2 replies to this topic

[sony_georgiev]

The problem is that the infected USB drive, when is scanned-manual, MB don't find infections. Even if you install the virus. But when you scan drive C:, 2 registry keys and one file, that put the infections in everyone usb drive that will be attached to the PC.

Quote

Malwarebytes' Anti-Malware 1.40
Database version: 2667
Windows 5.1.2600 Service Pack 3

21/8/2009 09:12:37
mbam-log-2009-08-21 (09-12-37).txt

Scan type: Quick Scan
Objects scanned: 90656
Time elapsed: 3 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Microsoft Driver Setup (Worm.Palevo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Driver Setup (Worm.Palevo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\winhost.exe (Worm.Palevo) -> Delete on reboot.

And you know the virus what do, after infected pc is restarted:
1. Put copy on all hard drives
2. Disable firewall, Task Manager, and disable function to see hidden files and system protected files.
3. Also block MalwareBytes from update with error 732( 0, 0)
4. Slow down the PC and put also various Adware.

Attached file is archived untouched version and that the file in:RECYCLER\S-51-9-25-3434476501-1644491928-601013333-1214\winhost.exe is protected with 2 level hidden and important system file.

The good news is that after all MB remove it, but don't stop it in beginning.

Attached Files

•  RECYCLER.rar   90.39K   36 downloads

[DaChew]

The actual infection starts when you insert the usb drive, that's why you need to be protected

Please download Flash_Disinfector.exe by sUBs and save it to your desktop.

• Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  
• The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  
• Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  
• Wait until it has finished scanning and then exit the program.
  
• Reboot your computer when done.

Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.


It's quite complicated tho

http://www.bleepingcomputer.com/forums/ind...t&p=1389354

[sony_georgiev]

I am writing it, not to protect me. I am ok, just want to share that, MB don't detect threat on manual scan of infected USB drive. You can scan, or extract the attached file and see that MB will stay in tray with no reaction. I use that soft - Flash_Disinfector. 10x for your post.