Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware in my External HDD (known: juipio.exe others not found)


  • Please log in to reply
3 replies to this topic

#1 Joga!

Joga!

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 16 October 2009 - 10:53 PM

This topic is highly hypothetical. Mostly because I have another topic in the Malware removal forum, and intend to wait out the storm in my C:/ drive FIRST.

There is malware currently in my C:/, and I can either patiently wait for a reply, or reformat it!

The latter is seeming very attractive at the moment as I haven't reformatted it in a good 2 years now. HOWEVER. As mentioned, my external HDD is infected too! Probably by jumping ship from C:/ to E:/ when my external HDD was attached during the time of my infection (about 2 weeks ago).

Clearly, the best option is to clean both C:/ and E:/ with as little data destruction as possible (which is why I'm patiently waiting for a reply on my other topic).

BUT IN THE EVENT that perhaps my topic doesn't recieve feedback or takes longer than expected (I enlist in the Army in a week or so) I WILL reformat my computer - through no fault of BleepingComputer's for I know you are all very busy volunteers - I just want it to be good and ready for when I come back to it --

--IN THAT CASE, I want to ask how might it be possible to clean my external HDD without ruining my freshly reformatted computer? OR how can I clean both C:/ and E:/ simultaneously without needing to reformat either (after my E:/ is safe, I will reformat my C:/ though).

I do not want to reformat my E:/ drive. It holds every last copy of everything close to my computing needs.

I do, however intend to wait for a reply on how to clean both C:/ and E:/ on my other topic in the other forum branch for a while longer.

I suspect that cleaning out my infected E:/ is safer done THROUGH an infected computer. I don't know. I am a novice.

Things I have done:

- Disabled AUTOPLAY so that whatever was instantly jumping ship when connected doesn't move. OR IF IT STILL DOES MOVE: OH NO!
- Left my E:/ disconnected for a while now.
- Posted on behalf of my infected C:/ drive in another section of BleepingComputer - THIS IS WHERE I NOTICED MY E:/ WAS IN TROUBLE.


I am ready and willing to do anything suggested, and for reference's sake, ALL LOGS that I created rest here:
http://www.bleepingcomputer.com/forums/t/262567/trojan-and-infection-logs-and-requested-resolution/

I realised that I left out some steps outlined (creating Rootkit log and attaching ATTACH.txt) in that log. But I can no longer edit that topic!

This is my last cry for HEELPPP!

Manythanks,

Joga!

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:09:33 PM

Posted 17 October 2009 - 09:35 AM

Unfortunately, we cannot guarantee that your log post will be answered by the time you leave
With the infection you have it is possible the portable drive is infected also
Text documents more so than music and picture files

If you choose to reformat this application might help:


Please download
Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.
-------------------------------

What it does:

The vaccination is two fold. If the computer's autorun settings are enabled, then files can spread to any drive that's plugged in. If the drives themselves are vaccinated, all the tool does is prevent the autorun.inf file from executing any of the malicious content that may have been copied to the drive when it's plugged in.

In other words, say you vaccinate your USB drive. The tool writes an autorun.inf file that's harmless. When it's inserted in a computer that does not have autorun disabled, the computer will attempt to read and process the autorun.inf file from the inserted drive. If an infection that spreads to network or USB drives is present on the computer, the infection may very well succeed in putting the files on the drive, but they will not be able to overwrite the autorun.inf file and as such the files will not run without user input (i.e. actually clicking on them).

If the computer's infected and that infection tries to multiply to external drives, then yes, it'll likely copy some files to it. You could then remove those as they wouldn't be running automatically once the drive's inserted in another PC. Nothing you do will stop files from being copied over to an external drive if an infection of that type is present on the system. Well, technically you can prevent that by setting the write protect mode, but not every USB drive has one of those and it prevents writing anything to the drive.

Edited by garmanma, 17 October 2009 - 09:41 AM.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 Joga!

Joga!
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 19 October 2009 - 03:52 AM

Worked like a charm...with a little help from one of my friends well-versed in technology.

I'm going to close my other topic. I stupidly ran Malwarebytes, and it located every file I suspected and more! But after quarratnine, it seems as though I quarrantined files that were vital to my computer's functioning. It died when I tried to turn it on again the next day.

I reformatted, and ran the Disinfector (with my computer's Autoplay supposedly already disabled) - I (or it) managed to detect the files/worms and i canned them in AVG. I feel as though they're all no longer present in my external! So, in short, I have a clean computer, and a now (apparently) safely accessible backup drive.

You are in part, my saviour, sir.

Do I need to keep the Disinfector on my desktop whenever I access my external drive? Perhaps I should.

#4 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:09:33 PM

Posted 19 October 2009 - 07:29 PM

Do I need to keep the Disinfector on my desktop whenever I access my external drive? Perhaps I should.


It's a handy application
It's up to you
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users