I’m running Windows 7 with Avast (Free) 8.0.1497 and latest definitions.
I found something strange on my external USB flash drive that has been used in various PC’s (trusted and non-trusted). WIth the option to view hidden files on, I can see all my 1st level directories (folders) on the flash were hidden and ‘something’ had created a shortcut to each of them that was visible.
The folder shortcut executed the following code:
C:\windows\system32\cmd.exe /c start zdlgyuuxzz.vbs&start explorer brochure&exit (WHERE my folder name was brochure)
The flash drive has the zdlgyuuxzz.vbs file stored in the root. I couldn’t find any info about the file / virus (or other) that put it there via web search etc. I can only assume the file name is randomly generated.
I have attached the file, but renamed it to be a text file so I can upload it here. I’m no coder, so can’t make sense of it, beyond the fact that the it may have done some basic encryption that is undone and then the script executed.
Anyway to the point - Avast did not detect any problems with my flash drive after doing a scan. Nor did malware bytes for that matter. Is this something that could / should be picked up? I get that the script could have been something intentional that I or someone else may have created to achieve something, thus may be no-where near the ‘it is a virus’ defintion.
I’m just wondering if anyone has any clues what the script does AND where I might have picked it up (e.g there is a virus or malware that creates the script & infects the drive). I’m yet to do a full Virus scan on my PC but perhaps the next step for me (after deleting the shortcuts and unhiding the hidden directories.)
Hello,
in this file is start of malicious visual basic script obfuscated with Base64 encoding.
However this script is not complete and it doesnt do anything.
Other versions of this scripts infects computer, create shortcuts and download other malware from internet so virus scan would be a wise step.
[*] Double click MCShield-Setup to install the application.
[*] Wait a few seconds to MCShield finish initial scan.
Recommendation to under General and Scanner tab you click on Defaults button to choose recommended options.
[*] Connect your USB storage devices to the computer one at a time. Scanning will be done automatically.
When all scanning is done, you need to attach a logreport that MCShield has created.
Start → All Programs → MCShield → Logs
Attach here → AllScans.txt
Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC,
e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras,
memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.
Thankyou so much everyone.
It’s great that is an active community of gurus out there to help out.
I’ll download the suggested software and scan and clean-up the mess.
Thank you very much Argus! You helped me a lot with the suggestion to use MCShield! All itens that were transformed in shortcuts returned to the normal.