Hi -
I seem to have brought home some worm or virus from my computer at work through my flashdrive. I noticed earlier today that there was a strange .exe file on my main folder on my flashdrive. It’s name is: S-1-5-21-1214440339.exe. I have to admit that I did click on it after a while because I thought it was a program file I had downloaded for a colleague. It wasn’t. Clicking on it didn’t do anything though (that I observed).
However, later when I had restarted my laptop, the C: folder kept opening up automatically and if I closed it it would reopen once more. I then looked at the folder and noticed the same S…0339.exe file. I ran Avast and it detected a Win32: Agent-HIG [Wrm] on the autorun.inf file - twice (once in C: and once in C:\Documents and Settings\Owner. A JS:Redirctor [trj] was also found in the C:Documents and Settings/Owner/Local Settings/Appications folder. I moved these files to the chest. At some point during the scan, my computer shut-down (not so weird because it has been doing that every once in a while for past few months.)
I restarted my laptop and there was the C folder again with the same strange file. This time when I ran Avast and it found the same worm again I decided to delete the autorun.inf file.
Less than 10 minutes later the files are back on teh C drive AND on my flashdrive which was clear only moments ago.
Also the D drive has the same files in it. I am afraid to look but I am sure my ipod and my external harddrive which were connected earlier today will have the same files also.
I forgot to mention. When I deleted the autorun.inf file from the chest that one time, when I returned open the C: drive folder, at My Computer when I clicked on “Local C:” the computer asked me to specify which program I would liek to open the folder with…
Last night I left my laptop running after having deleted the suspicious file and moving the autorun.inf file (which was infected) to the chest.
this morning when I clicked on the “Local C:” drive to open it from My Computer - I got the following message:
Windows Script Host
Script: C:\shell.vbs
Line: 2
Char: 1
Error: The system cannot find the file specified
Code: 80070002
Source (null)
The suspicious file was in the D: drive though when I checked in there. And then when I went back to check the C: drive folder again this time it opened with the suspicious file in it and the worms …
I did a search on google for this agent=hig and saw on another antivirus software site that this worm waits and searches for its complementing up.dll file to run the infectious files. I searched my computer drive for up.dll and of course only came up with various numerous hhsetup.dll, iesetup.dll, dgsetup.dll, sisbkup.dll, syssetup.dll etc.
Help somebody!
I am scared of shutting down my laptop in case it doesn’t restart this time!!!
I know nothing about how to fix these things.