Originally Posted by
badkuk
the symptoms are quite similar to what we had last year sa office. Nakita ko rin to on a cousin's flash drive. Eto ba yung gumagawa ng fake thumbs.db and desktop.ini, and me hidden file na *init* ?
You can see the files by opening a command prompt and running "dir/a/p" on the flash drive.
If you need to copy files from that flash drive, stick it into a linux box. The file managers typically list out all files, You may see a folder with no name, that's where your files are. In our case i just made sure i didn't copy any autorun.inf, desktop.ini, thumbs.db, *.init files. You can quickly do this by creating a bootable live USB of Ubuntu or Fedora. You will get the graphical UI so no Linux skills are necessary really(but do be careful what you delete).i try to keep one handy in case Windows goes awry.
i think the way it works is that the malware hides all the files on the flash drive under a folder with an unprintable name; you will be tricked into clicking the shortcut, which loads the malware code, hidden in the .init, desktop.ini, and thumbs.db files. afaik the two files get read by Windows Explorer, inadvertently running the code.
Better to check with your IT guys, but just to be safe, i deleted all desktop.ini and thumbs.db files on the flash drive.
If possible, back up and go for complete reformat. Even the better AVs today can't totally clean our malware. And don't forget to install AV.
afaik there should be some registry settings in Windows that prevents autorun,inf, desktop.ini and thumbs.db from being read automatically.
Одна из черт возьми
Originally Posted by badkuk
Reply With Quote
