I'm supposed to be submitting my column today and I'm still at odds with how to answer this question:
I think my pen drive has picked up a malware or so. It presents itself as a green icon with ‘KEYGEN’ written on it and it creates a message box saying “UPDATENETFRAMEWORK”. I ran my updated Norton antivirus 2009 and my updated PC tools spyware doctor, but this remains in my Windows 7 PC and all my pen drives have got infected with it.
Please could you guide me in removing it? Of course even after I manually delete the file in my pen drive, it reappears. I am attaching a snapshot of the screen with the message box and that keygen thing at the bottom.
I can't find any reference to the symptoms and effects described, but given that there are many virus making toolkits out there it could be a localised varient of a more mainstream virus. Also I'm trying to find out if Norton can be disabled by a virus (I know some AV products suffered this last year), and as both Norton and Spywear Doctor seem to be coming up zero on scans if there is a way with Norton 2009 to create an AV boot disk. In short, if I can't give any real workable advice it may be quicker for them to format and reinstall and gve a little lecture about disabling autorun on all media!
Put it into a linux box (if possible) and disinfect that way. Linux has got very good anti virus software, albeit difficult to find as most people dont care for it. It most likely wont load in a linux box so you stand a much better chance at disinfection that way.
gizmo, as i am sure u r aware there is no absolute secure AV. EVERY single one has a pitfall somewhere, its just a case of finding it. However the first instance would be to disable auto run, so as to prevent this sort of stuff in the future, and disinfect every USB stick that has been infected. Many virus scanners can be disabled by an autorun virus, as it is sometimes too late for the AV to do anything about it.
Humm if the pen drive is getting reinfected then his PC is still infected. Download and install malwarebytes and run a full scan in safe mode in safe mode to see if it will remove any nasties that Norton has missed. Maybe worth installing MSE and running a full scan with that aswell to be extra safe.
thinking out loud. is the memory stick the cause of the virus and windows is holding it in memory...
boot into a mode ideally not windows where the virus cannot run. then clean the stick and format, there a quite a few good tools out there. HP have a USB formatting tool that works quite well.
could do with checking if it's one of those usb sticks with a hidden boot partition, if that got infected that would make it hard to remove. may need one of those tools that will remove the partition but it's pretty hard to do. It usually shows up like a read only CDrom drive.
Sounds like a variant on one of the old P2P/autorun viruses that presented itself as a folder full of keygens? If it's one of the rootkit style ones it will have neatly disappeared under the radar - depends on what technical level your newsletter is aimed at but using a rootkit scanner/remover app may be beyond them and a backup and format may be the only solution for a home user. How about suggesting that they upload the keygen app to virustotal/jotti.org and then go on to look for a removal kit on the basis of what the scanners pick up?