bugs. I just now got a Trojan from my USB drive because I plugged it in a school computer. Apparently the school system missed something.

I restarted my compute rand now running AVG scan. AVG is very buggy after the infection and if the scan doesn't find and fix it I'll be out of options. I quickly scanned the USB drive when I plugged it in and AVG said it moved the Trojan to the vault but I am still nervous.

This would be my first confirmed infection and I hope I am taking things correctly. I will refrain from plugging any USB drives in the infected computer for now.

If all else fails I'll have to send my computer to the GeekSquad (reluctantly) and have them mess around with it.

Is there a chance I can clean the USB drive without infecting another computer? I will not hesitate to format the USB drive though.

This post will be updated as things update for me.

790i : QX9650 : 4Gb DDR3 : GeForce 8800 GTX : 1 WD Raptor : 1 WD VelociRaptor 150

Back to top

IP Logged

Reply #1 - Jun 10^th, 2010 at 11:18am

aussiewannabe Offline
Colonel
Directive!

Posts: 2541

After you reformat your USB drive, I suggest you use the following on it from now on:

http://www.precisesecurity.com/tools-resources/adware-tools/flash-disinfector/

When a virus comes into contact with a USB drive, it creates an autorun.inf file so when you insert your drive into another computer, it can infect it. However, since Flash Disinfector creates an autorun.inf folder on your USB drive, the virus has no place to go but to the recycler file on it.

One way you can tell if a virus is on your USB is to watch it the red light on it. It will flash when you insert it as well as when you began accessing it for files or when it finishes a download. If it continues to flash after all this then 9 times out of 10 a virus has gotten on to the drive. There have been times I thought I had one on it due to this happening, but my virus program (NOD 32) doesn't find a virus on it.

Hope this helps.

Back to top

IP Logged

Reply #2 - Jun 10^th, 2010 at 2:54pm

Fozzer Offline
Colonel
An elderly FS 2004 addict!
Hereford. England. EGBS.

Posts: 24861

aussiewannabe wrote on Jun 10^th, 2010 at 11:18am:

After you reformat your USB drive, I suggest you use the following on it from now on:

http://www.precisesecurity.com/tools-resources/adware-tools/flash-disinfector/

When a virus comes into contact with a USB drive, it creates an autorun.inf file so when you insert your drive into another computer, it can infect it. However, since Flash Disinfector creates an autorun.inf folder on your USB drive, the virus has no place to go but to the recycler file on it.

One way you can tell if a virus is on your USB is to watch it the red light on it. It will flash when you insert it as well as when you began accessing it for files or when it finishes a download. If it continues to flash after all this then 9 times out of 10 a virus has gotten on to the drive. There have been times I thought I had one on it due to this happening, but my virus program (NOD 32) doesn't find a virus on it.

Hope this helps.

The above program...^^^^.... Shocked

...!

Avira has just flagged up a security risk on the "Autorun" file in ALL my Hard Drives, and automatically blocked them!

Paul....Beware!... Wink

...!

P.S. My Hard drives, etc, were clear of anything dangerous..UNTIL...I installed the above program!

Dell Dimension 5000 BTX Tower. Win7 Home Edition, 32 Bit. Intel Pentium 4, dual 2.8 GHz. 2.5GB RAM, nVidia GF 9500GT 1GB. SATA 500GB + 80GB. Philips 17" LCD Monitor. Micronet ADSL Modem only. Saitek Cyborg Evo Force. FS 2004 + FSX. Briggs and Stratton Petrol Lawn Mower...Motor Bikes. Gas Cooker... and lots of musical instruments!.... ...!
Yamaha MO6,MM6,DX7,DX11,DX21,DX100,MK100,EMT10,PSR400,PSS780,Roland GW-8L v2,TR505,Casio MT-205,Korg CX3v2 dual manual,+ Leslie 760,M-Audio Prokeys88,KeyRig,Cubase,Keyfax4,Guitars,Orchestral,Baroque,Renaissance,Medieval Instruments.

Back to top

IP Logged

Reply #3 - Jun 10^th, 2010 at 7:07pm

aussiewannabe Offline
Colonel
Directive!

Posts: 2541

Fozzer wrote on Jun 10^th, 2010 at 2:54pm:

P.S. My Hard drives, etc, were clear of anything dangerous..UNTIL...I installed the above program!

Huh? Where did you install it? This is for flash drives.

Paul, I can assure you the program is safe. Been using for several years now.

As to your virus program, I'm not sure what is happening to your PC as it relates to the autorun.inf folder. I don't want to discuss what I think what it could be as I'm no computer expert. If I do, I run the risk of be scolded by those who know.

I can tell you this: My autorun.inf files on my drives are disabled for the purpose of preventing viruses to be planted on them. It's added protection. It doesn't bother me to go into a CD and manually click on the run/install exe file.

Back to top

IP Logged

Reply #4 - Jun 10^th, 2010 at 8:24pm

a1 Offline
Colonel
Tied In A Knot I Am

Gender:
Posts: 8217

I will comment relating to the above posts at a later time but for now...

Whenever I open up AVG virus vault I get an error where AVG freezes. I am attempting to uninstall the version I have and download the full version online. I will then activate the full version using my old product key. Tell me if that should work.

Reformatting my USB drive. Apparently whenever I open up the drive I get:

sYstem.EXe error

I am assuming it has infected that process. What should I do?

790i : QX9650 : 4Gb DDR3 : GeForce 8800 GTX : 1 WD Raptor : 1 WD VelociRaptor 150

Back to top

IP Logged

Reply #5 - Jun 10^th, 2010 at 8:28pm

a1 Offline
Colonel
Tied In A Knot I Am

Gender:
Posts: 8217

I have created an AVG Rescue CD and running it now. I am currently scanning my C: drive and my USB Drive.

Lets hope whatever it is gets found and taken care of.

790i : QX9650 : 4Gb DDR3 : GeForce 8800 GTX : 1 WD Raptor : 1 WD VelociRaptor 150

Back to top

IP Logged

Reply #6 - Jun 10^th, 2010 at 9:16pm

a1 Offline
Colonel
Tied In A Knot I Am

Gender:
Posts: 8217

No type of scan can find anything infected or wrong.

I have noticed that the "System" process runs at around 90,000K.

EDIT: On Safe Mode the process only registers around 290K

790i : QX9650 : 4Gb DDR3 : GeForce 8800 GTX : 1 WD Raptor : 1 WD VelociRaptor 150

Back to top

IP Logged

Reply #7 - Jun 10^th, 2010 at 9:47pm

aussiewannabe Offline
Colonel
Directive!

Posts: 2541

a1 wrote on Jun 10^th, 2010 at 8:24pm:

Reformatting my USB drive. Apparently whenever I open up the drive I get:

sYstem.EXe error

I am assuming it has infected that process. What should I do?

Google system.exe error. Based on what I briefly looked at, system.exe is shown to be a virus.

I'm afraid I can't continue helping you with your problem. From what you indicated in your original thread, I thought I had something that would be beneficial to you. It's been a big help to me when my USB drive got infected the first time.

I hope someone with the right experience will step up to the plate and help you fix the problem.

Back to top

IP Logged

Reply #8 - Jun 10^th, 2010 at 10:32pm

a1 Offline
Colonel
Tied In A Knot I Am

Gender:
Posts: 8217

What makes me nervous is that none of the resources I have can detect and solve my issue.

The only symptom I can confirm is that it runs on high memory. It apparently does not do anything else. No new programs have been installed. The process seems to be there already but whatever is infecting my computer just modified it a bit.

790i : QX9650 : 4Gb DDR3 : GeForce 8800 GTX : 1 WD Raptor : 1 WD VelociRaptor 150

Back to top

IP Logged

	Search the archive: