Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Found Sality and worm on My Portable HDD


  • Please log in to reply
4 replies to this topic

#1 ranget

ranget

  • Members
  • 250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:50 PM

Posted 30 November 2011 - 03:36 PM

HI

i have a 200 GB Portable hard disk
recently i changed My security suit from Bitdefender 2012 to eset security 5
and of course i did a Full scan of the system all to be Clean
then i scanned the Portable Drive to Find in the system Volume Information of the disk
a two infection

Sality.NAR Virus
and Win32/Bflient.AK worm

the question is did i infect other Machines ???

Even that Node didn't say anything when i attached the Removable Hard
just detect the Threat on Demand Scan

so is it a Malware Leftover or i infected all of the PCs that i have

BTW i use heavy on Demand Scanners All the time
that inclue MBAM .SAS,HMP,DRWEB

thanks in advance

A big thanks to Dider Stevens

sorry for not being around

 


BC AdBot (Login to Remove)

 


#2 LCS_Tech

LCS_Tech

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Missouri
  • Local time:11:50 PM

Posted 30 November 2011 - 03:52 PM

In my professional opinion I would say that it is leftovers from a previous infection. The System Volume Information folder is an area where windows keeps all of its restore points. I think this disk was probably used as a backup drive for you main system at one point in time and I wouldn't be concerned about infecting other computers. However, if you have recently restored from that backup I would check the primary computer for any infections.


Good Luck and hope this help you out a little bit.

#3 ranget

ranget
  • Topic Starter

  • Members
  • 250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:50 PM

Posted 30 November 2011 - 04:00 PM

the Problem i don't use it for backup stuff i just use it to move data from point to point

A big thanks to Dider Stevens

sorry for not being around

 


#4 LCS_Tech

LCS_Tech

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Missouri
  • Local time:11:50 PM

Posted 30 November 2011 - 04:56 PM

I still wouldn't worry, as I mentioned before the System Volume Information folder is locked by the OS so accessing any data in there requires higher privileges than a standard administrator account. XP has a habit of thinking that a removable drive needs to be included in the system restore thus the 'system volume information' folder gets created on the drive. Again, I wouldn't loose any sleep over the fact that an infection was found in that folder.

I work with infected computers every day, I have a flash drive that I use as a toolbox, I was concerned about the flash drive being used to carry infections from one computer to another so what I did was create a folder on the root of the drive and named it autorun.inf ad changed the properties of the folder to read-only. That way if a virus tried to place itself onto the flash drive, it wouldn't be able to create the autorun entry that is needed to execute the payload. It doesn't prevent the virus from placing itself on the drive but prevents the auto run features in windows from executing the virus.... Learned that the hard way several years ago.

Good Luck!!

#5 ranget

ranget
  • Topic Starter

  • Members
  • 250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:50 PM

Posted 30 November 2011 - 08:28 PM

thanks

i know this trick but i think there is a couple of other way for virus to spread on the flash disk other than the autorun.inf

my hard and flash disks are vaccinated against viruses

A big thanks to Dider Stevens

sorry for not being around

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users