Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Security Engineer Hacks Hotel WiFi, Fined for Exposing Admin Password

Featured Deal: Get 92% off The Complete Cisco Network Certification Training Bundle

Photo

Trojan Horse Generic12.YAO

Started by CobraCommander , Jan 16 2009 02:28 AM

  • Please log in to reply
6 replies to this topic

#1 CobraCommander

CobraCommander

  • Members
  • 6 posts
  • OFFLINE
    •  
  • Local time:02:24 PM

Posted 16 January 2009 - 02:28 AM

I plugged in my external USB hard drive and when I double click the drive icon I get an access denied warning, and AVG shows a pop up saying that Ive been infected with the Generic12.YAO trojan. I then proceed to heal the infected file. When I try to access the drive again, I still get the access denied warning but no warning about the trojan. I can still access the drive by right-clicking and choosing explore.

I ran a full system scan with AVG which showed no viruses or trojans are on my computer. I then ran MalwareBytes' Anti-Malware program and AVG popped up showing that I was infected with the same trojan. I healed it again and Anti-Malware showed no infected files. I still can't access the drive when double-clicking the icon.

Here's a pic of the AVG warning that came up while running Anti-Malware:
Posted Image

Thanks for any help.

Edited by CobraCommander, 16 January 2009 - 02:28 AM.

BC AdBot (Login to Remove)

 

#2 buddy215

buddy215

  • Moderator
  • 13,262 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:24 PM

Posted 16 January 2009 - 10:13 AM

The file location shown in the image you posted is "system restore".
You can remove what AVG is reporting by deleting all restore points. Instructions on how to do that are
in the links below. Be sure to reset system restore after removing the restore points.

XP guide
http://www.bleepingcomputer.com/tutorials/windows-xp-system-restore-guide/
Vista guide
http://www.bleepingcomputer.com/tutorials/windows-vista-system-restore-guide/

You should also permanently delete the items in AVG's quarantine "safe" or whatever they call it.
If AVG reports the same problem again, you should run an online scan with Kaspersky online scanner. Instructions for using it are in the link below. Post back with what Kaspersky finds if you use it.
http://www.bleepingcomputer.com/forums/ind...t&p=1045589
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 CobraCommander

CobraCommander
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
    •  
  • Local time:02:24 PM

Posted 17 January 2009 - 02:07 AM

Thanks for replying.

I did what you posted and scanned again with AVG without any warnings of viruses/trojans.

However, I still can't access my usb drive through double clicking.

#4 buddy215

buddy215

  • Moderator
  • 13,262 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:24 PM

Posted 17 January 2009 - 06:41 AM

Did you allow MBAM or AVG to scan the external drive for malware?
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 CobraCommander

CobraCommander
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
    •  
  • Local time:02:24 PM

Posted 17 January 2009 - 10:29 PM

Oops. I should have thought about that.

I scanned the drive with AVG and it detected worm/autorun.inf/Autorun.EK.

I removed it and when i reinstalled the drive I scanned again with AVG and MBAM with no infections detected. Normal use of the drive has also been restored.

Btw, is the most likely cause of the worm from the USB drive itself? My brother did borrow the drive from me awhile ago and only yesterday did I install it.

Thanks for all the help! :thumbsup:

#6 buddy215

buddy215

  • Moderator
  • 13,262 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:24 PM

Posted 18 January 2009 - 04:55 AM

Yep, your brother's computer is likely infected as well.
Read the info in the links below.
http://www.bleepingcomputer.com/forums/ind...t&p=1082754
http://miekiemoes.blogspot.com/2008/11/ple...torun-asap.html
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 CobraCommander

CobraCommander
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
    •  
  • Local time:02:24 PM

Posted 18 January 2009 - 04:47 PM

Thanks for the additional info.
Back to Am I infected? What do I do?


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Am I infected? What do I do?
  4. Privacy Policy
  5. Rules ·