Results 11 to 20 of 23
-
-
May 26th, 2015 02:01 PM #12
-
Tsikoteer
- Join Date
- Aug 2003
- Posts
- 9,720
May 26th, 2015 02:12 PM #13the symptoms are quite similar to what we had last year sa office. Nakita ko rin to on a cousin's flash drive. Eto ba yung gumagawa ng fake thumbs.db and desktop.ini, and me hidden file na *init* ?
You can see the files by opening a command prompt and running "dir/a/p" on the flash drive.
If you need to copy files from that flash drive, stick it into a linux box. The file managers typically list out all files, You may see a folder with no name, that's where your files are. In our case i just made sure i didn't copy any autorun.inf, desktop.ini, thumbs.db, *.init files. You can quickly do this by creating a bootable live USB of Ubuntu or Fedora. You will get the graphical UI so no Linux skills are necessary really(but do be careful what you delete).i try to keep one handy in case Windows goes awry.
i think the way it works is that the malware hides all the files on the flash drive under a folder with an unprintable name; you will be tricked into clicking the shortcut, which loads the malware code, hidden in the .init, desktop.ini, and thumbs.db files. afaik the two files get read by Windows Explorer, inadvertently running the code.
Better to check with your IT guys, but just to be safe, i deleted all desktop.ini and thumbs.db files on the flash drive.
If possible, back up and go for complete reformat. Even the better AVs today can't totally clean our malware. And don't forget to install AV.
afaik there should be some registry settings in Windows that prevents autorun,inf, desktop.ini and thumbs.db from being read automatically.Last edited by badkuk; May 26th, 2015 at 02:17 PM.
-
May 26th, 2015 03:06 PM #14
-
May 26th, 2015 03:17 PM #15
-
May 26th, 2015 03:22 PM #16
-
May 26th, 2015 03:24 PM #17
-
May 26th, 2015 03:43 PM #18
*shadow: Lagi siguro sa adult site kaya ganyan, dineretso na agad sa favorite site. Haha. Jk!
Performing full scan in safe mode (avira,malwarebytes, superantispyware) pag dipa naayos to reformat ko na.
-
May 26th, 2015 03:49 PM #19
Sir 1d4lv, eto napansin ko, pag nagright click ako dun sa shortcut ng flahdrive then select open file location, sa windows/system32/rundll32 yung punta niya. I read it somewhere na legit ang rundll32 pero may malware daw na nangongopya ng same name para magtago sa mga legit ms prog
-
May 26th, 2015 04:07 PM #20
tama bro. but as i've stated earlier, the virus/malware already embedded itself to the registry wherein an infected rundll32.dll runs instead of the original rundll file na malinis.
try to follow my previous advise first and let us know here what happens.
worst thing that you need to do is to have that formatted.
- - - - - - - - - - - - - - - - - - - - - -
tama bro. but as i've stated earlier, the virus/malware already embedded itself to the registry wherein an infected rundll32.dll runs instead of the original rundll file na malinis.
try to follow my previous advise first and let us know here what happens.
worst thing that you need to do is to have that formatted.
Burberry Men Leather Jacket oskarjacket
Verifpro - paypal, ebay, banks, crypto, docs and...