Virus/Trojan?

K

Kloofvreter

Honorary Master
Joined
Aug 7, 2008
Messages
30,281
Reaction score
1,991
Location
Cape Town
On my flash disk and certain folders on my one PC I have noticed that inside a folder, there is an EXE file with exactly the same name as the folder, 40.4Kb in size. This is the case with many of my folders. The EXE file does nothing when executed. Anti-Virus picks up nothing, Spybot picks up nothing. And I'm not noticing anything out of the ordinary on my PC. Any clues what this might be? :confused::confused::confused:
 
Telkomisaloser said:
Name of the file?
Click to expand...

The file has no specific name. It names itself after the folder it is in. Eg. if the folder is called PORN FILES, the file would be inside the folder, called PORN FILES.EXE, with a size of 40.4Kb.

IRG said:
what anti-virus u using ? try Zone Alarm
Click to expand...

AVG finds nothing, Avast finds nothing, Trend, SEP, Adaware, Spybot finds nothing, etc.
 
AVG sux (free is worse) I once came across a virus that made rogue files (just to stuff u round and fill your HDD), maybe this is similar, so the files created may be harmless, but there is still something else running that creates them ?!?
 
IRG said:
AVG sux (free is worse) I once came across a virus that made rogue files (just to stuff u round and fill your HDD), maybe this is similar, so the files created may be harmless, but there is still something else running that creates them ?!?
Click to expand...

Seems like everyone else's precious AVast also found nothing :rolleyes: These files will hardly fill a hard drive, at one file per folder, 40.4Kb per file. There must be a process that created these files, but I can't find any.
 
look in registry under \hkey_localmachine\software\microsoft\windows\currentversion\run
for any strange programs in there.
 
Try Avira Antivir, also free like AVG. After using AVG for years I agree it is now crap.

Avira is fast, only drawback is false positives, but I can live with that.
 
MrMikey said:
Slootvreter, this sounds very much like the Iddona virus. Have a look at the description and solutions on this site. Hope this helps!

http://www.securitystronghold.com/solutions/Newfolder-ese-solve-new-folder-problem-now.html
Click to expand...

It does sound a bit like that, except that I am able to delete the files. Downloaded this fix anyway, will test it tonight.

dracolusus said:
Use this...its FREE...AND IT WORKS...

http://www.malwarebytes.org/
Click to expand...

Thanks, busy downloading it, will test tonight.

biometrics said:
Try Avira Antivir, also free like AVG. After using AVG for years I agree it is now crap.

Avira is fast, only drawback is false positives, but I can live with that.
Click to expand...

Not sure why people think AVG is crap. :confused:
 
Slootvreter said:
Not sure why people think AVG is crap. :confused:
Click to expand...

It's very slow and has a low detection rate, compare: http://www.av-comparatives.org/comparativesreviews/main-tests

Also it trashed two laptops in my office after it's update a few weeks ago. After the update if you tried to access the LAN we got a BSOD with the error description "NO_MORE_IRP_STACK_LOCATIONS" ... couldn't find any solution that worked. Required reinstalling Windows to get it to work.
 
Actually, since I come across these things every day, this can resemble behaviour of countless viruses. So as to one of the posts above, yes, it could be that, or if you really want, I can list pages of different malware that do the exact same thing as described in the OP.

If it is virulent (and it sounds like it is), being able to execute the file means nothing, as does not being detected by your AV. And this applies to ALL AV products - new variants of malware will be able to bypass detection from all products. Get it?? Good!!!! No product picks up 100% of new variants 100% of the time. So a new undetected virus may just have bypassed your AV product's heuristic scanner. That's life...

Now that I've finished ranting slightly...

Another possibility of not being detected:

The memory stick was infected, and when placed in another workstation, the files were disinfected. Meaning that the malicious part was removed, but the remainder of the file stayed behind. Unlikely, as with the majority of this form of propagation, the entire file is malicious and would be deleted or disinfected to 0KB. I DO NOT IN ANY WAY THINK THIS IS WHAT HAPPENED, ITS JUST MENTIONED AS AN ALTERNATIVE EXPLANATION...


To actually check whether it could be something - do as recommended above: upload to virustotal, run malwarebytes, or load a different AV, etc, etc.

Another thing to try would be to actually upload a sample to your AV vendor (most of their websites include this option somewhere) and let then analyse the sample - this way they can add it to their definition database for future detection and action...
And if you discover that the files are malicious, then using whatever AV product you like (that detects it) - run a full check of your PC, ie: rootkit, virus, spyware, memory scan, etc. Just some advice ;)

And yes, I've had a bad day, or rather bad two weeks!!!
 
biometrics said:
It's very slow and has a low detection rate, compare: http://www.av-comparatives.org/comparativesreviews/main-tests

Also it trashed two laptops in my office after it's update a few weeks ago. After the update if you tried to access the LAN we got a BSOD with the error description "NO_MORE_IRP_STACK_LOCATIONS" ... couldn't find any solution that worked. Required reinstalling Windows to get it to work.
Click to expand...

Whle I'm not sticking my head out for AVG (I'm neutral and don't give a rats bum what AV people like or not) just take note that when using the AV-Comparatives tests, that the tests are pretty much run on default settings, which when changed may offer increased performance both in utilization of system resources and detection rates.

Also, the products listed in the above comparative are the home user versions of those AV's - corporate versions exist and provide for different performance and/or detection rates and features than noted against the home versions.
 
I think what this guy has the brontok worm, I might be wrong but a guy at my school also had the files spread all over my flash drive with the files named as my folders.
 
DJNgoma said:
I think what this guy has the brontok worm, I might be wrong but a guy at my school also had the files spread all over my flash drive with the files named as my folders.
Click to expand...

Refer to my previous post - at least half the malware out there use this form to propagate throughout the machine - I see them almost every single day!!
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X