From what you describe, it appears to be a USB flash drive infection
which usually involve malware that modifies and loads an autorun.inf
(text-based configuration) file into the root folder of all drives
(internal, external, removable) along with a malicious executable. When removable media such as a CD/DVD is inserted (mounted), autorun
looks for autorun.inf and automatically executes the malicious file to run silently on your computer. In USB drives, it modifies Windows Explorer's right-click context menu (adds a new default command) and redirects to executing the malicious file if the "Open" command is used or double-clicking on the drive icon. When a flash drive becomes infected, the Trojan will infect a system when the removable media is inserted if autorun has not been disabled. To learn more about this risk, please read:
Please download Panda USB and AutoRun Vaccine
and save it to your desktop.alternate download link 1alternate download link 2
Note: Computer Vaccination will prevent any AutoRun file from running, regardless of whether the removable device is infected or not. USB Vaccination disables the autorun file so it cannot be read, modified or replaced by malicious code. The Panda Resarch Blog advises that once USB drives have been vaccinated, they cannot be reversed except with a format. If you do this, be sure to back up your data files first or they will be lost during the formatting process.
- Extract (unzip) the file to your desktop and a folder named USBVaccine will be created.
- Open that folder and double-click on USBVaccine.exe to start the program.
- Click Run.
- Click the button to Vaccinate computer..
- Hold down the Shift key and insert your USB flash drive.
- When the name of the drive appears in the dialog box, click the button to Vaccinate USB drive(s).
- Exit the program when done
Please download Norman Malware Cleaner
and save to your desktop.alternate download link
Note: For usb flash drives and/or other removable drives to scan, use the Add button to browse to the drives location, click on the drive to highlight and choose Ok.
- Be sure to print out the instructions provided on the same page.
- Restart your computer in "Safe Mode".
- Double-click on Norman_Malware_Cleaner.exe to start the program.
- Read the End User License Agreement and click the Accept button to open the scanning window.
- Click Start Scan to begin.
- In some cases Norman Malware Cleaner may require that you restart the computer to completely remove an infection. If prompted, reboot and run the tool again to ensure that all infections are removed.
- After the scan has finished, a log file with the date (i.e. NFix_2009-06-22_07-08-56.log) will be created on your desktop with the results.
Then rescan again with Malwarebytes Anti-Malware, but this time perform a Full Scan
in normal mode and check all items found for removal. Don't forgot to check for database definition updates
through the program's interface (preferable method
) before scanning and to reboot afterwards. Failure to reboot normally
(not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs
tab and copy/paste the contents of the new report in your next reply.