Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

help pls. cold\hott\traymgr.exe


  • Please log in to reply
4 replies to this topic

#1 jerdict

jerdict

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 08 October 2009 - 05:52 AM

Hello

can anyone help me how to remove this from my psp memstick?

it is also the last file scanned by my anti virus, but it wasn't deleted. my memstick now also have auTORUN.inf

i already used several removal tools, antivirus, malwarebytes.

when i delete the whole folder and the auTORUN.inf it just keeps coming back.

Thanks in Advance

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,961 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:41 AM

Posted 08 October 2009 - 11:43 AM

From what you describe, it appears to be a USB flash drive infection which usually involve malware that modifies and loads an autorun.inf (text-based configuration) file into the root folder of all drives (internal, external, removable) along with a malicious executable. When removable media such as a CD/DVD is inserted (mounted), autorun looks for autorun.inf and automatically executes the malicious file to run silently on your computer. In USB drives, it modifies Windows Explorer's right-click context menu (adds a new default command) and redirects to executing the malicious file if the "Open" command is used or double-clicking on the drive icon. When a flash drive becomes infected, the Trojan will infect a system when the removable media is inserted if autorun has not been disabled. To learn more about this risk, please read:Please download Panda USB and AutoRun Vaccine and save it to your desktop.
alternate download link 1
alternate download link 2
  • Extract (unzip) the file to your desktop and a folder named USBVaccine will be created.
  • Open that folder and double-click on USBVaccine.exe to start the program.
  • Click Run.
  • Click the button to Vaccinate computer..
  • Hold down the Shift key and insert your USB flash drive.
  • When the name of the drive appears in the dialog box, click the button to Vaccinate USB drive(s).
  • Exit the program when done
Note: Computer Vaccination will prevent any AutoRun file from running, regardless of whether the removable device is infected or not. USB Vaccination disables the autorun file so it cannot be read, modified or replaced by malicious code. The Panda Resarch Blog advises that once USB drives have been vaccinated, they cannot be reversed except with a format. If you do this, be sure to back up your data files first or they will be lost during the formatting process.

Please download Norman Malware Cleaner and save to your desktop.
alternate download link
  • Be sure to print out the instructions provided on the same page.
  • Restart your computer in "Safe Mode".
  • Double-click on Norman_Malware_Cleaner.exe to start the program.
  • Read the End User License Agreement and click the Accept button to open the scanning window.
  • Click Start Scan to begin.
  • In some cases Norman Malware Cleaner may require that you restart the computer to completely remove an infection. If prompted, reboot and run the tool again to ensure that all infections are removed.
  • After the scan has finished, a log file with the date (i.e. NFix_2009-06-22_07-08-56.log) will be created on your desktop with the results.
Note: For usb flash drives and/or other removable drives to scan, use the Add button to browse to the drives location, click on the drive to highlight and choose Ok.

Then rescan again with Malwarebytes Anti-Malware, but this time perform a Full Scan in normal mode and check all items found for removal. Don't forgot to check for database definition updates through the program's interface (preferable method) before scanning and to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 jerdict

jerdict
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 10 October 2009 - 02:29 AM

I'll give it a try.

Thanks.

Edited by jerdict, 10 October 2009 - 02:33 AM.


#4 jerdict

jerdict
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 10 October 2009 - 02:48 AM

why does when i used the panda usb vaccine, the memstick added an AUTORUN_.INF?

and i'm suspecting it became more infected with a virus.

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,961 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:41 AM

Posted 10 October 2009 - 07:18 AM

AUTORUN_.INF is created by Panda to protect your usb stick from flash drive infections.

Did you scan the drive yet?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users