h.com,i.com,ofddh.exe,ntdlr,autorun.inf - Page 3
Page 3 of 3 FirstFirst 123
Results 21 to 28 of 28

Thread: h.com,i.com,ofddh.exe,ntdlr,autorun.inf

  1. #21
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,178
    Well,

    The autorun.inf is bad news being in the Windows root directory.

    http://www.f-secure.com/v-descs/worm_w32_autorun.shtml

    You will now have to scan all your removable media, as that is what they go for.

    I would also recommend that you clear your restore points. Your AV will not be able to clean them

    The .com files look like a revamp of h.exe and i.exe, which are malware.
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  2. #22
    Junior Member
    Join Date
    Feb 2008
    Posts
    9
    you don't need an anti virus software for linux based OS's?

    Learn something new everyday! What is the world coming to when the new generation of virii writers just stop writing for linux...

    Forget windows and having to worry about firewalls, anti-virus, spyware, etc..
    I'm going to get a copy of linux and be safe =)
    Well there are very few anti virus for linux,there are very few viruses around made for linux
    I got a link for you
    Currently there are under 100 native Linux viruses known but in many organizations the fact that a Linux viruses exists is enough reason to install and use Linux antivirus protection on Linux desktops and servers.
    http://www.desktoplinux.com/articles/AT3307459975.html

    @nihil
    I have scanned and located the *.inf file...I am not able to delete it either by going to safe mode or command prompt.
    The .com and .exe files are not visible in windows ,no matter what ever mode you are in.

    Mandriva is helpless to delete as ntfs is mounted as read only partition
    I tried to make the ntfs partition as read and write by the techniques give by some one here..But well that din't work either
    Last edited by alphabetagammadelta91; February 24th, 2008 at 02:11 PM. Reason: added more details

  3. #23
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,178
    Well there are very few anti virus for linux,there are very few viruses around made for linux
    There is an increase in malware though (worms, trojans, rootkits). Originally you would get an AV for your Linux mailserver................ basically to protect your Windows clients.

    Have you tried going into Windows and clearing your restore points? I am beginning to suspect that Windows is hiding the files in there?

    This might work for you:

    http://www.softpedia.com/get/Securit...DelLater.shtml

    or this:

    http://www.freewarefiles.com/NTFSDOS...ram_11100.html
    Last edited by nihil; February 24th, 2008 at 02:23 PM.
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  4. #24
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Still slogging away with same issue are we.....

    DJM posted a link on how to mount the partition ...

    Obviously this is a personal machines...as in the business world the issue should have been dealt with by now....

    Personally I would rather have a clean install as you will never be sure what is on your system

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  5. #25
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,178
    That is the problem with today's malware.

    Members of the AutoRun family also often contain other functionality in addition to just spreading. In fact this infection method can be used to propagate any malicious payload, such as a backdoor, password stealer, or some other kind of trojan.
    You just don't have any idea what might be on your machine once it has been "owned"
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  6. #26
    Senior Member
    Join Date
    Oct 2007
    Location
    do a whois search on my ip...
    Posts
    268
    (Mar. 27, 2003)
    These cute little things are called dates, thats when that link you gave me was made =)

    I realize that there are far fewer virii on linux than on microsoft, but to blindly say that you dont need protection for linux systems is ridicules...

    after all your the one with suspicious files on your system...

  7. #27
    Junior Member
    Join Date
    Feb 2008
    Posts
    9

    Thumbs down

    OK,reviving the old thread again.


    The avast update in Mid March (Don't remember the date) detected and removed h.com and i.com
    But i am still having trouble with autorun.inf....

    Here is what is written in it
    ;l2J3k12nL7Sjkd0ofjjwdAas22wLA4kr4wiw3Lr1d
    [AutoRun]
    ;Dc
    open=oufddh.exe
    ;4kLKDlJ
    shell\open\Command=oufddh.exe
    ;ksroaqp5ioALqL49idDKjAdK3w25s81LeA2L0747qoifs44kDk3swosqJipDDwwpsiak0CKw3aaaF28rimkorkDwaUa462wkk
    shell\open\Default=1
    ;CSkkdsl2Z42j3KjL2lJkLf00d17Ss9UoaAs0irXi14kJ32so4KLidwD93KJjlDe7ae3jodo9KOipnaadwK4Zq6HiqfkswK1qwwwDj3oA0ia531i
    shell\explore\Command=oufddh.exe
    ;3aDd52iK2sod8fA34rsr3HrDp2KJlde3sl3KkSkskiw9K4dk40eLi5Laf4La5i0Ls30kwU2k5oiqrqqkdawLjkrkDaJK4ZwjDd2jjsc50kLaws
    Now only two things trouble me now
    autorun.inf and oufddh.exe.



    I had tried booting from unbuntu and removing them ...but linux just would take it as read only.

    I tried modifying the fstab....but that would not work either...every time i would modify linux would make a another copy of it.
    Last edited by alphabetagammadelta91; March 24th, 2008 at 10:26 AM. Reason: Spell check

  8. #28
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,242
    You might try a Bart PE disk, too, but a Linux livecd with Captive may be a better way to handle deleting the files. What's the registry entries look like for those files? Insert will write to NTFS, though I'm only familiar with the older versions that ran Captive. Looks like v1.3.9b runs something called "ntfs-3g".
    Last edited by brokencrow; March 24th, 2008 at 06:18 PM.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides