Usapang Virus

[piscesboy]

recently nainfect laptop ko ng shortcut virus.
pag sinaksak ko flashdrive at open, yung shortcut ng flashdrive lalabas. pag inopen ko yung shortcut, mag oopen ng new window, pero andun parin files ko. eto screenshot. pag inoepn ko yung file folder at shortcut ng flashdrive same lang laman.

natry ko na iformat flashdrive ko pero ganun pa din e, may shortcut ulit lalabas pag inopen ko flashdrive ko. nasubukan ko narin yung attrib method: attrib -h -r -s /s /d f:\*.*

may nakaranas nba ganito? pashare naman ano ginawa niyo para maalis yung shortcut virus. dalawang flashdrive na kasi nainfect e. ty!

*im using Avira as my AV at malwarebytes & superantispyware pero wala sila madetect kahit full scan.
full scan in Safe mode diko pa na try

[12vdc]

Your laptop is infected and now the host, i'd perform full hdd rebuild if i were you.

[piscesboy]

thanks sir. yun din hinala ko e, nasa laptop ko na. dati kasi pag open ng flashdrive files agad lalabas, ngayon shortcut ng flashdrive. sana maayos ko pa ng di na kelangan i reformat laptop ko.

[mika_23]

try mo i run ng combofix and check natin ung log.

[StockEngine]

We had the same issue company wide lol. you can't clean the usb since your OS is infected.

Rootkit virus ata yan. Either contact avira or for quick repair...reinstall. ssd reinstalls are zippy fast.

[12vdc]

Im now replacing my crappy norton with much better but still crap msse [emoji1] no issues yet using msse w/my other 2 lappies which were formerly using the company kaspersky.

[piscesboy]

*mika: dl'ing combofix.
*12vdc: sir natry ko narin mic essent, ok siya. nod32 ok din.

- - - - - - - - - - - - - - - - - - - - - -

*mika: dl'ing combofix.
*12vdc: sir natry ko narin mic essent, ok siya. nod32 ok din.

[compact]

Try smadav, small footprint, effective and most of all, free.

[1D4LV]

had encountered that one month ago sa PC namin sa house.
what i did is to boot the computer in safe mode, run MSE and Malwarebytes.
boot on normal mode.
wala na.

yung USB mo, i format mo na din habang naka safe mode ka.

- - - - - - - - - - - - - - - - - - - - - -

had encountered that one month ago sa PC namin sa house.
what i did is to boot the computer in safe mode, run MSE and Malwarebytes.
boot on normal mode.
wala na.

yung USB mo, i format mo na din habang naka safe mode ka.

[shadow]

How about yun laging na redirect yun browser sa mga "powered by xxxx" or meron lumalabas na mga for sale ads sa girlie ng browser. How to remove those?

[1D4LV]

How about yun laging na redirect yun browser sa mga "powered by xxxx" or meron lumalabas na mga for sale ads sa girlie ng browser. How to remove those?

install a browser based adblocker bro.

[Syuryuken]

How about yun laging na redirect yun browser sa mga "powered by xxxx" or meron lumalabas na mga for sale ads sa girlie ng browser. How to remove those?

anong browser mo? install ka ng adblock plus or ublock

[shadow]

install a browser based adblocker bro.

Thanks...

anong browser mo? install ka ng adblock plus or ublock

Firefox...

Meron na ako Adblock plus eh, ganun pa rin

Nag simul ayan nun inalis ko Symantec eh

[1D4LV]

Thanks...



Firefox...

Meron na ako Adblock plus eh, ganun pa rin

Nag simul ayan nun inalis ko Symantec eh

baka mali ang configuration ng Adblock Plus mo bro...... It works for me.

- - - - - - - - - - - - - - - - - - - - - -

Thanks...



Firefox...

Meron na ako Adblock plus eh, ganun pa rin

Nag simul ayan nun inalis ko Symantec eh

baka mali ang configuration ng Adblock Plus mo bro...... It works for me.

[shadow]

baka mali ang configuration ng Adblock Plus mo bro...... It works for me.

- - - - - - - - - - - - - - - - - - - - - -



baka mali ang configuration ng Adblock Plus mo bro...... It works for me.

Paano ba dapat configuration? Hinde ko run ma add yun ads Sa Adblock dati iadd ko Lang po na eh

[badkuk]

the symptoms are quite similar to what we had last year sa office. Nakita ko rin to on a cousin's flash drive. Eto ba yung gumagawa ng fake thumbs.db and desktop.ini, and me hidden file na *init* ?

You can see the files by opening a command prompt and running "dir/a/p" on the flash drive.

If you need to copy files from that flash drive, stick it into a linux box. The file managers typically list out all files, You may see a folder with no name, that's where your files are. In our case i just made sure i didn't copy any autorun.inf, desktop.ini, thumbs.db, *.init files. You can quickly do this by creating a bootable live USB of Ubuntu or Fedora. You will get the graphical UI so no Linux skills are necessary really(but do be careful what you delete).i try to keep one handy in case Windows goes awry.



i think the way it works is that the malware hides all the files on the flash drive under a folder with an unprintable name; you will be tricked into clicking the shortcut, which loads the malware code, hidden in the .init, desktop.ini, and thumbs.db files. afaik the two files get read by Windows Explorer, inadvertently running the code.

Better to check with your IT guys, but just to be safe, i deleted all desktop.ini and thumbs.db files on the flash drive.

If possible, back up and go for complete reformat. Even the better AVs today can't totally clean our malware. And don't forget to install AV.

afaik there should be some registry settings in Windows that prevents autorun,inf, desktop.ini and thumbs.db from being read automatically.

[1D4LV]

the symptoms are quite similar to what we had last year sa office. Nakita ko rin to on a cousin's flash drive. Eto ba yung gumagawa ng fake thumbs.db and desktop.ini, and me hidden file na *init* ?

You can see the files by opening a command prompt and running "dir/a/p" on the flash drive.

If you need to copy files from that flash drive, stick it into a linux box. The file managers typically list out all files, You may see a folder with no name, that's where your files are. In our case i just made sure i didn't copy any autorun.inf, desktop.ini, thumbs.db, *.init files. You can quickly do this by creating a bootable live USB of Ubuntu or Fedora. You will get the graphical UI so no Linux skills are necessary really(but do be careful what you delete).i try to keep one handy in case Windows goes awry.



i think the way it works is that the malware hides all the files on the flash drive under a folder with an unprintable name; you will be tricked into clicking the shortcut, which loads the malware code, hidden in the .init, desktop.ini, and thumbs.db files. afaik the two files get read by Windows Explorer, inadvertently running the code.

Better to check with your IT guys, but just to be safe, i deleted all desktop.ini and thumbs.db files on the flash drive.

If possible, back up and go for complete reformat. Even the better AVs today can't totally clean our malware. And don't forget to install AV.

afaik there should be some registry settings in Windows that prevents autorun,inf, desktop.ini and thumbs.db from being read automatically.

errrr. may not work bro.... the malware attaches itself to the windows registry so there is a need to have the registry not load in full (via safe mode) and clean...

[badkuk]

errrr. may not work bro.... the malware attaches itself to the windows registry so there is a need to have the registry not load in full (via safe mode) and clean...

Sorry, i meant setting the disable autorun thing *before* you get infected. You can apply this on the new installation you will be doing.

[piscesboy]

UPDATE: after performing full system scan in safe mode, "parang" ok na ulit laptop ko.
pag sinaksak ko na flashdrive ko then open, files na agad lalabas, dina yung shortcut ng flashdrive.
sana nga ok na ulit.
eto pala isa sa naresearch ko, Help me Remove rundll32.exe Virus - Microsoft Community
try ko din sana MRT ( malicious removal tool) after windows update and install May 2015 mrt pero mukhang ok naman na laptop ko. ty sa lhat ng suggestion, di na ako nag reformat :D

[piscesboy]

*shadow: Lagi siguro sa adult site kaya ganyan, dineretso na agad sa favorite site. Haha. Jk!
Performing full scan in safe mode (avira,malwarebytes, superantispyware) pag dipa naayos to reformat ko na.