Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Flash drive infected with weired kind of virus ?


  • Please log in to reply
3 replies to this topic

#1 nilesh1foru

nilesh1foru

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 04 April 2013 - 11:27 PM


 I think my flash drive/pen drive get infected with some kind of weird virus... When I open it I see the only shortcut name of flash drive itself inside the drive. No folder or files are visible. e.g. lets say If I connect my drive to PC and open it I see shortcut named kingston (8GB) When I double click on it I can see the error message ,

    Error Loading ~$WJKLOZIEL.NFC Specified module could not be found.

I have scan it on Quick heal with updated virus database of 4 April. I can see it scanning all the folders and files inside the drive but that nothing works. still I can see only the shortcut of that drive.

What to do ?
 



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:37 AM

Posted 05 April 2013 - 02:32 AM

Hello -

Instructions
1 Turn on the computer, wait for the operating system to fully load and insert the flash drive. The operating system will display a message asking what you want to do with the contents of the flash drive. Click "Cancel" to close the message.

 

2 Click "Start" and then "Run" to launch the Run command box. Type in 'cmd' and hit "Enter" to launch the Command Prompt. You will see a window appear with a black background, with a blinking cursor next to "C:\"

 

3 Minimize the Command Prompt window and go to "My Computer." Right click on the flash drive icon and check the drive letter assigned to the drive. On the Command Prompt window type in the drive letter and press "Enter." If your drive letter is "E," type in "E:" or select the correct drive letter, and then press "Enter."

 

4 Display the list of files contained in the flash drive. In the Command Prompt, type in "dir /w/a". That is, 'dir-space-slash-w-slash-a'. This command will display all the files stored in the drive. Check whether the drive contains unfamiliar or suspicious files you did not put in it. Common signs of infection are the presence of files such as "Autorun.inf," "Ravmon.exe," "svchost.exe," and "Heap41a."

 

5 Disable attributes of infected files. In Command Prompt, type in "attrib -r -a -s -h *.*"
NOTE: That is, 'attrib-space-dash-r-space-dash-a-space-dash-s-space-dash-h'. Press "Enter."
This command will disable, in order, the 'read only,' 'archive,' 'system' and 'hidden' attributes of all files.

 

6 Delete infected files. Type in "del samplefilename" to delete the named file from the flash drive. Replace 'samplefilename with the actual file name; for example, to delete "Autorun.inf," type in "del Autorun.inf." Remove all suspicious files individually and then close the Command Prompt.

 

7 Scan the flash drive with an up-to-date anti-virus program. Check the program's virus definition before initiating a scan. If updates are available, download and install before scanning. Launch the anti-virus, specify the flash drive as the location to scan, and initiate a thorough scan. The scan report should show no identified infections.

 

8 Eject the flash drive and plug into another computer. Check file contents from Command Prompt. The drive should not contain any suspicious files.

 

Finally read http://www.bleepingcomputer.com/forums/t/142136/pen-drive-infected/#entry798468 by quietman7 for further information

 

Thank You -



#3 TwinHeadedEagle

TwinHeadedEagle

  • Security Colleague
  • 351 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:11:37 PM

Posted 07 April 2013 - 06:13 AM


 I think my flash drive/pen drive get infected with some kind of weird virus... When I open it I see the only shortcut name of flash drive itself inside the drive. No folder or files are visible. e.g. lets say If I connect my drive to PC and open it I see shortcut named kingston (8GB) When I double click on it I can see the error message ,

    Error Loading ~$WJKLOZIEL.NFC Specified module could not be found.

I have scan it on Quick heal with updated virus database of 4 April. I can see it scanning all the folders and files inside the drive but that nothing works. still I can see only the shortcut of that drive.

What to do ?
 

 

I think this is Worm:Win32/Gamarue

 

http://blogs.technet.com/b/mmpc/archive/2013/02/27/the-strange-case-of-gamarue-propagation.aspx

 

 

This worm copies these files on USB

 

fig1.png

 

When it infects system, it makes this registry line along with the file

 

 

 

[HKLM\​SOFTWARE\​Microsoft\​Windows\​CurrentVersion\​Run] 
"SunJavaUpdateSched"="C:\​Documents and Settings\​All Users\​svchost.exe"
 

 

 

I can recommend you this tool for protection from such kind of malware

 

http://mcshield.net/


Edited by TwinHeadedEagle, 07 April 2013 - 06:15 AM.


#4 sharmamadhukar

sharmamadhukar

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 09 July 2013 - 06:40 AM

Hello -

Instructions
1 Turn on the computer, wait for the operating system to fully load and insert the flash drive. The operating system will display a message asking what you want to do with the contents of the flash drive. Click "Cancel" to close the message.

 

2 Click "Start" and then "Run" to launch the Run command box. Type in 'cmd' and hit "Enter" to launch the Command Prompt. You will see a window appear with a black background, with a blinking cursor next to "C:\"

 

3 Minimize the Command Prompt window and go to "My Computer." Right click on the flash drive icon and check the drive letter assigned to the drive. On the Command Prompt window type in the drive letter and press "Enter." If your drive letter is "E," type in "E:" or select the correct drive letter, and then press "Enter."

 

4 Display the list of files contained in the flash drive. In the Command Prompt, type in "dir /w/a". That is, 'dir-space-slash-w-slash-a'. This command will display all the files stored in the drive. Check whether the drive contains unfamiliar or suspicious files you did not put in it. Common signs of infection are the presence of files such as "Autorun.inf," "Ravmon.exe," "svchost.exe," and "Heap41a."

 

5 Disable attributes of infected files. In Command Prompt, type in "attrib -r -a -s -h *.*"
NOTE: That is, 'attrib-space-dash-r-space-dash-a-space-dash-s-space-dash-h'. Press "Enter."
This command will disable, in order, the 'read only,' 'archive,' 'system' and 'hidden' attributes of all files.

 

6 Delete infected files. Type in "del samplefilename" to delete the named file from the flash drive. Replace 'samplefilename with the actual file name; for example, to delete "Autorun.inf," type in "del Autorun.inf." Remove all suspicious files individually and then close the Command Prompt.

 

7 Scan the flash drive with an up-to-date anti-virus program. Check the program's virus definition before initiating a scan. If updates are available, download and install before scanning. Launch the anti-virus, specify the flash drive as the location to scan, and initiate a thorough scan. The scan report should show no identified infections.

 

8 Eject the flash drive and plug into another computer. Check file contents from Command Prompt. The drive should not contain any suspicious files.

 

Finally read http://www.bleepingcomputer.com/forums/t/142136/pen-drive-infected/#entry798468 by quietman7 for further information

 

Thank You -

Thanx...a lot.....






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users