I got the Flash Disinfector but it just keeps the worm locked on my flashdrives, hence they dont spread onto other pcs but the thing is…my pc keep infecting every flash drive thats placed on it. So the stupid worm is on my pc but avast isnt doing anything to get it off. How do I get rid of this worm?
Is Avast detecting it at all? And if not how do you know that the flash drives that have been plugged into this computer are infected?
Does this worm have a name?
Flash Disinfector does place a file called “autorun.inf”…Here’s something from MyAntispyware:
Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don’t delete this folder. It will help protect your drives from future infection.If you need help with the instructions, then post your questions in our Anti spyware forum.
Let your USB drive plugged and run Autorun Eater or Flash Disinfector, allowing them to clean up all drives. They would create hidden folders named autorun.inf in each partition and every USB drive plugged in when you ran it. These folders protect your drives from future infection. After that, reboot your computer.
Can you send the samples to virus@avast.com ?
You can zip and password the files… Inform a link to this thread and the password used.
You can send the files to Chest and, from there, resend to Alwil for analysis.
Thanks.
Maybe you need to disable Hide protected operating system files and enable View hidden files and folders’ to manage the file(s).
I don’t know what you mean by it is locked in ?
I think that Tarq57 has said what I too think, that you are seeing the autorun.inf ‘folder’ that it creates to prevent future infection by autorun.inf ‘files’ so can you explain in some more detail what the problem is ?
Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don’t delete this folder…it will help protect your drives from future infection.
What is being placed on the flash drive that is placed on it ?
Did you not run flash disinfector when you had the USB connected to the system as you need to run it against all USB drives that you would use.
I know my pc is infected cause i’ve been on this forum before. Got the link to the disinfector from on here and when I say locked, i mean that folder that its leaving behind, that folder obviously keeps the virus still [locked in it] so that it wouldnt transfer to anything else. Its like a zapper lol, prevents and stops.
What my problem is, every time I put a flash drive on my pc, sometimes other ppl’s flashdrives cause they want stuff from me, their flashdrives then get infected with this worm, hence, my pc is passing this worm onto all drives. Avast picked up the worm when it was first on my ipod and I used the disinfector but now that my flash drives are worm free, Avast is no longer picking it up on my pc. I’ve doon a boot scan and everything but my pc at the end of the day is still passing on this worm to any flash drive that is plugged in.
Do you mean that the file “autorun.inf” is locked? Can’t be moved or deleted? (If so, unusual.)
Or when you say “that folder is locked”, what folder do you mean.
What is the specific name of this worm?
I know my pc is infected cause i've been on this forum before.[i]You[/i] might know this, but that sentence is pretty much useless to anyone helping. What is needed is file names, detection names, and unusual behaviour, including the name of any file or folder transferred to another flash drive.
the name of the word is autorun.inf. My avast use to pick it up on my H.drive, where my ipod is plugged in. Now that i used flash disinfector on my ipod and usbs it isnt anymore. when i put in a fresh usb, the worm is transferred to it. So the worm must be on my pc. avast isnt picking it up anymore but because new flash drives are getting this worm when they are plugged into my pc, that tells me that my pc has this autorun.inf worm.
And what do you mean when you say that the folder is locked?
It’s about half past one, here, and I’m about to go to bed, so without waiting further for the answer (partly upon which depends the advice given), do know that “autorun.inf” is not necessarily a worm. It is a particular file placed on the usb drive to prevent malware from creating its own “autorun.inf”, which is required by malware to spread its load from the flash drive to the computer. Of itself, it is pretty much nothing. It acts like a tap. What can (or can’t) then flow through the tap is subsequently controlled by the user, who will most likely find that flash drives, when plugged in, no longer start by themselves, but need to be manually accessed.
Does that relate to your situation at all? It provides a kind of immunity, preventing malware that may be on a flash drive from automatically transferring its evil cargo.
That’s my semi-expert take on it, anyway.
If you are in doubt, by all means wait for more replies. And try uploading the file to http://www.virustotal.com/ for several online scans with a large number of virus checkers.
That folder doesn’t lock in anything, the folder is created exclusively and doesn’t import the virus, there is one file inside which is 0KB in size, see image of one that was created on my HDD partition.
The folder is there (and protected) to prevent reinfection, whilst that folder is there you cant create an autorun.inf file which would run as the autorun.inf ‘folder’ takes president.
So I can’t see how your system is infecting other USB drives you connect since there is no running malware on your system, hence it is no longer detected on your system ?
However that doesn’t say that unknown usb drives you connect aren’t already infected and that is what avast is detecting not that your system is infecting them.
Can’t see it posted in this thread, so here is the ultimate solution for autorun.inf problems:
http://nick.brown.free.fr/blog/2007/10/memory-stick-worms
If you follow Nick Browns simple registry mod in the beginning of his blog, autorun.inf
problems are history.
It can’t disinfect your PC, but you are protected against all malware from misusing autorun.inf in the future.
Applied it to many PCs many months ago.
Regards
HL
Edit: For those interested in MUCH info: http://www.us-cert.gov/cas/techalerts/TA09-020A.html