Help for a stupid (I know!!) decision

[Avastfan1]

Dear Forum,

What would you recommend as a course of action for this user?

I'll say in advance - 'I know I should have!' but I just plugged in a Philips MP3 player from a friend. Windows went through the usual process of recognising a new device. Then the following happened.

Avast Pro 4.8.1356 (VPS: 090926-0) came up with the warning 'sign of WinREG:Autorun [Trj]' has been found in E:\autorun.inf' file.

I selected delete immediately. I know, the better option would have been the chest.

- How can I be sure this was just
- How can I best determine if my system is infected?
- Which (if any) scans should I run?

My setup:
Window$ XP Pro SP3
Avast Pro 4.8.1256
ZoneAlarm Pro 9.0.114.000
MBAM Pro 1.42 (Resident module activated)
Superantispyware 4.29.1002

Thank you in advance and I really would appreciate some help on this!

Best wishes,

Avastfan1
Firefox 3.5.3
NoScript 1.9.9.01

[Pondus]

I would do a full scan with Avast / MBAM / SAS and A-squared free ( now has integrated ikarus virus scan), but thats me 

[DavidR]

Have you not already used this tool to prevent this.

Flash Drive Disinfector
Information and Download Flash_Disinfector.exe by sUBs from >here< and save it to your desktop.

• Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
• The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
• Wait until it has finished scanning and then exit the program.
• Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.


Not to mention I would get along to windows update as there is an optional security update which blocks autorun on USB flash drives but not optical media CD/DVDs.

[Avastfan1]

Tack ska du ha Pondus!

The MBAM scan is now running :-) I'll post again when the results are in.

Ha en bra helg!!!

[Avastfan1]

Hi,

Thanks for the reply. I haven't used the Flash Drive Disinfector tool yet so I will check it out.

That's strange with the Window$ updates. I checked the manual updates yesterday and there was nothing listed.

How do I check if I already have this update installed? :S

Cheers,

Avastfan1

[DavidR]

I can't recall where I saw it, some newsletter, but it wasn't offered to me either.

I think there was also a topic in the General forum from polonus.

You could try a visit to http://secunia.com/software_inspector/, however, since it wasn't classed a critical update it might not be detected as missing. Failing that its down to your friend google.

[DavidR]

OK, been doing some rummaging and this is the one, http://www.microsoft.com/downloads/details.aspx?FamilyID=96ca61f6-8b16-4157-9635-8cfc0bbf4c35&displaylang=en for XP.

[Avastfan1]

Thanks. I will look at that update. Appreciate the extra legwork in hunting down that link!!

Malwarebytes full scan came back negative. SAS started now.

Will report back again soon. :-)

Malwarebytes' Anti-Malware 1.41
Database version: 2862
Windows 5.1.2600 Service Pack 3

26/09/2009 7:16:11 PM
mbam-log.txt

Scan type: Full Scan (C:\|)
Objects scanned: 191702
Time elapsed: 1 hour(s), 2 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[Pondus]

Tack ska du ha Pondus!     Ha en bra helg!!!

Hmmmm........i guess that is  google translator speaking   ...almost correct  ........hmmm swedish maybe?

[Avastfan1]

AA. Det är svensk. Så det är inte fel :-)

Det är bara norska som är fel ;-)

[Avastfan1]

Superantispyware full scan came back negative.

Now for Avast!!

Do I have to do a boot-time scan? Or is a full scan once from the GUI ok?

Thanks!

[Lisandro]

Do I have to do a boot-time scan? Or is a full scan once from the GUI ok?

If the one within the GUI fails (for any reason), you can run at a boot time.

[Avastfan1]

Avast GUI scan worked. Result of a full scan was 0 infected files.

Any other scans to recommend?

[Pondus]

I think you are clean, but you  could try a-squared free. Kanskje du gillar programmet 

[Lisandro]

Any other scans to recommend?

I suggest MBAM and check if you have insecure applications with Secunia Software Inspector.