What kind of this virus?

[ajri02]

I got an USB and that infected virus that I never seen!
I plug it in mycomputer and it's infected. Bitdefender in my machine can't detect this virus.
When I upload files to host from the infected machine, the host is hacked. It is inserted dangerous code that link to a virus website from chinese, to the index.html, index.php files.
When I  Format Usb (from MS DOS), the Usb is not cleaned.
I really don't know what kind of it? And which tools to clean it from my computer, my usb and my host?
Thank for your help!

[DavidR]

If you had an infected USB then it is likely that you have an infected system, in that when you plug-in the newly formatted USB is likely to be reinfected.

One piece of malware that infects html files to redirect to Chinese sites is Grumblar.cn, see http://blog.avast.com/2009/06/03/gumblarcn-summary/, but without more information that is speculation.

It could also be another nasty Virut/Virtob and these infections could effectively mean a format and reinstall. Hopefully not or avast would be finding more infected files as this is a very virulent file infecter.

It may be that your site and its hosting software is hacked and being exploited and not that the files you are uploading are infected.

1. Flash Drive Disinfector
Information and Download Flash_Disinfector.exe by sUBs from >here< and save it to your desktop.

• Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
• The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
• Wait until it has finished scanning and then exit the program.
• Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.


2.  HACKED SITES - This is commonly down to old content management software being vulnerable, see this example of a HOSTs response to a hacked site.

3. Also see, Tips for Cleaning & Securing Your Website, http://www.stopbadware.org/home/security.

Also see, Cleansing Gumblar from websites.... (commonly the JS:Redirector- avast detection), http://forum.avast.com/index.php?topic=45517.0.

Also see, Automatic removal of Gumblar/Martuz trojan http://www.danielansari.com/wordpress/2009/05/automatic-removal-of-gumblarmartuz-trojan/.

[ajri02]

Thank DavidR

[ajri02]

If you had an infected USB then it is likely that you have an infected system, in that when you plug-in the newly formatted USB is likely to be reinfected.

One piece of malware that infects html files to redirect to Chinese sites is Grumblar.cn, see http://blog.avast.com/2009/06/03/gumblarcn-summary/, but without more information that is speculation.

It could also be another nasty Virut/Virtob and these infections could effectively mean a format and reinstall. Hopefully not or avast would be finding more infected files as this is a very virulent file infecter.

It may be that your site and its hosting software is hacked and being exploited and not that the files you are uploading are infected.

1. Flash Drive Disinfector
Information and Download Flash_Disinfector.exe by sUBs from >here< and save it to your desktop.

• Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
• The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
• Wait until it has finished scanning and then exit the program.
• Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.


2.  HACKED SITES - This is commonly down to old content management software being vulnerable, see this example of a HOSTs response to a hacked site.

3. Also see, Tips for Cleaning & Securing Your Website, http://www.stopbadware.org/home/security.

Also see, Cleansing Gumblar from websites.... (commonly the JS:Redirector- avast detection), http://forum.avast.com/index.php?topic=45517.0.

Also see, Automatic removal of Gumblar/Martuz trojan http://www.danielansari.com/wordpress/2009/05/automatic-removal-of-gumblarmartuz-trojan/.

Oh the Usb can not be clean with Flash Drive Disinfector tool.

[.: L' arc :.]

Oh the Usb can not be clean with Flash Drive Disinfector tool.

 Clean your PC first before plugging-in your Flash Disk.

 Please download Malwarebytes Antimalware. Install it, update it, the run a scan & please post here the result that will pop-up in notepad after the scan.

[DavidR]

Thank DavidR

No problem, glad I could help.

<snip>
Oh the Usb can not be clean with Flash Drive Disinfector tool.

You should first have run it on only your PC before trying to run it for your USB. Why couldn't it be cleaned, what errors were displayed, etc ?

As .: L' arc :. mentioned it could be that your main system is preventing this from happening, so running MBAM should help in that regard.

Welcome to the forums.

[ajri02]

If you had an infected USB then it is likely that you have an infected system, in that when you plug-in the newly formatted USB is likely to be reinfected.

One piece of malware that infects html files to redirect to Chinese sites is Grumblar.cn, see http://blog.avast.com/2009/06/03/gumblarcn-summary/, but without more information that is speculation.

It could also be another nasty Virut/Virtob and these infections could effectively mean a format and reinstall. Hopefully not or avast would be finding more infected files as this is a very virulent file infecter.

It may be that your site and its hosting software is hacked and being exploited and not that the files you are uploading are infected.

1. Flash Drive Disinfector
Information and Download Flash_Disinfector.exe by sUBs from >here< and save it to your desktop.

• Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
• The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
• Wait until it has finished scanning and then exit the program.
• Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.


2.  HACKED SITES - This is commonly down to old content management software being vulnerable, see this example of a HOSTs response to a hacked site.

3. Also see, Tips for Cleaning & Securing Your Website, http://www.stopbadware.org/home/security.

Also see, Cleansing Gumblar from websites.... (commonly the JS:Redirector- avast detection), http://forum.avast.com/index.php?topic=45517.0.

Also see, Automatic removal of Gumblar/Martuz trojan http://www.danielansari.com/wordpress/2009/05/automatic-removal-of-gumblarmartuz-trojan/.

Ok I can prepare hack size
I change ftp password and send request to stop bad ware
Thank for your help.
But I supprise why we can clear warning from google by sop bad ware

[DavidR]

You're welcome.

I'm sorry but I don't understand about stop bad ware and google.

I asked a number of questions in this topic which haven't been answered, these answers help us to help you.

[ajri02]

Thank DavidR

No problem, glad I could help.

<snip>
Oh the Usb can not be clean with Flash Drive Disinfector tool.

You should first have run it on only your PC before trying to run it for your USB. Why couldn't it be cleaned, what errors were displayed, etc ?

As .: L' arc :. mentioned it could be that your main system is preventing this from happening, so running MBAM should help in that regard.

Welcome to the forums.

Sorry David for not answer your question soon!

I could see the USB is not cleaned by I stick the Usb to another PC (this PC is clean) and I can see this PC is infected ( After stick USB, the Window request to install some other Window Application. After Restart PC, I can't login to Window, It's reset automatically).

I installed Flash Drive Disinfector tool on one clean PC, I set not autorun for USB but after stick USB the clean PC is infected immediately.

I set CMOS prevent USB port, but after stick USB the clean PC is infected immediately.

This is really a very strange and dangerous virus. I have 3 USB infected and I can't use them now.

Certainly I tried all on Clean PCs (I use Ghost so I clear Partion very easy).

Thank for your help. My host is ok now. But I can't find the way to clear the virus from Usb (and from the infected machine certainly)

[DavidR]

I would first retrieve what data on it which is important to you and then format the USB.

Flash Disinfector is more of a preventative measure and should over ride any autorun.inf file by the creation of an autorun.inf folder which is a hidden system assigned folder so it should have worked in effectively stopping the autorun.inf file from running, that is how it infects systems. So I really don't know what is going on with yours.

Also try Autorun Eater.