|
Posted by on March 31, 2006, 6:05 pm
If you were Registered and logged in, you could reply and use other advanced thread options
David H. Lipman wrote:
>
> |
> | I found it on an SD card that I used a couple of weeks ago to test a
> | camera in a store. I took pictures with it and brought the SD card
> | back. Strangely, I looked at the pictures back then and had no problem.
> | Now that I looked at the SD card again I clicked on some folder on it
> | and it seems to have ran something that avast/prevx/kerio didn't like.
> | I don't exactly remember what was going on in detail, I was literally a
> | "moron in a hurry" trying to get this cheap mp3 player to work to
> | listen to an podcast. Anyhow, I allowed it to do one thing and then
> | blocked the rest when I noticed that it wasn't normal (prevx does get
> | frustrating in normal usage, so I acquired a habit of allowing without
> | much thinking unless I'm on guard). I then ran avast, it said reboot, I
> | rebooted, it ran on reboot and moved 9 files to its virus chest.
> |
> | Any permanent harm done? Should I reinstall windows? Thanks.
>
> OK, so Avast found a worm (?) on a SD card. The question is, in what form was
it and what
> was done with it ?
> Was it an EXE file ?
> Was it deleted ?
> Was it quarantined ?
> Was it executed ?
> Have you scanned your computer to see if the computer OS was infected ?
Hi, sorry I havne't been clear.
The files on the card looked either like a folder or an archive file in
thumnail view. I clicked on it and it ran an exe. prevx alarmed me but
because I was messing with a new mp3/card reader thing that wasn't
working well I allowed it once or twice, then suspected things weren't
right after a second or two, so I denied further attempts to modify.
Wait, I just had a look at the virus chest. Okay, it seems the virus
had used the names of the folders and made them EXEs.
http://i2.tinypic.com/somgxi.jpg
See those top three? Those used to be folders on the SD card. Each
folder stood for a camera and contained the pictures from that camera.
Like I said, I took this card to a camera store and used it there in
cameras I was testing before I buy one.
I don't remember if Avast alarmed me about the files or not, but it
didn't while they were active. If it did it sure took its time and I
was dealing with prevx and kerio popping up first. I then ran it
afterwards and it told me that there was a virus in memory and it was
better to reboot and do a boot-time-scan. So I did that. I told it to
move everything to its virus chest (that's a quarantine I think) rather
than delete.
I'm running another Avast scan now and it's not showing up anything
new.
Do you suggest I don't use any passwords until I'd reinstalled the OS?
Thanks.
>
> The following can be used to see if the system was infected
> * * * NOTE: You should disable Avast if you run the Trend module in the below
tool as it
> falsely declares the Trend Micro Sysclean utility as being infected with the
VBS/RedLof.
>
>
> Download MULTI_AV.EXE from the URL --
> http://www.ik-cs.com/programs/virtools/Multi_AV.exe
>
> To use this utility, perform the following...
> Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
> Choose; Unzip
> Choose; Close
>
> Execute; C:\AV-CLS\StartMenu.BAT
> { or Double-click on 'Start Menu' in C:\AV-CLS }
>
> NOTE: You may have to disable your software FireWall or allow WGET.EXE to go
through your
> FireWall to allow it to download the needed AV vendor related files.
>
> C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
> This will bring up the initial menu of choices and should be executed in
Normal Mode.
> This way all the components can be downloaded from each AV vendor's web site.
> The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot
the PC.
>
> You can choose to go to each menu item and just download the needed files or
you can
> download the files and perform a scan in Normal Mode. Once you have downloaded
the files
> needed for each scanner you want to use, you should reboot the PC into Safe
Mode [F8 key
> during boot] and re-run the menu again and choose which scanner you want to
run in Safe
> Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
>
> When the menu is displayed hitting 'H' or 'h' will bring up a more
comprehensive PDF help
> file. http://www.ik-cs.com/multi-av.htm
>
> Additional Instructions:
>
http://harrisonrj.home.comcast.net/step_by_step_pc_cleaning_process.htm#Step_3_%96_Getting_Help
>
>
> * * * Please report back your results * * *
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
| ![Avast found a win32:Brontok[wrm] on my computer](/images/header.jpg)
XML site map