From what you describe, it appears to be a USB flash drive infection
which usually involve malware that modifies and loads an autorun.inf
(text-based configuration) file into the root folder of all drives
(internal, external, removable) along with a malicious executable. When removable media such as a CD/DVD is inserted (mounted), autorun
looks for autorun.inf and automatically executes the malicious file to run silently on your computer. In USB drives, it modifies Windows Explorer's right-click context menu (adds a new default command) and redirects to executing the malicious file if the "Open" command is used or double-clicking on the drive icon. When a flash drive becomes infected, the Trojan will infect a system when the removable media is inserted if autorun has not been disabled. To learn more about this risk, please read:
Please download Panda USB and AutoRun Vaccine
and save it to your desktop.alternate download link 1alternate download link 2
Note: Computer Vaccination will prevent any AutoRun file from running, regardless of whether the removable device is infected or not. USB Vaccination disables the autorun file so it cannot be read, modified or replaced and creates an AUTORUN_.INF as protection against malicious code. The Panda Resarch Blog advises that once USB drives have been vaccinated, they cannot be reversed except with a format. If you do this, be sure to back up your data files first or they will be lost during the formatting process.
- Double-click on USBVaccineSetup.exe to install the program to C:\Program Files\Panda USB Vaccine.
- Read and accept the license agreement, then click Next.
- When setup completes, make sure "Launch Panda USB Vaccine" is checked and click Finish to open the program.
- Click the Vaccinate computer button. It should now show a green checkmark and confirm Computer vaccinated.
- Hold down the Shift key and insert your USB flash drive.
- When the name of the drive appears in the dialog box, click the button to Vaccinate USB drive(s).
- Exit the program when done
As for the machine with virut.Caution
: If you are considering backing up data and reformatting, keep in mind, with a Virut infection
, there is always a chance of backed up data reinfecting your system. If the data is that important to you, then you can try to salvage some of it but there is no guarantee
so be forewarned that you may have to start over again afterwards if reinfected by attempting to recover your data. Only back up your important documents, personal data files, photos to a CD or DVD drive, not a flash drive or external hard drive as they may become compromised in the process. The safest practice is not to backup
any executable files (*.exe), screensavers (*.scr), autorun (.ini) or script files (.php, .asp, .htm, .html, .xml ) files because they may be infected by malware. Avoid backing up compressed files (.zip, .cab, .rar) that have executable files inside them as some types of malware can penetrate and infect .exe files within compressed files too. Other types of malware may even disguise itself by adding and hiding its extension to the existing extension of file(s) so be sure you look closely at the full file name. After reformatting, scan the backed up data with your anti-virus prior to
to copying it back to your hard drive.
If your CD/DVD drive is unusable, another word of caution if you are considering backing up to an external usb hard drive as your only alternative. External drives are more susceptible to infection and can become compromised in the process of backing up data
. I'm not saying you should not try using such devices but I want to make you aware of all your options and associated risks so you can make an informed decision if its worth that risk.
Again, do not
back up any data with the following file extensions: exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.
If you're not sure how to reformat or need help with reformatting, please review:
These links include step-by-step instructions with screenshots:Vista users
can refer to these instructions:
Don't forget you will have to go to Microsoft Update
and apply all Windows security patches after reformatting.Note: If you're using an IBM, Sony, HP, Compaq or Dell machine, you may not have an original XP CD Disk. By policy Microsoft no longer allows OEM manufactures to include the original Windows XP CD-ROM on computers sold with Windows preinstalled. Instead, most computers manufactured and sold by OEM vendors come with a vendor-specific Recovery Disk or Recovery Partition for performing a clean "factory restore" that will reformat your hard drive, remove all data and restore the computer to the state it was in when you first purchased it. See Technology Advisory Recovery Media. If the recovery partition has become infected, you will need to contact the manufacturer, explain what happened and ask them to send full recovery disks to use instead.
If you need additional assistance with reformatting or partitioning, you can start a new topic in the Windows XP Home and Professional forum