a friend of mine just connected her flash drive (USB) to her laptop and avast! reported the following viruses:
Win32:Palevo [Wrm]
Win32:Confi [Wrm]
VBS:Malware-gen
Win32:Kavos [Trj]
Apparently, there was a autorun.inf on the USB-drive that should not have been there. I searched in the www for information about this and found out that in most cases the virus infects the pc in the very moment the flash drive is connected and AutoPlay (Windows XP SP2) starts. But since avast! reported the viruses, I think it might have been blocked before infecting the computer?
A following complete check of the system gave no alarm about any viruses on the pc; a Conficker-Test by heise-online also gave no signs of infection with conficker (I think win32:confi is conficker?)
It would be great to know what to do now. Sometimes I feel quite unsure whether I can trust a full-scan by avast! or not…
Thanks in advance!
Einoel
EDIT: I have to correct: The system is Windows XP Service Pack 3, not 2!
Einoel, you’re using Windows SP2 that has several security vunerablilities and Windows SP3 has been available for a year that has perfomance enhancements and several Critical Security Updates so in IE go to Tools then Windows Update then download and install all updates.
Go to Control Center then Security Center then set it to Automatic Updates (Recommended) or at least Notify me about updates but do not download nor install them.
Flash Drive Disinfector
Information and Download Flash_Disinfector.exe by sUBs from >here< and save it to your desktop.
[*] Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.[*] The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.[*] Wait until it has finished scanning and then exit the program.[*] Reboot your computer when done. Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don’t delete this folder…it will help protect your drives from future infection.
Ok, I will use that. But is the computer clean or do I have to check it in some other ways? Because otherwise I would infect the flash drive by inserting it right before Flash_Disinfector can protect it, or am I wrong?
Hopefully the detections by avast will have stopped it getting established.
You can also run some other scans:
If you haven’t already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).
MalwareBytes Anti-Malware, On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later. - 2. SUPERantispyware On-Demand only in free version.
Don’t worry about reported tracking cookies they are a minor issue and not one of securty, allow SAS to deal with them though.