Thumb driver users be aware, you might be unwittingly spreading winantivirus
2009. Inserting a thumb drive into an infected machine (of at least one of
the variants) creates a hidden pair of files on the root directory.
i) m.exe hidden and claiming to be from skype
ii) autorun.ini which is set to silently run m.exe whenever the drive is
inserted.
The only clue you will have this is happening, is a second or so delay
between clicking on the thumb drive, and it opening.
AFAIK it puts files in the system32 folder (in this case fffcaf.dll, but
that might just be a random file name) and puts multiple start up points in
the registry.
Anyone know of any usb thumb drives with a read only switch?
Gaz
David H. Lipman
01-04-2009, 06:41 AM
From: "Gaz" <gazter@msn.com>
| Thumb driver users be aware, you might be unwittingly spreading winantivirus
| 2009. Inserting a thumb drive into an infected machine (of at least one of
| the variants) creates a hidden pair of files on the root directory.
| i) m.exe hidden and claiming to be from skype
| ii) autorun.ini which is set to silently run m.exe whenever the drive is
| inserted.
| The only clue you will have this is happening, is a second or so delay
| between clicking on the thumb drive, and it opening.
| AFAIK it puts files in the system32 folder (in this case fffcaf.dll, but
| that might just be a random file name) and puts multiple start up points in
| the registry.
| Anyone know of any usb thumb drives with a read only switch?
| Gaz
Not "autorun.ini", that's an interpreted directive type file. You mean "autorun.inf"
which is used in AutoRun/AutoPlay.
The best course of action is to disable AutoRun/AutoPlay on the computer such that when a
mass storage device that is infected is inserted into the USB port, the PC won't
automatically run the AutoRun worm malware component and infect the PC.
--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
Bill Ridgeway
01-04-2009, 07:00 AM
"Gaz" <gazter@msn.com> wrote in message
news:6sbnnlF56s74U1@mid.individual.net...
> Thumb driver users be aware, you might be unwittingly spreading
> winantivirus 2009. Inserting a thumb drive into an infected machine (of at
> least one of the variants) creates a hidden pair of files on the root
> directory.
>
> i) m.exe hidden and claiming to be from skype
> ii) autorun.ini which is set to silently run m.exe whenever the drive is
> inserted.
>
> The only clue you will have this is happening, is a second or so delay
> between clicking on the thumb drive, and it opening.
>
> AFAIK it puts files in the system32 folder (in this case fffcaf.dll, but
> that might just be a random file name) and puts multiple start up points
> in the registry.
>
> Anyone know of any usb thumb drives with a read only switch?
>
> Gaz
For anyone needing to have software to use or install on Clients' computers
I would suggest using a CD-R or CD-RW. AFAIK they can't be written to
easily (?or at all) without you knowing about it and so puts them at one
remove (but, perhaps, not entirely) from catching a virus. However, I have
found some (older) CD drives unable to read a CD-RW disc.
Bill Ridgeway
Bruce Chiles
01-08-2009, 03:09 AM
DECEIT, DECEPTION AND MURDER= CIA2/MOSSAD
"Cacophonies of the New American/Israeli KILLERS..."
http://lebanonknights.blogspot.com/
http://univercia2langley.blogspot.com/
http://univercia22.blogspot.com/
http://univercia2.blogspot.com/
A partial return to the status quo ante bellum....
http://univercia.blogspot.com/
"Cacophonies of the New American KILLERS..."
http://americanassassination.blogspot.com/
http://elie-hobeika.blogspot.com/
http://wiredlebanon.blogspot.com/
http://phoeniciaphoenix.blogspot.com/
http://hobeika.blogspot.com/
http://hk-elie-hobeika.blogspot.com/
http://anaconda-manifesto.blogspot.com/
http://lebaneseresistance.blogspot.com/
http://newhk.blogspot.com/
http://echkelon.blogspot.com/