Jump to content

Ran into my 1st USB virus yesterday

kmillerusaf

By kmillerusaf
in Windows Security

 Share

Recommended Posts

kmillerusaf

kmillerusaf

Posted
Posted

So,

 

I don't know if you guys know, but I do computer helpdesk work for a living. I have been doing it for almost a full year now. Yesterday, a user called up saying they couldn't access their thumb drive. This is not out of the ordinary as we have several network drives that take up drive letters, preventing thumb drives from being recognized. Usually changing the drive letter in Disk Management does the trick.

 

However, this incident was different. When the user inserted the thumb drive into the port, autoplay would come up and she could open the folder through that method. However, if she closed the window and tried to open or explore the drive from My Computer later on, it would pull up a "Open With" window, but would never allow her to save it as "Always use the selected program" with windows explorer (what I used). So, I knew at this point, something was wrong. And my first assumption was that there was an autorun.inf file causing problems. But it was hidden as a protected operating system file. Upon unhiding and opening the autorun file, it referenced a random exe file name m9ma.exe and had all sorts of gibberish in it. I knew at this point that this was some sort of malware. I looked throughout the drive for that executable file but could not find it. So I figured Symantec might have detected and removed it. And it did, it was in Symantec's quarantine from earlier in the day when she first tried to use the thumb drive.. It recognized the virus as W32.Gammima and quarantined it appropriately. However, the autorun file itself was NOT a virus so Symantec did not quarantine it but the file was still causing havoc. To fix this, I deleted the autorun file, removed the thumb drive and inserted back; everything was back to normal.

 

Crazy!

 

Symantec: W32.Gammima Summary

There's always an exception to the rule. I'm that exception.

 

Desktop ----- AMD Athlon 3700+ (2.64Ghz), 2GB DDR 400, ASUS A8N-SLI Premium, 500GB HD, Windows XP Pro SP3, Avira Antivir Personal

At work ----- Intel C2D T1700 (1.6Ghz), 2GB DDR2 667, Dell OUY141, 80GB HD, Windows XP Pro SP2, Symantec 10

Laptop ----- Intel C2D P8400 (2.4 Ghz), 4GB DDR3 1066, Mainboard, 160GB HD, Dualboot: Windows 7/openSUSE 11.1, Avira Antivir Personal

 

link1.gif

Link to comment
Share on other sites
YoKenny

YoKenny

Posted
Posted

Have a look at:

http://siri-urz.blogspot.com/2009_02_01_archive.html

 

SmitFraudFix :

http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

"Education is what remains after one has forgotten everything he learned in school." - Albert Einstein

IE7Pro user

Link to comment
Share on other sites
kmillerusaf

kmillerusaf

Posted
  • Author
Posted

How is this relevant???

There's always an exception to the rule. I'm that exception.

 

Desktop ----- AMD Athlon 3700+ (2.64Ghz), 2GB DDR 400, ASUS A8N-SLI Premium, 500GB HD, Windows XP Pro SP3, Avira Antivir Personal

At work ----- Intel C2D T1700 (1.6Ghz), 2GB DDR2 667, Dell OUY141, 80GB HD, Windows XP Pro SP2, Symantec 10

Laptop ----- Intel C2D P8400 (2.4 Ghz), 4GB DDR3 1066, Mainboard, 160GB HD, Dualboot: Windows 7/openSUSE 11.1, Avira Antivir Personal

 

link1.gif

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept