+ Post New Thread
Results 1 to 8 of 8
AV and Multimedia Related Thread, Virus question in Technical; ...
  1. #1

    Dos_Box's Avatar
    Join Date
    Jun 2005
    Location
    Preston, Lancashire
    Posts
    10,396
    Thank Post
    601
    Thanked 2,171 Times in 994 Posts
    Blog Entries
    23
    Rep Power
    630

    Virus question

    I'm supposed to be submitting my column today and I'm still at odds with how to answer this question:

    I think my pen drive has picked up a malware or so. It presents itself as a green icon with ‘KEYGEN’ written on it and it creates a message box saying “UPDATENETFRAMEWORK”. I ran my updated Norton antivirus 2009 and my updated PC tools spyware doctor, but this remains in my Windows 7 PC and all my pen drives have got infected with it.

    Please could you guide me in removing it? Of course even after I manually delete the file in my pen drive, it reappears. I am attaching a snapshot of the screen with the message box and that keygen thing at the bottom.
    I can't find any reference to the symptoms and effects described, but given that there are many virus making toolkits out there it could be a localised varient of a more mainstream virus. Also I'm trying to find out if Norton can be disabled by a virus (I know some AV products suffered this last year), and as both Norton and Spywear Doctor seem to be coming up zero on scans if there is a way with Norton 2009 to create an AV boot disk. In short, if I can't give any real workable advice it may be quicker for them to format and reinstall and gve a little lecture about disabling autorun on all media!

  2. #2

    nephilim's Avatar
    Join Date
    Nov 2008
    Location
    Dunstable
    Posts
    11,935
    Thank Post
    1,628
    Thanked 1,898 Times in 1,410 Posts
    Blog Entries
    2
    Rep Power
    429
    Put it into a linux box (if possible) and disinfect that way. Linux has got very good anti virus software, albeit difficult to find as most people dont care for it. It most likely wont load in a linux box so you stand a much better chance at disinfection that way.

    And yes, disable autorun on all media is a help!

  3. #3
    gizmo2005's Avatar
    Join Date
    Jun 2010
    Location
    Cornwall
    Posts
    243
    Thank Post
    81
    Thanked 19 Times in 14 Posts
    Rep Power
    17
    or you could change your license to a more secure antivirus software

  4. #4

    nephilim's Avatar
    Join Date
    Nov 2008
    Location
    Dunstable
    Posts
    11,935
    Thank Post
    1,628
    Thanked 1,898 Times in 1,410 Posts
    Blog Entries
    2
    Rep Power
    429
    gizmo, as i am sure u r aware there is no absolute secure AV. EVERY single one has a pitfall somewhere, its just a case of finding it. However the first instance would be to disable auto run, so as to prevent this sort of stuff in the future, and disinfect every USB stick that has been infected. Many virus scanners can be disabled by an autorun virus, as it is sometimes too late for the AV to do anything about it.

  5. #5

    SYSMAN_MK's Avatar
    Join Date
    Sep 2005
    Posts
    4,005
    Thank Post
    489
    Thanked 1,340 Times in 728 Posts
    Rep Power
    428
    Humm if the pen drive is getting reinfected then his PC is still infected. Download and install malwarebytes and run a full scan in safe mode in safe mode to see if it will remove any nasties that Norton has missed. Maybe worth installing MSE and running a full scan with that aswell to be extra safe.

  6. #6

    vikpaw's Avatar
    Join Date
    Sep 2006
    Location
    Saudi Arabia
    Posts
    5,970
    Thank Post
    673
    Thanked 1,383 Times in 1,145 Posts
    Rep Power
    350
    thinking out loud. is the memory stick the cause of the virus and windows is holding it in memory...

    boot into a mode ideally not windows where the virus cannot run. then clean the stick and format, there a quite a few good tools out there. HP have a USB formatting tool that works quite well.

    could do with checking if it's one of those usb sticks with a hidden boot partition, if that got infected that would make it hard to remove. may need one of those tools that will remove the partition but it's pretty hard to do. It usually shows up like a read only CDrom drive.

  7. #7
    gizmo2005's Avatar
    Join Date
    Jun 2010
    Location
    Cornwall
    Posts
    243
    Thank Post
    81
    Thanked 19 Times in 14 Posts
    Rep Power
    17
    try having a look at this link hopefully this will help you Free Portable USB AntiVirus Scanner Software For Flash Drive

  8. #8

    Join Date
    Feb 2006
    Location
    Derbyshire
    Posts
    1,381
    Thank Post
    181
    Thanked 211 Times in 171 Posts
    Rep Power
    65
    Sounds like a variant on one of the old P2P/autorun viruses that presented itself as a folder full of keygens? If it's one of the rootkit style ones it will have neatly disappeared under the radar - depends on what technical level your newsletter is aimed at but using a rootkit scanner/remover app may be beyond them and a backup and format may be the only solution for a home user. How about suggesting that they upload the keygen app to virustotal/jotti.org and then go on to look for a removal kit on the basis of what the scanners pick up?

SHARE:
+ Post New Thread

Similar Threads

  1. New Virus??
    By tommccann in forum Windows
    Replies: 14
    Last Post: 29th June 2010, 11:08 AM
  2. Virus
    By mhussain in forum Windows
    Replies: 10
    Last Post: 24th May 2010, 09:53 AM
  3. Virus Help
    By gibbo_ap in forum General Chat
    Replies: 3
    Last Post: 22nd May 2010, 11:55 AM
  4. Virus or No Virus?
    By gmiller in forum Mac
    Replies: 8
    Last Post: 24th September 2009, 08:29 AM
  5. Virus Question
    By jlr58 in forum Windows
    Replies: 2
    Last Post: 27th June 2007, 08:06 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •