login about faq

I am having a problem. Whenever i plug in my usb in my office computer, the following folders appear.

http://i.imgur.com/gEvdY.jpg

If i try to copy any folder from my computer to my usb drive, it hides the folder the other folder is changed to .exe file.

Scanned it with MSE and it didnt show me anything....i tried deleting the files using cmd (attrib method) and deleted the files. I even did a quick format. But whenever i re plug in my usb these 2 files are always there in it.

ANy suggestions?

This question is marked "community wiki".

asked Dec 01 '12 at 07:35

Hammad's gravatar image

Hammad
404101220


Hi Hammad,

I never even heard of this one before so these are just suggestions.

My first thought is that the malicious files have processes running which are preventing the files from being deleted properly.

You could use task manager to search for these processes but first I would try assigning a different letter to the USB drive. For drives with software installed this almost always causes the software to stop working. With any malicious processes stopped you can do a full format on the USB drive which will hopefully nuke that SVCHost, its data folder and anything else on there.

In addition try using USB Oblivion to remove anything left behind In the registry on that computer by the infected USB drive. Here is the link http://code.google.com/p/usboblivion/

If that doesn’t work then there is a program called Autorun Eater which finds and removes malicious files from USB drives. I haven’t used it myself but its free and looks worth a try if no one else can help. Here’s the link http://oldmcdonald.wordpress.com/

If neither of these work, my only suggestion is to try another manual delete.

First check task manager for any processes that the files are running and end them. Then using an elevated command prompt to avoid any administrator rights that may be protecting the files, remove any read only attributes on the unwanted files and delete them. Then double check that they are deleted properly.

Use the command prompt to check for any other suspicious files or directories including hidden ones, end any processes they have running and delete them. Double check they are deleted and if not continue looking for any process that is preventing the delete.

Let me know how you get on

link

answered Dec 08 '12 at 14:27

Simon%20H's gravatar image

Simon H
5.0k62683

edited Dec 09 '12 at 06:53

2

Well, i researched about it in great great detail. I dont know while researching, i tried every single method and managed to remove the virus from my usb but whenever i plugged it back in it came back. tried KAspersky rootkit scanner, kaspersky internet security and what not.

and in the end, i could find the affected registry keys so the only option left for me was to format my PC>

(Dec 09 '12 at 13:20) Hammad Hammad's gravatar image
1

Sorry I couldn't help, I guess sometimes you just have to bite the bullet.

Only other option I can think of is to remove the hard drive and connect it as an external data drive to a clean computer. You could then use that computer to scan the drive. The theory being that since the rootkit won’t be running it can’t hide itself.

I seem to remember that you have a laptop that’s not easy for you to open up so formatting might be preferable to you.

One other thought, I would use a clean computer to access all my online accounts and change the passwords, just in case you have had any of them stolen by this malware.

Also change any security questions that are accessible through the account such as the ones used by Hotmail. It’s feasible that a criminal could note these down in order to gain access to the account after you have changed the password.

Also if you’ve been entering your credit card details for online purchases on the infected computer it would be an idea to call your bank and get the card stopped, in case those details were stolen.

(Dec 10 '12 at 08:21) Simon H Simon%20H's gravatar image

Never used my credit card online ever and even i asked my bank never to accept any online transaction. So thats not an issue. anyways formatted my pc and all is good now.

(Dec 12 '12 at 13:32) Hammad Hammad's gravatar image

When my PC catches a virus, I always format as a rule of thumb. Once infected it is near impossible to fully trust your computer regardless of how well you removed the threat.

Nuke it from orbit!

(Jan 11 '13 at 09:24) grooveDexter grooveDexter's gravatar image
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:
    [text](http://url.com/ "title")
  • image:
    ![alt text](/path/img.jpg "title")
  • numbered list:
    1. Foo
    2. Bar
  • Code:
    • Within a paragraph:
      `code`
      surround code with grave accents (backticks)
    • Code snippet:
      Select the text and use the button on the icon of zeros and ones
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×14
×2

Asked: Dec 01 '12 at 07:35

Seen: 2,762 times

Last updated: Jan 11 '13 at 09:24

groovyAnswers © 2007 - 2011 All Rights Reserved | Privacy | Contact