Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

autorun and system files


  • Please log in to reply
3 replies to this topic

#1 ltdave

ltdave

  • Members
  • 268 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 07 December 2008 - 09:23 PM

so my flash drive, my camera memory chip, my A: drive diskette and im sure everything else ive plugged into my pc has a TXT file named Autorun and some sort of file called Setup on them!

i 'deleted' them from my flash drive but they pop right back on, the same with my camera chip...

i went so far as to format my camera chip in the camera but it either is still there or it got reinfected when i checked it on the pc...

i apparently still have an infection on the pc...

HELP!

BC AdBot (Login to Remove)

 


#2 TSalarek

TSalarek

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Kentucky and Florida, USA
  • Local time:07:57 PM

Posted 09 December 2008 - 12:07 AM

followed your profile link, checked all the other threads...

You have Zlob. it's a blended threat of trojan and worm characteristics and it is Anti-malware's Public Enemy #1. It is closely related to Vundo and to conhook and some previous incarnations spun off into Zotob and Mytomb.

to get MBAM up and running: MBAM won run @ BC w/link to MBAM support

Antivirus 2009 @ MBAM Support with link back to BC ;)

BC Forum w/zlob info links in post #8

Edited by TSalarek, 09 December 2008 - 12:12 AM.


#3 scff249

scff249

    Indecisive Lurker


  • Members
  • 1,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:06:57 PM

Posted 09 December 2008 - 12:32 AM

I don't think zlob is associated with autorun.inf infections. Normally, IIRC, they're associated with things like the amvo worm (among others that I don't know about), which are flash drive related.

Of course, I could be wrong about that as well...hopefully, one of the staff members can help answer that one (it's been a while since I've looked at a log with a flash drive infection).

"Ototo'i wa usagi o mita no...Kino wa shika...Kyo wa anata." -Kotomi Ichinose (Clannad) [see below for translation]
"Day before yesterday I saw a rabbit, and yesterday a deer, and today, you." -The Dandelion Girl
"You are not alone, and you are not strange. You are you, and everyone has damage. Be the better person." -Katawa Shoujo


#4 TSalarek

TSalarek

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Kentucky and Florida, USA
  • Local time:07:57 PM

Posted 09 December 2008 - 01:49 PM

I don't think zlob is associated with autorun.inf infections. Normally, IIRC, they're associated with things like the amvo worm (among others that I don't know about), which are flash drive related.

Of course, I could be wrong about that as well...hopefully, one of the staff members can help answer that one (it's been a while since I've looked at a log with a flash drive infection).


Assuming it's the same system thats been posted about, the symptoms alll ine up with Zlob/Zotob type infection. I followed his (?) profile link and read all the other posts just because I wasn't sure about flash myself.

When you consider that modern flash drives have an independant WIN compatable OS installed then contagion becomes not only possible but likely.

Try the tips for MBAM and see if that gets it up and running; it's quite effective against Vundo variants and the protions of Zlob they source from.

Baring all else, run HijackThis and post the log here

Edited by TSalarek, 09 December 2008 - 01:53 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users