h.com,i.com,ofddh.exe,ntdlr,autorun.inf

[nihil]

Well,

The autorun.inf is bad news being in the Windows root directory.

http://www.f-secure.com/v-descs/worm_w32_autorun.shtml

You will now have to scan all your removable media, as that is what they go for.

I would also recommend that you clear your restore points. Your AV will not be able to clean them

The .com files look like a revamp of h.exe and i.exe, which are malware.

[alphabetagammadelta91]

you don't need an anti virus software for linux based OS's?

Learn something new everyday! What is the world coming to when the new generation of virii writers just stop writing for linux...

Forget windows and having to worry about firewalls, anti-virus, spyware, etc..
I'm going to get a copy of linux and be safe =)

Well there are very few anti virus for linux,there are very few viruses around made for linux
I got a link for you

Currently there are under 100 native Linux viruses known but in many organizations the fact that a Linux viruses exists is enough reason to install and use Linux antivirus protection on Linux desktops and servers.

http://www.desktoplinux.com/articles/AT3307459975.html

@nihil
I have scanned and located the *.inf file...I am not able to delete it either by going to safe mode or command prompt.
The .com and .exe files are not visible in windows ,no matter what ever mode you are in.

Mandriva is helpless to delete as ntfs is mounted as read only partition
I tried to make the ntfs partition as read and write by the techniques give by some one here..But well that din't work either

[nihil]

Well there are very few anti virus for linux,there are very few viruses around made for linux

There is an increase in malware though (worms, trojans, rootkits). Originally you would get an AV for your Linux mailserver................ basically to protect your Windows clients.

Have you tried going into Windows and clearing your restore points? I am beginning to suspect that Windows is hiding the files in there?

This might work for you:

http://www.softpedia.com/get/Securit...DelLater.shtml

or this:

http://www.freewarefiles.com/NTFSDOS...ram_11100.html

[morganlefay]

Still slogging away with same issue are we.....

DJM posted a link on how to mount the partition ...

Obviously this is a personal machines...as in the business world the issue should have been dealt with by now....

Personally I would rather have a clean install as you will never be sure what is on your system

MLF

[nihil]

That is the problem with today's malware.

Members of the AutoRun family also often contain other functionality in addition to just spreading. In fact this infection method can be used to propagate any malicious payload, such as a backdoor, password stealer, or some other kind of trojan.

You just don't have any idea what might be on your machine once it has been "owned"

[ArPaNET]

(Mar. 27, 2003)

These cute little things are called dates, thats when that link you gave me was made =)

I realize that there are far fewer virii on linux than on microsoft, but to blindly say that you dont need protection for linux systems is ridicules...

after all your the one with suspicious files on your system...

[alphabetagammadelta91]

OK,reviving the old thread again.


The avast update in Mid March (Don't remember the date) detected and removed h.com and i.com
But i am still having trouble with autorun.inf....

Here is what is written in it

;l2J3k12nL7Sjkd0ofjjwdAas22wLA4kr4wiw3Lr1d
[AutoRun]
;Dc
open=oufddh.exe
;4kLKDlJ
shell\open\Command=oufddh.exe
;ksroaqp5ioALqL49idDKjAdK3w25s81LeA2L0747qoifs44kDk3swosqJipDDwwpsiak0CKw3aaaF28rimkorkDwaUa462wkk
shell\open\Default=1
;CSkkdsl2Z42j3KjL2lJkLf00d17Ss9UoaAs0irXi14kJ32so4KLidwD93KJjlDe7ae3jodo9KOipnaadwK4Zq6HiqfkswK1qwwwDj3oA0ia531i
shell\explore\Command=oufddh.exe
;3aDd52iK2sod8fA34rsr3HrDp2KJlde3sl3KkSkskiw9K4dk40eLi5Laf4La5i0Ls30kwU2k5oiqrqqkdawLjkrkDaJK4ZwjDd2jjsc50kLaws

Now only two things trouble me now
autorun.inf and oufddh.exe.



I had tried booting from unbuntu and removing them ...but linux just would take it as read only.

I tried modifying the fstab....but that would not work either...every time i would modify linux would make a another copy of it.

[brokencrow]

You might try a Bart PE disk, too, but a Linux livecd with Captive may be a better way to handle deleting the files. What's the registry entries look like for those files? Insert will write to NTFS, though I'm only familiar with the older versions that ran Captive. Looks like v1.3.9b runs something called "ntfs-3g".