Thursday, December 20, 2007
A virus has been spreading around and it cannot be detected by most commercial Antivirus such as Symantec, Eset Nod32 and Kaspersky.Virus InformationRecycled --> Info.exeHow it propagates ?When the user double clicks the infected drive, Info.exe in the recycled folder will be run via autorun.
File System Modifications- %Windir%\Config\Svchost.exe (Virus.Win32.AutoRun.aim)- %Windir%\Config\System.exe (Virus.Win32.AutoRun.aim)- %Windir%\System.exeRecycled & Autorun.inf created in every active drive.Symptoms- Unable to view "Hide protected operating system files (Recommended)"- Probably transmits data over the networkRemoval Instructions1) Enter Task Manager, End process: System.exe2) Download 7-zip from www.7-zip.org 3) Use 7-Zip to browse infected files in stated locations and delete them4) Turn off System Restore5) Run Virus Scan and remove all virus foundAlternative Removal Instruction (Advanced Users)1) Enter Task Manager, End process: System.exe2) Go to run, type Cmd3) Type attrib -s -h C:\*.*4) Delete Infected files in stated locations5) Turn off System Restore6) Run Virus Scan and remove all virus found7) Run cmd and type attrib +s +h C:\*.*
@ ITSecure
2:36 PM
