Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

USB virus


  • Please log in to reply
1 reply to this topic

#1 Angwenna

Angwenna

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:40 PM

Posted 14 July 2011 - 08:22 AM

I have been infected with a USB virus. I am running Windows Vista.

The virus has currently infected my laptop, USB drives, and external hard drive. The virus turns all folders into shortcuts which activate Command Prompt when accessed. The virus also creates a new sub-folder in each infected folder, called RECYCLER (this is hidden). In that folder is an application with a long name consisting of random letters and numbers. This name occasionally resets itself. The most recent variation is 568672ECA45863F49FCEB79FF64DEC37.

My first step to fixing this problem was to run AutoRunExterminator, since it sounded like an autorun virus. After this, I did a complete scan with MalwareBytes. (I scanned both my flash drive and my computer.) It found nothing.

After this, I tried "show hidden system files and folders". This revealed an additional RECYCLER icon on my desktop, which I deleted. It also showed the RECYCLER folder in each folder on my flash drive. It also revealed my original folders, which had been hidden by the virus. I deleted the RECYCLER folders, moved my data to new folders on the flash drive, and deleted the shortcuts and the hidden original folders. I also deleted about four files from each folder with the extension .tmp. When I deleted the original folders, a warning popped up telling me they were system files and should not be deleted. I deleted them anyway.

This virus is driving me nuts! I can clean out my flash drive in safe mode, deleting all of the virus-related applications. However, the moment I re-insert the flash drive into the computer, it goes back to hidden files and shortcuts. I have tried setting my computer back using System Restore and reformatting the flash drive, all to no avail.

In the properties section of the application in the RECYCLER folder, it gives the virus name as "Bit Defender Agent". Masquerading as an antivirus?

I would appreciate any help! I'm doing research for my M.A. thesis in Peru and all of my data is currently infected. I'm afraid to plug my USB drives into any other computer.

One other weird thing that just started happening yesterday: I cannot open the Task Manager outside of safe mode. CTRL ALT DELETE brings up a message that says: "Logon process has failed to create the security options dialogue. Failure - security options."

Edited by Angwenna, 14 July 2011 - 09:18 AM.


BC AdBot (Login to Remove)

 


#2 Angwenna

Angwenna
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:40 PM

Posted 14 July 2011 - 02:13 PM

The issue has been resolved. One of my friends called a friend who is a computer expert. It took him two hours to clean everything up. There were over fifty changes to the registry. The trojan had individually infected each of the files on my USB drives and external hard drives. It had also completely infiltrated my antivirus software, which had to be deleted (some of it had to be manually deleted in the registry). ComboFix found three additional malicious .exe programs. Anyway, glad it's all over!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users