Something creates volumeInformation.exe on my USB Flash Drive - how to prevent ?

[TrueIndian]

Yes Pondus This thing is probably using the lnk trick to make the user execute the file.

[TrueIndian]

FYI. File has been submitted to avast! to be added to DB 

[REDACTED]

FYI. File has been submitted to avast! to be added to DB 

What does FYI mean? You mean the website virustotal.com, where I have uploaded the malicious file "volumeInformation.exe", submitted it to Avast, to ad it to new virus definitions?

[Pondus]

FYI = For Your Information

[Pondus]

will you attach the logs ?  >>  https://forum.avast.com/index.php?topic=197007.msg1367702#msg1367702

[REDACTED]

Yesterday I have analyzed what happened and why.

 Everything began on Friday, when I plugged my USB Flash drive into the PC of my colleague. He had a malware on PC. It infected my flash drive. My flash drive infected my pc, pc of my wife and pc of my mother in law (we have visited her yesterday).

I though what could I do to remove the malware as soon as possible, before it turned into a terrible monster like ransomware etc. One good idea crossed my mind. I could restore windows to a state before the event.  So I did it on the PC of my wife and I think it helped. I tested it with a Flash Drive and the drive was not infected anymore. I hope it will stay clean. I will keep my eye on it.

Now I want to do same on my pc and the pc  of my mother in law.

@Pondus   thank you for recommending Flash Drive guard MCShield. It is a great software. will install it everywhere.

[Pondus]

One good idea crossed my mind. I could restore windows to a state before the event.

Restore points dont clean malware, it at best prevent it from starting up, until something run that file again

@Pondus   thank you for recommending Flash Drive guard MCShield. It is a great software. will install it everywhere.

Yepp, you should install it at all family computers

You find more info about it here
https://forum.avast.com/index.php?topic=196168.0
https://forum.avast.com/index.php?topic=104046

[REDACTED]

One good idea crossed my mind. I could restore windows to a state before the event.

Restore points dont clean malware, it at best prevent it from starting up, until something run that file again

So what could I do? Avast was not able to recognize it.

[Eddy]

You have been told 3(!) times what to do and we are still waiting for you to do so.

[REDACTED]

I made this logs after I have restored Windows 7 on the PC of my wife to the earlier point (two weeks earlier).

[TrueIndian]

File is now being detected.

Thanks the VT links pondus and dafarulia...you just helped avast protect us

[REDACTED]

File is now being detected.

Thanks the VT links pondus and dafarulia...you just helped avast protect us

https://virustotal.com/en/file/0e239235388c2c6d015c942dd66acf46580d897041bf218cb3a7a136c733eee8/analysis/1487081759/
 it is funny to watch on virustotal.com  how the amount of antiviruses detected the malware is rising...

So as I understand you have forwarded the file I have uploaded to virustotal.com to Avast R&D? I am happy I helped to protect others.
 

[Pondus]

it is funny to watch on virustotal.com  how the amount of antiviruses detected the malware is rising...

That should mean that the first VT detections (and MCShield) was correct

@dbrisendine  is probably online tomorrow and will check your logs

[dbrisendine]

What is this for:  127.0.0.1 activate.adobe.com   ??

[REDACTED]

What is this for:  127.0.0.1 activate.adobe.com   ??

I do not know.  It was a PC of my wife. I'll check when I go back home today.