Flash Drive Virus - unable to detect it

[redburns28]

Hello,

I have a computer that infects flash drives and hides all the files and replaces them with shortcuts. I have come across this virus many times, but I can't seem to fix it this time. The computer is running AVAST 7.


System:
Win XP, SP3

Any ideas?
Thanks

[magna86]

Hi,



Please download MCShield to your desktop.

• Double-click MCShield-Setup.exe and follow the prompts to install the program.
  
• Allow MCShieldUPD.exe to access the internet.
  
• If an update is found, it will download and install the latest update.
• Once MCShield has loaded (or manually start the MCShield. Right click on the blue round icon in system tray and click on Control Panel)
   click on Defaults to load defaults settings.
  
   >> Then put a checkmark in the checkbox for next options:
  
  
• Always show log file if malware has been faund
  
• Unhide files and folders on removable drivers
  
  
• click Save
  
  
• Connect all of the USB storage devices to the PC, one at a time, and wait a couple of seconds for scaning.
• Once it has finished, If malware has been faund it will produce a log report for you.

Attach log reports back to topic.



Download DDS by sUBs to your desktop.
Your antivirus software might question the file. If it does, turn it off please

• Double click DDS.scr to run it and wait for the scan to finish
  
• When finished DDS.txt will open
  
• A small while later, a prompt will open. Answer Yes
  
• DDS will continue scanning
• When done, Attach.txt will open
  
  
• Attach here AllScans.txt, DDS.txt and Attach.txt

[redburns28]

Hi,

Inserted flashdrive and MCShield did not report anything.  The flashdrive still was infected with the files.  Scanned computer and attached the log from the DDS program.

Melissa

[magna86]

Your system is infected. First we have to clean the system. Dont worry, after cleaning main system, we will allow MCShield to disinfect all your infected USB devices.




> Download ComboFix from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
note: ComboFix must be downloaded to your Desktop.

> Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this Instruction.

> Run ComboFix. Click on I Agree!
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.

> When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt )
  Post log reports ( ComboFix.txt) back to topic.

[redburns28]

Scanned the computer and attached the log.  Thanks again for the help and let me know what else I can do!

-m

[redburns28]

Sorry, the log I attached in the previous reply should the the correct one, but here is the 'official' combofix log from the c drive.

[magna86]

Re-run MCShield and click on Update. We need a latest versions. Keep MCShield aktive.
Connect your USB storage devices to the computer one at a time. Scanning will be done automatically.
When update and all scanning is done, you need to attach a logreport that has made MCShield.

Start -> All Programs -> MCShield -> Logs

Attach here -> AllScans.txt

Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC,
e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras,
memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.

[redburns28]

I think the computer might be clean now! Here is the file 'all scans'. Let me know if there is anything else I need to do.

Thank You

[magna86]

After thouse logs I conclude that yours USB devices never have been infected with malware, but your computer was.


Check this folder.
c:\documents and settings\All Users\Application Data\F4D55F2C000183635C05C497D151FC4E
Nothing important should not be located in the folder so that you can optionally delete this if you wish.

Please note:If you using MCShield you were don't need a Panda USB Vaccine.
Panda nothing else do than writes his own autorun.inf and thereby prevents the malware from USB to run and infect the computer .
Panda will not even try to disinfect the infected USB.
Now malicious autorun.inf an antivirus software can control from running how much as much is possible. In some cases, not...
The point is that today's malware is spreading via USB used for at least three more methods for expansion.
Desktop.ini , comment.htt , ActiveX, Windows Shell and user by himself can run USB worms...and so on. 


It is necessary to uninstall Combofix


Start >> Run

Code: [Select]

Combofix /Uninstall
Enter