Virus/Threat Found Removeable Disk autorun.inf

Culinia · 24 Aug 2010 at 01:53

I was backing up some files on an infected computer for a friend today on my memory stick. I foolishly forgot that I had plugged it in his computer and put it in mine...BAM!!!

Threat Detected (some sort of worm in autorun.inf)... move to vault did not work so I quickly formatted the memory stick (although I do not know if it helped or anything)...

I have been paranoid now that I might be infected.

I run AVG Free Edition and it said no virus found...hmm what do you think?

Been monitoring internet by NetMeter and checking task manager for any suspecting processes but I can not find one...do you think it is safe to enter passwords/emails/online banking now??? Thanks.

Rainmaker · 24 Aug 2010 at 02:30

This forum really needs to set up a default copy-paste response to these types of threads. No offence intended to you OP, but there must be at least three or four posts asking this on the first page alone.

AVG isn't all that good, so I wouldn't rest on my laurels just yet. Try this to get the ball rolling:

1) Disable system restore, deleting any saved restore points. Ditto for shadow copies if you're using Vista/7.
2) Run CCleaner to remove any temp files. Check under the Startup section to ensure you don't have anything nasty set to run on boot. Disable/delete them as applicable.
3) Download, update then deep scan with MalwareBytes free edition. Remove any detected threats, reboot if prompted.
4) Repeat (3) with SuperAntiSpyware free edition.
5) It wouldn't hurt to repeat (3) again with something more in-depth (read: slower) like Dr Web. Dr Web uses a UAC secure desktop environment to scan, which makes it much more reliable. It's good at detection too.
6) Once you're pretty sure your machine is clean, run Hitman Pro to see if it detects any traces.
7) Re-enable system restore if you wish.

After that you should be pretty good to go, though personally I'd ditch AVG. It got you into this mess after all.

Might I suggest Comodo Internet Security with Defense+? It's free and it's good.

In future it may be an idea to disable auto-run anyway. It's not that much of a convenience nor much of a time-saver, and imho the risks far outweigh the benefits as you discovered. Good luck.

Culinia · 24 Aug 2010 at 12:57

Sorry for this thread, should have searched I know but I guess I just panic or something. But thank you so much for the concise answer!

It seems that my computer is clean anyway after following your advice. Will/am in process of doing the same steps on friends pc. Can't thank you enough for the peace of mind and what to do next time!

Have also done your suggestion of using Comodo Internet Security although I am not sure where Defense+ is because I tried googling but no info :s unless it's just me...lol sorry didn't get much sleep last night after doing these scans/restoring friends pc.

Thanks again.

theheyes · 24 Aug 2010 at 13:30

Which OS are you using? XP/Vista/W7?

Rainmaker · 24 Aug 2010 at 14:36

Defense+ is part of Comodo Internet Security.

Culinia · 24 Aug 2010 at 16:58

Rainmaker said:
Defense+ is part of Comodo Internet Security.

Oh yea I see it now lol at the top right lol, thanks

theheyes said:
Which OS are you using? XP/Vista/W7?

W7x64

Pho · 24 Aug 2010 at 17:46

Windows Vista and Windows 7 (and probably updated versions of XP too) automatically disable auto running of CDs and memory sticks - the box which pops up asking you what you would like to do is just part of Windows, so unless you've enabled it yourself or ran anything off of the memory stick after you plugged it in before you noticed the virus then you should be perfectly fine having formatted it.

Culinia · 25 Aug 2010 at 20:06

Pho said:
Windows Vista and Windows 7 (and probably updated versions of XP too) automatically disable auto running of CDs and memory sticks - the box which pops up asking you what you would like to do is just part of Windows, so unless you've enabled it yourself or ran anything off of the memory stick after you plugged it in before you noticed the virus then you should be perfectly fine having formatted it.

Thanks

On XP, do you think it is wise to disable autorun then?

Pho · 25 Aug 2010 at 20:27

Definitely, especially with how easy viruses can spread with memory sticks nowadays (as you found out!).

Keoni Chavez · 25 Aug 2010 at 20:37

Culinia: Hi, this is Keoni Chavez, Junior Community Manager with AVG. We regularly update our definitions to keep current with the various threats out there on the Internet. To be sure you're not infected, you can do a manual update of AVG, and have it run a full scan.

If you've any further questions or concerns, drop me a line and I'll see if I can put your mind at ease!

Thanks for using AVG!
Keoni