Hi, I’m trying to find a solution to this virus too. It’s main reason is to spread to everything possible. HDD, USB, Network drives.
Our high school was infected with it at one computer, and it spread to every computer that was logged on to the network.
A friend of mine found the virus when he got home and for a couple of days thought not much about it.
But we soon found the virus was infecting the computers all around school and found the bootex folder and the autorun.inf (the file used to autorun the thumbcache_131.exe file in BOOTEX.
We tried many main stream antivirus programs and going through command prompt. But nothing worked.
We came across a solution AS OF TODAY of how to remove the virus off the computer (the Hard drive only).
It plants itself deep into the registry and in files. It will also restore itself if deleted. Same as the usb.
The only way to fix your USB devices is formatting in linux or deleting the BOOTEX folder + the autorun.inf file. When you delete those, delete the .TRASH*** folder that linux creates when files are deleted.
Don’t try to format you drive in a clean computer, and formatting a drive on an infected will reinfect the drive again.
http://www.virustotal.com/analisis/cc0cffeaf4c8b346825ce4920040bc5157f471be9a11427f8e80ea42ee6497cf-1260119695
http://www.threatexpert.com/report.aspx?md5=ad3acf9f761d4c650f95915a2308d8b6
Details from ThreatExpert
A network-aware worm that attempts to replicate across the existing network(s)
[file and pathname of the sample #1] 123,904 bytes
MD5: 0xAD3ACF9F761D4C650F95915A2308D8B6
SHA-1: 0xE7B3C83DE5C26CF8DF7419BABEC234A8ED32ED33
W32.SillyDC [Symantec]
P2P-Worm.Win32.Palevo.lhk [Kaspersky Lab]
BackDoor-EEF [McAfee]
Mal/EncPk-JU [Sophos]
VirTool:Win32/Injector.gen!AD [Microsoft]
Win-Trojan/Pher.103424 [AhnLab]
[b]
I wasn’t there when we found the tool to remove the files (requires safe mode + the .exe file)
We’re currently testing this method on a school infected computer, and if it succeeds, we’ll create a bat file to run in this way:[/b]
Restart (Confirm user shutdown in 60 seconds)
Computer reboots
Safe Mode is activated
Windows Loads in safe mode
bat file continues on with loading the cleaner file (.exe)
cleaner is paced through an automatic run from the bat file (any settings that ask for yes, no, ok, next, forward, etc) to run the program automatically.
Cleaner cleans house
Reboot into normal Windows
For USB’s only method that worked:
was a Linux OS opening the drive
Go to View > Show Hidden Files
Select the folder BOOTEX
Press delete
Select autorun.inf
Press delete
NOT THAT A NEW FOLDER WILL APPEAR, called .TRASH*** (*'s represent numbers)
That is the Linux backup recyle bin.
Select the folder, and delete it.
Your drive should be clean now, to make sure, you can scan with Prevx, Kaspersky, Avast. (IDK about AVG, I have no portable version to test).
A Linux Avast! is available for Ubuntu and other LINUX os: http://www.avast.com/eng/download-avast-for-linux-edition.html
download the .deb for Ubuntu and install
You need a register key from the website the program says for you to go to.
UPDATE IT, the virus is actually recent to the database, and the database is outdated anyways, but months.
Prevx is a great anti-malware program, and a free version is available.
This free version ONLY detects threats, it is VERY good at this job.
Prevx: http://prevx.com/
Install, it’ll do a learning scan.
Then if nothing comes up, go to my computer right click on the drive and click Scan with Prevx