G
Guest
12-12-06
Sent to BugTraq
VAR in Honolulu has a previously squeaky clean XP system now infected with
sonmething strange:
Symptom list:
1) All desktop icons disappeared
2) When recreated by hand, some days later they all were rendered
un-runnable because they had all been renamed with an additional .lnk suffix.
3) On every boot, after the XP splash screen, but before User Login (2
profiles), there is a 4" x 5" screen with an Exit and an OK button. The
screen shows a black background which overlays the XP blue login screen; it
looks like a VB screen. The name in the top bar changes on every boot, such
as c:\windows\system32\mup.sys, or i20mgr.sys, etc. This full file name is
preceded by usually 8 small box characters. Inside the white body of the
screen there are a few special characters: [\} and a character that looks
like an inverse equal sign, standing vertically.
4) CTRL-ALT-DEL at this point shows you flashes of blue underneath
5) The Outlook .PST file is missing
6) My antivirus and all other SYSTRAY items are gone
7) IE6 or IE7 won't connect to home page, instead Internet Properties opwns
on the General Tab
8)Trend Micro PC-Cillin 2006 sees nothing, same with their Housecall and
WinSIC, or SYSCLEAN utilities.
9) MS RootkitRevealer finds nothing.
Infection route: while it could have been web browsing, or email, I really
think it came from an odd incident when a client came in with CAD files to
print on a thumb drive. Trend says thumbdrives don't infect PCs, though I've
looked at the U3.com software available for a SanDisk Cruzer (and several
other makes)and it seems like there's a CPU in it, because you can scan a new
PC for viruses using Avast from the thumb drive.
AT one point they sent me a tool to fix the associations with applications,
so that now Start Programs run most apps.
However, I've lost my email. This case has been open at Trend for more than
a month, and now they are telling me it is not a virus and don't worry.
Not only that, when I call Trend Tech support, they hang up on me
repeatedly, or put my call back in the queue, or promise to work the next day
with me, and then don't. They want me to go away, but I think this is a
serious threat.
CAN a thumbdrive infect a system?
Has anyone seen anything like this, or know how to respond to it and recover
my email (besides backup)?
Thanks for any leads.
That can't be correct, is it?
Sent to BugTraq
VAR in Honolulu has a previously squeaky clean XP system now infected with
sonmething strange:
Symptom list:
1) All desktop icons disappeared
2) When recreated by hand, some days later they all were rendered
un-runnable because they had all been renamed with an additional .lnk suffix.
3) On every boot, after the XP splash screen, but before User Login (2
profiles), there is a 4" x 5" screen with an Exit and an OK button. The
screen shows a black background which overlays the XP blue login screen; it
looks like a VB screen. The name in the top bar changes on every boot, such
as c:\windows\system32\mup.sys, or i20mgr.sys, etc. This full file name is
preceded by usually 8 small box characters. Inside the white body of the
screen there are a few special characters: [\} and a character that looks
like an inverse equal sign, standing vertically.
4) CTRL-ALT-DEL at this point shows you flashes of blue underneath
5) The Outlook .PST file is missing
6) My antivirus and all other SYSTRAY items are gone
7) IE6 or IE7 won't connect to home page, instead Internet Properties opwns
on the General Tab
8)Trend Micro PC-Cillin 2006 sees nothing, same with their Housecall and
WinSIC, or SYSCLEAN utilities.
9) MS RootkitRevealer finds nothing.
Infection route: while it could have been web browsing, or email, I really
think it came from an odd incident when a client came in with CAD files to
print on a thumb drive. Trend says thumbdrives don't infect PCs, though I've
looked at the U3.com software available for a SanDisk Cruzer (and several
other makes)and it seems like there's a CPU in it, because you can scan a new
PC for viruses using Avast from the thumb drive.
AT one point they sent me a tool to fix the associations with applications,
so that now Start Programs run most apps.
However, I've lost my email. This case has been open at Trend for more than
a month, and now they are telling me it is not a virus and don't worry.
Not only that, when I call Trend Tech support, they hang up on me
repeatedly, or put my call back in the queue, or promise to work the next day
with me, and then don't. They want me to go away, but I think this is a
serious threat.
CAN a thumbdrive infect a system?
Has anyone seen anything like this, or know how to respond to it and recover
my email (besides backup)?
Thanks for any leads.
That can't be correct, is it?