Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected after downloading flash disinfector


  • Please log in to reply
24 replies to this topic

#1 rabidrun

rabidrun

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 27 May 2009 - 09:26 PM

immediately after downloading flash disinfector from the following website i got a message from norton av that i have a trojan horse virus from flash disinfector on the c drive. what's up with that? how to get rid of it?

http://download.bleepingcomputer.com/sUBs/...Disinfector.exe

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:08 PM

Posted 27 May 2009 - 10:26 PM

Most likely the infection is in the flash drive. But I will have the link checked now.
What name did it give it?
Can you post the Path of the infection or the portion of the Norton Scan that showed it.


Now run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Edited by boopme, 27 May 2009 - 10:34 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 rabidrun

rabidrun
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 28 May 2009 - 02:31 PM

i already have malwarebytes installed. ran it just now & it showed no malicious items detected on anything.

norton av shows that filename of Trojan Horse virus that appeared IMMEDIATELY after I downloaded flash disinfector from the link i provided yesterday was:
Flash_Disinfector[1].exe

norton av shows the current location on of virus is:
c:\Documents and Settings\lele\Local Settings\Temporary Internet Files\Content.IE5\6WJZOKA2\

what next?

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:08 PM

Posted 28 May 2009 - 07:33 PM

Hi I have scanned the file and it is clean.
False positive with Flash_Disinfector.exe

from Yo kenny topic at Avira

Quoted The file 'Flash_Disinfector.exe' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection will not be removed due to the fact that the file contains unencrypted malicious patterns. This is an indicator that a legitimate detection or removal program did not encrypt parts that are used to identify malicious content. Please contact the manufacturer of this file.


Apparently, sUBs, the author of the program, did not encrypt the malicious code within the removal program, and hence this detection.

http://forum.avira.com/wbb/index.php?page=...p;postID=748062



MBam is at version 1.37 now so you may need to update.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 rabidrun

rabidrun
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 28 May 2009 - 08:51 PM

why does norton av tell me that i am infected immediately after i downloaded flash disinfector from bleeping computer site? how do i fix this problem? is it safe to log back onto that infected pc? thanks

#6 rabidrun

rabidrun
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 28 May 2009 - 08:58 PM

one more quick question. i have malwarebytes version 1.34. how do i update or remove old one?

#7 rabidrun

rabidrun
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 28 May 2009 - 09:09 PM

one more thing that puzzles me. i ran malwarebytes & norton av yesterday with the flash drive in the USB port just before i downloaded flash disinfector,& no problems were found in either. problem did not happen until immediately after i downloaded flash disinfector from bleeping computer site. what next?

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:08 PM

Posted 28 May 2009 - 10:00 PM

Let's run MBAM and get a log. The problem is the code used by the tool. It is recognized as malware by some scanners. It will be so till sUbs the author fixes it. The tools is good and the link clean. sUbs also wrote ComboFix.

Rerun MBAM like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan.
After scan click Remove Selected, Post new scan log and Reboot into normal mode.


Download and Run FlashDisinfector

You have a flash drive infection. These worms travel through your portable drives. If they have been connected to other machines, they may now be infected.
Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
Wait until it has finished scanning and then exit the program.
Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 rabidrun

rabidrun
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 30 May 2009 - 06:59 PM

ok, i downloaded 1.37 version of malwarebytes. thanks for direction how to do that. i did a quick scan on malwarebytes & no malicious items were detected. i do not track with your instructions to "remove selected" after scan. i did "remove" 5/30/09 scan under logs tab---is this what you meant? I have copied & pasted the log of 5/30/09 here:
Malwarebytes' Anti-Malware 1.37
Database version: 2198
Windows 5.1.2600 Service Pack 2

5/30/2009 7:33:45 PM
mbam-log-2009-05-30 (19-33-45).txt

Scan type: Quick Scan
Objects scanned: 86466
Time elapsed: 13 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

what is your read on norton av find of trojan horse virus on c drive immediately after downloading flash disinfector? thanks!

#10 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,962 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:08 PM

Posted 30 May 2009 - 07:12 PM

Hello rabidrun,

Let me phrase what boopme said in a different way. Norton, as do most AV products, has what is called Real-Time detection. As you downloaded the file, Norton flagged something in the file as it was downloading. It is what is called a false positive. In other words, there is no infection.

There are a number of special security products that will be flagged by other security programs because they contain tools that can be used for both legitimate and malicious purposes, just like a knife. The AV product doesn't know the purpose. From what boopme quoted, that isn't the reason why the file is being flagged in this case.

Another cause of false positives is the fact that security products will contain definition files and so forth of malicious files in order to detect them. If those files and so forth are not encrypted, security programs will flag it as malicious. For example, when I had AVAST installed, when I would download the definition files for a Panda Online scan, AVAST would detect and delete 2 or 3 files as viruses because Panda did not encrypt the definition files. Without those files, the security program cannot work. From what boopme quoted, this is the kind of false positive in this case.

Orange Blossom :thumbsup:

Edited by Orange Blossom, 30 May 2009 - 07:15 PM.
Added final sentence. ~ OB

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#11 rabidrun

rabidrun
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 30 May 2009 - 07:55 PM

orange blossom & boopme, so you're telling me that based on the malwarebytes log i posted in earlier message today, my pc nor my thumb drives are infected?

i was pretty sure i downloaded flash disinfector on 5/27/09 but now i cannot find the program under control panel, add or remove programs, or under start, programs. is it a hidden program? if not, sounds like i need to download it again.

#12 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,962 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:08 PM

Posted 30 May 2009 - 08:01 PM

What we are saying is that the Norton alert is a false positive and that that specific file is not an infection nor malicious. Do you have any reason, besides the one Norton alert, to think that you are infected? Are you receiving pop-ups, redirections etc.?

Flash Disinfector does not install, so it won't appear in Add Remove programs. You will find it in the folder you downloaded it to.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#13 rabidrun

rabidrun
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 30 May 2009 - 09:16 PM

thanks orange blossom. back in february I downloaded flash disinfector & the program icon was shown on "my computer" screen. then during a norton av scan i got message i had downloader virus w/ file name autorun.exe located on the thumb drive & norton had quarantined it. i later removed the program flash disinfector. on 5/27/09 i downloaded flash disinfector but there is no icon on "my computer." does this mean the program is not downloaded on pc?

when i first downloaded malwarebytes in february it found 2 registry keys were infected. & I believe it confined them.

#14 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,962 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:08 PM

Posted 30 May 2009 - 09:38 PM

I downloaded flash disinfector & the program icon was shown on "my computer" screen. then during a norton av scan i got message i had downloader virus w/ file name autorun.exe located on the thumb drive


A couple questions here for clarification:

When you downloaded Flash Disinfector at that time, did you download it to your Thumbdrive?

Did you receive the Norton message before or after you downloaded Flash disinfector in February?

5/27/09 i downloaded flash disinfector but there is no icon on "my computer." does this mean the program is not downloaded on pc?


I don't know. I've not seen a program icon before in "My Computer". I always tell my computer where to download things. Do you remember where you downloaded it to this time? Did you give the computer any instructions?

You could do a search for it this way:

Start ==> Search

Choose to search in all files and folders, then type in the program name. If it doesn't find it, it isn't there.

Orange Blossom :thumbsup:

Edited by Orange Blossom, 30 May 2009 - 09:40 PM.
Grammar

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#15 rabidrun

rabidrun
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 30 May 2009 - 11:30 PM

i did a search on pc & didn't find flash disinfector program so will download again.

in response to your questions, i ran norton av right after i installed flash disinfector in february, & that's when i got the notice from norton that i dad a downloader virus (autorun.exe) on the thumb drive & norton had quarantined it.

not sure what you are asking about downloading flash disinfector to my thumb drive & not sure i remember what i did.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users