Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Flash drive virus?


  • Please log in to reply
14 replies to this topic

#1 3ric

3ric

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:30 PM

Posted 01 November 2010 - 03:45 PM

Hello,

When I plugged my flash drive into my linux machine I saw two files that were not on the flash drive the last time I used it. There was a folder named "ReCycLEr" and a file called "autorun.inf" that had references in it to "ReCycLEr". I deleted these, unplugged my flash drive and plugged it back in. When I looked on the flash drive, the files were no longer there. I then plugged it back into my Windows machine, and the files were still gone. I unplugged it from my Windows machine and plugged it back into my Linux machine, the files were there again. I assume this is some sort of virus... does anyone have any advice? Thanks.

BC AdBot (Login to Remove)

 


#2 Sightless

Sightless

  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Up in the Clouds
  • Local time:10:30 PM

Posted 01 November 2010 - 04:13 PM

To be done on your windows computer:

Download and Run FlashDisinfector

You may have a flash drive infection. These worms travel through your portable drives. If they have been connected to other machines, they may now be infected.
  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
    Note: Some security programs will flag Flash_Disinfector as being some sort of malware, you can safely ignore these warnings
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.

Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it.

  • Before saving any of your security programs, rename them first. For example, before you save Malwarebytes', rename it to something like MBblah.exe and then click on Save and save it to your desktop. Same thing after you install it. Before running it, rename the main executable file first

    Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

    If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run..
  • Another work around is by not using the mouse to install it, Just use the arrow keys, tab, and enter keys.



Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here or here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.
For a complete visual tutorial of MBAM, see http://thespykiller.co.uk/index.php/topic,5946.0.html

Please include the following in your reply:
MBAM log

#3 3ric

3ric
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:30 PM

Posted 02 November 2010 - 08:17 AM

Here is the log report:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5021

Windows 5.1.2600 Service Pack 3, v.3311
Internet Explorer 7.0.5730.13

11/2/2010 9:16:12 AM
mbam-log-2010-11-02 (09-16-12).txt

Scan type: Quick scan
Objects scanned: 235176
Time elapsed: 17 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{98zvd5c0-4fcb-11cf-aax5-81cx1c635612} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\RECYCLER\S-1-5-21-1482276501-1663491937-6831267430-1013\svchost.exe (Generic.Bot.H) -> Delete on reboot.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,964 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:30 PM

Posted 02 November 2010 - 09:31 AM

Now rescan again with Malwarebytes Anti-Malware, but this time perform a Full Scan in normal mode and check all items found for removal. Don't forgot to check for database definition updates through the program's interface (preferable method) before scanning and to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.


Please download TFC (Temp File Cleaner) by Old Timer and save it to your desktop.
alternate download link
  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • TFC will clear out all temp folders for all user accounts (temp, IE temp, Java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
Note: It is normal for the computer to be slow to boot after running TFC cleaner the first time.


Please download and scan with Dr.Web CureIt - alternate download link.
Follow these instructions for performing a scan in "safe mode".
If you cannot boot into safe mode or complete a scan, then try doing it in normal mode. Be aware, this scan could take a long time to complete.
-- Post the log in your next reply. If you can't find the log, try to write down what was detected/removed before exiting Dr.WebCureIt so you can provide that information.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 3ric

3ric
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:30 PM

Posted 02 November 2010 - 10:12 AM

What should I do with my flash drive after this? Toss it? Also, here are the results of the second scan:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5021

Windows 5.1.2600 Service Pack 3, v.3311
Internet Explorer 7.0.5730.13

11/2/2010 10:33:23 AM
mbam-log-2010-11-02 (10-33-23).txt

Scan type: Full scan (C:\|E:\|)
Objects scanned: 268569
Time elapsed: 1 hour(s), 8 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by 3ric, 02 November 2010 - 10:21 AM.


#6 3ric

3ric
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:30 PM

Posted 02 November 2010 - 10:35 AM

Also, I can't use Dr.WebCureIt because I am on an office computer (I'm in the IT Dept.)

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,964 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:30 PM

Posted 02 November 2010 - 10:55 AM

Since you say this is a work computer, normally I would instruct you to contact the IT Dept. Our forums are set up to help the home computer user deal with issues and questions relating to personal computers. But since that appears to be you, try this instead.

Please download Norman Malware Cleaner and save to your desktop.
alternate download link
Note: If you previously used Norman, delete that version and download it again as the tool is frequently updated!
  • Be sure to read all the information Norman provides on that same page.
  • Double-click on Norman_Malware_Cleaner.exe to start.
    The tool is very slow to load as it uses a special driver. This is normal so please be patient.
  • Read the End User License Agreement and click the Accept button to open the scanning window.
  • Click Start Scan to begin.
  • In some cases Norman Malware Cleaner may require that you restart the computer to completely remove an infection. If prompted, reboot to ensure that all infections are removed.
  • After the scan has finished, a log file a log file named NFix_date_time (i.e. NFix_2009-06-22_07-08-56.log) will be created on your desktop with the results.
  • Copy and paste the contents of that file in your next reply.
-- Note: If you need to scan usb flash drives and/or other removable drives, use the Add button to browse to the drives location, click on the drive to highlight and choose Ok.

Another alternative if you cannot use the Internet or download any required programs to the infected machine, is to download from another computer. Save to a flash (usb, pen, thumb, jump) drive or CD, transfer to the infected machine, then install and run the program(s).
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 3ric

3ric
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:30 PM

Posted 02 November 2010 - 02:25 PM

Norman is still scanning, but I just saw something that scared me... it says "Deleted File: C:\RECYCLER\S-1-5-21-1802044207-4209452611-908424027-1673\Dc86.exe
I cannot see this folder at all, and I am assuming it has something to do with the virus on the flash drive... Is there a way I can delete this (C:/RECYCLER)? Thanks.

Edited by 3ric, 02 November 2010 - 02:28 PM.


#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,964 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:30 PM

Posted 02 November 2010 - 02:47 PM

The RECYCLER folder contains a Recycle Bin directory for each registered user on the computer, sorted by their security identifier (SID) and is hidden by default. Although the RECYCLER folder contains legitimate files, it is also a known hiding place for some types of malware. Let Norman complete its scan and disinfection process which should remove the malware.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 3ric

3ric
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:30 PM

Posted 02 November 2010 - 03:29 PM

Here is the log from the Norman scan:
Norman Malware Cleaner
Version 1.8.2
Copyright © 1990 - 2010, Norman ASA. Built 2010/11/01 20:24:34

Norman Scanner Engine Version: 6.06.07
Nvcbin.def Version: 6.06.00, Date: 2010/11/01 20:24:34, Variants: 7945151

Scan started: 2010/11/02 12:08:25

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 3, v.3311
Logged on user: UCSC\egross

Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\WINDOWS\system32\userinit.exe" -> "C:\WINDOWS\System32\userinit.exe,"
Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = " lqwpzj.dll , " -> ""
Changed service configuration for "wuauserv" from 0x00000004 and 0x00000001 to 0x00000002 and 0xFFFFFFFF
Started service "wuauserv"

Scanning kernel...

Kernel scan complete


Scanning bootsectors...

Number of sectors found: 2
Number of sectors scanned: 2
Number of sectors not scanned: 0
Number of infections found: 0
Number of infections removed: 0
Total scanning time: 1s 515ms


Scanning running processes and process memory...

Number of processes/threads found: 2755
Number of processes/threads scanned: 2755
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 15m 1s


Scanning file system...

Scanning: prescan

Scanning: C:\*.*

C:\Program Files\Mozilla Firefox\MSPAINT.EXE (Infected with W32/Smalltroj.UQHU)
Deleted file

C:\RECYCLER\S-1-5-21-1802044207-4209452611-908424027-1673\Dc86.EXE (Infected with W32/Smalltroj.UQHU)
Deleted file

Scanning: E:\*.*

Scanning: postscan


Running post-scan cleanup routine:

Number of files found: 379465
Number of archives unpacked: 7835
Number of files scanned: 379461
Number of files not scanned: 4
Number of files skipped due to exclude list: 0
Number of infected files found: 2
Number of infected files repaired/deleted: 2
Number of infections removed: 2
Total scanning time: 3h 51m 25s

Edited by 3ric, 02 November 2010 - 03:29 PM.


#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,964 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:30 PM

Posted 02 November 2010 - 04:23 PM

How is your computer running now? Are there any more signs of infection.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 3ric

3ric
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:30 PM

Posted 03 November 2010 - 08:22 AM

How is your computer running now? Are there any more signs of infection.


The flash drive no longer has the RECYCLER or AUTORUN file on it, but it does have a folder called AUTORUN.INF (Created by the Flash Disinfector program. Should I toss the flash drive? Is it okay to use again? Is there any way to determine if my computer is completely cleaned? Thanks so much for all the help :thumbsup:

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,964 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:30 PM

Posted 03 November 2010 - 08:54 AM

Flash_Disinfector will create a hidden "dummy" autorun folder/file with special permissions in each partition and every external drive that was connected when the tool was run. Do not delete this folder as it helps to prevent the installation of a malicious autorun.ini file on the root drive and executing other malicious files which can infect the computer. Please read About Flash Disinfector by Papakid and USB/Flash Drive Safety by TheJoker.

As technology progresses, malware writers look for ways to circumvent existing security tools and fixes. IMO, the safest and surest way to ensure a previously infected usb drive has been cleaned is to reformat it.After reformating, you can inoculate it. The easiest way for users to inoculate a USB flash drive is to create a Read-only folder on the drive, name it autorun.inf and set file permissions to restrict changes as described by Trend Micro in How to Maximize the Malware Protection of Your Removable Drives. This folder will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and executing malicious files.

As an alternative, you can download and use Panda USB Vaccine which allows for computer and usb vaccination.
  • Computer Vaccination will prevent any AutoRun file from running, regardless of whether the removable device is infected or not.
  • USB Vaccination disables the autorun file so it cannot be read, modified or replaced and creates a hidden AUTORUN_.INF on the flash drive partition as protection against malevolent code by preventing a malicious autorun file from being installed. The Panda Resarch Blog advises that once USB drives have been vaccinated, they cannot be reversed except with a format. If you do this, be sure to back up your data files first or they will be lost during the formatting process.
Autorun Eater and Autorun USB Virus Finder are tools which can be used to assist in the removal of any suspicious 'autorun.inf' files they find.


If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Posted Image > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 3ric

3ric
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:10:30 PM

Posted 03 November 2010 - 09:00 AM

Flash_Disinfector will create a hidden "dummy" autorun folder/file with special permissions in each partition and every external drive that was connected when the tool was run. Do not delete this folder as it helps to prevent the installation of a malicious autorun.ini file on the root drive and executing other malicious files which can infect the computer. Please read About Flash Disinfector by Papakid and USB/Flash Drive Safety by TheJoker.

As technology progresses, malware writers look for ways to circumvent existing security tools and fixes. IMO, the safest and surest way to ensure a previously infected usb drive has been cleaned is to reformat it.

After reformating, you can inoculate it. The easiest way for users to inoculate a USB flash drive is to create a Read-only folder on the drive, name it autorun.inf and set file permissions to restrict changes as described by Trend Micro in How to Maximize the Malware Protection of Your Removable Drives. This folder will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and executing malicious files.

As an alternative, you can download and use Panda USB Vaccine which allows for computer and usb vaccination.
  • Computer Vaccination will prevent any AutoRun file from running, regardless of whether the removable device is infected or not.
  • USB Vaccination disables the autorun file so it cannot be read, modified or replaced and creates a hidden AUTORUN_.INF on the flash drive partition as protection against malevolent code by preventing a malicious autorun file from being installed. The Panda Resarch Blog advises that once USB drives have been vaccinated, they cannot be reversed except with a format. If you do this, be sure to back up your data files first or they will be lost during the formatting process.
Autorun Eater and Autorun USB Virus Finder are tools which can be used to assist in the removal of any suspicious 'autorun.inf' files they find.


If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Posted Image > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links:


System Restore is disabled on my computer, but I will definately reformate then create an AUTORUN.INF folder. I can't thank you enough for all of the help you have given me!

#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,964 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:30 PM

Posted 03 November 2010 - 09:31 AM

You're welcome.

:thumbsup: Tips to protect yourself against malware and reduce the potential for re-infection:

Keep Windows and Internet Explorer current with all critical updates from Microsoft which will patch many of the security holes through which attackers can gain access to your computer. If you're not sure how to do this, see Microsoft Update helps keep your computer current.

Avoid gaming sites, porn sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs (i.e. Limewire, eMule, uTorrent). They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Malicious worms, backdoor Trojans IRCBots, and rootkits spread across P2P file sharing networks, gaming, porn and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. Porn sites can lead to the Trojan.Mebroot MBR rootkit and other dangerous malware. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.Beware of Rogue Security software as they are one of the most common sources of malware infection. They infect machines by using social engineering and scams to trick a user into spending money to buy a an application which claims to remove malware. For more specific information on how these types of rogue programs install themselves and spread infections, read How Malware Spreads - How did I get infected.

Keeping Autorun enabled on USB (pen, thumb, jump) and other removable drives has become a significant security risk as they are one of the most common infection vectors for malware which can transfer the infection to your computer. To learn more about this risk, please read:Many security experts recommend you disable Autorun as a method of prevention and to Maximize the Malware Protection of your Removable Drives. Microsoft recommends doing the same.

Security Advisory (967940): Update for Windows Autorun...Disabling Autorun functionality can help protect customers from attack vectors that involve the execution of arbitrary code by Autorun when inserting a CD-ROM device, USB device, network shares, or other media containing a file system with an Autorun.inf file...

Change all passwords: Anytime you encounter a malware infection on your computer, especially if that computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay, paypal and any online activities which require a username and password. You should consider them to be compromised and change passwords as a precaution in case an attacker was able to steal your information when the computer was infected. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again.

Security Resources from Microsoft:Other Security Resources:Browser Security Resources:Finally, if you need to replace your anti-virus, firewall or need a reliable anti-malware scanner please refer to:

Edited by quietman7, 03 November 2010 - 09:40 AM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users