-
February 24th, 2008, 11:37 AM
#21
Well,
The autorun.inf is bad news being in the Windows root directory.
http://www.f-secure.com/v-descs/worm_w32_autorun.shtml
You will now have to scan all your removable media, as that is what they go for.
I would also recommend that you clear your restore points. Your AV will not be able to clean them
The .com files look like a revamp of h.exe and i.exe, which are malware.
-
February 24th, 2008, 02:46 PM
#22
Junior Member
you don't need an anti virus software for linux based OS's?
Learn something new everyday! What is the world coming to when the new generation of virii writers just stop writing for linux...
Forget windows and having to worry about firewalls, anti-virus, spyware, etc..
I'm going to get a copy of linux and be safe =)
Well there are very few anti virus for linux,there are very few viruses around made for linux
I got a link for you
Currently there are under 100 native Linux viruses known but in many organizations the fact that a Linux viruses exists is enough reason to install and use Linux antivirus protection on Linux desktops and servers.
http://www.desktoplinux.com/articles/AT3307459975.html
@nihil
I have scanned and located the *.inf file...I am not able to delete it either by going to safe mode or command prompt.
The .com and .exe files are not visible in windows ,no matter what ever mode you are in.
Mandriva is helpless to delete as ntfs is mounted as read only partition
I tried to make the ntfs partition as read and write by the techniques give by some one here..But well that din't work either
Last edited by alphabetagammadelta91; February 24th, 2008 at 03:11 PM.
Reason: added more details
-
February 24th, 2008, 03:13 PM
#23
Well there are very few anti virus for linux,there are very few viruses around made for linux
There is an increase in malware though (worms, trojans, rootkits). Originally you would get an AV for your Linux mailserver................ basically to protect your Windows clients.
Have you tried going into Windows and clearing your restore points? I am beginning to suspect that Windows is hiding the files in there?
This might work for you:
http://www.softpedia.com/get/Securit...DelLater.shtml
or this:
http://www.freewarefiles.com/NTFSDOS...ram_11100.html
Last edited by nihil; February 24th, 2008 at 03:23 PM.
-
February 24th, 2008, 03:21 PM
#24
Still slogging away with same issue are we.....
DJM posted a link on how to mount the partition ...
Obviously this is a personal machines...as in the business world the issue should have been dealt with by now....
Personally I would rather have a clean install as you will never be sure what is on your system
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
February 24th, 2008, 03:54 PM
#25
That is the problem with today's malware.
Members of the AutoRun family also often contain other functionality in addition to just spreading. In fact this infection method can be used to propagate any malicious payload, such as a backdoor, password stealer, or some other kind of trojan.
You just don't have any idea what might be on your machine once it has been "owned"
-
February 25th, 2008, 08:58 AM
#26
These cute little things are called dates, thats when that link you gave me was made =)
I realize that there are far fewer virii on linux than on microsoft, but to blindly say that you dont need protection for linux systems is ridicules...
after all your the one with suspicious files on your system...
-
March 24th, 2008, 10:23 AM
#27
Junior Member
OK,reviving the old thread again.
The avast update in Mid March (Don't remember the date) detected and removed h.com and i.com
But i am still having trouble with autorun.inf....
Here is what is written in it
;l2J3k12nL7Sjkd0ofjjwdAas22wLA4kr4wiw3Lr1d
[AutoRun]
;Dc
open=oufddh.exe
;4kLKDlJ
shell\open\Command=oufddh.exe
;ksroaqp5ioALqL49idDKjAdK3w25s81LeA2L0747qoifs44kDk3swosqJipDDwwpsiak0CKw3aaaF28rimkorkDwaUa462wkk
shell\open\Default=1
;CSkkdsl2Z42j3KjL2lJkLf00d17Ss9UoaAs0irXi14kJ32so4KLidwD93KJjlDe7ae3jodo9KOipnaadwK4Zq6HiqfkswK1qwwwDj3oA0ia531i
shell\explore\Command=oufddh.exe
;3aDd52iK2sod8fA34rsr3HrDp2KJlde3sl3KkSkskiw9K4dk40eLi5Laf4La5i0Ls30kwU2k5oiqrqqkdawLjkrkDaJK4ZwjDd2jjsc50kLaws
Now only two things trouble me now
autorun.inf and oufddh.exe.
I had tried booting from unbuntu and removing them ...but linux just would take it as read only.
I tried modifying the fstab....but that would not work either...every time i would modify linux would make a another copy of it.
Last edited by alphabetagammadelta91; March 24th, 2008 at 10:26 AM.
Reason: Spell check
-
March 24th, 2008, 06:14 PM
#28
You might try a Bart PE disk, too, but a Linux livecd with Captive may be a better way to handle deleting the files. What's the registry entries look like for those files? Insert will write to NTFS, though I'm only familiar with the older versions that ran Captive. Looks like v1.3.9b runs something called "ntfs-3g".
Last edited by brokencrow; March 24th, 2008 at 06:18 PM.
“Everybody is ignorant, only on different subjects.” — Will Rogers
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|