weird virus auto duplicate whenever usb inserted

[scyap]

_*Hello_everyone,_i_totally_need_help__cuz_my_pc_is_in_trouble..._i_am_infected_with_

some_unknown_virus...*_

HOW IT HAPPENED

I put my portable hard disc into a friend's pc, uploaded data, and whe
i connect my
portable HD to my own PC, its infected, im sure its infects via USB

HOW IT EXECUTES

well before that i didnt know its infected, so i just double clicked m
portable HD

(from
my pc) and nothing happened, after a few tries, i right click and sa
"auto-play", i was
shocked and then i use OPEN, and i saw some autorun.inf an
windows.scr, autorun.inf is
commanded(i know, wrong word) to execute windows.scr as auto play. BOT
FILES ARE
SYSTEM+HIDDEN, i did turn on ability to view HIDDEN and SYSTEM long ag
(yeah i know the
risks but i wont simply accidentally delete a file)

.SCR FORMAT

Its windows screen saver format but its an infected one, it says righ
here (link

below)
and it claims to be a extension used to transmit TROJAN
http://filext.com/file-extension/scr

COULDN'T YOU JUST DELETE WINDOWS.SCR AND AUTORUN.INF

Yes i did try but it didnt work, my computer is ALREADY infected cuz th
first time

i
double clicked it (and it autorun)

WHAT U MEAN INFECTED

i have no problems deleting windows.scr and autorun.inf BUT when
insert the USB

(or any USB memory sticks, tested), it will re-create those two file
(Yes, it will re-

create it instantly once u insert it in, checked using the Created on
<date>)

DOES THIS WORK IN SAFE MODE

YES, WHAT A VIRUS !!!
It works and STILL SPREADS via usb in safe mode

DO U HAVE A SCREEN SHOT OF YOUR RUNNING PROCESSES IN SAFE MODE

Yes i do, here is link below
http://img184.imageshack.us/img184/900/wthhhhri1.jpg

INSTALL THIS ANTI VIRUS, AND THAT, AND THE OTHER ONE, AND THAT TOO !!

I use AVG 7.5 AntiVirus Professional (registered)
I use AVG AntiSpyware (registered)
I use Ad-Aware 07

U DIDNT UPDATE EH

ALL UPDATED

U USE THOSE ANTI VIRUS AND UPDATED IT BUT DID U SCAN

Yes, full system scan with NOTHING (sigh)

SCAN REMOVEABLE

yes i did scan my usb...

NO NORTON FROM SYMANTEC

Yeah i have 2003 but since its so old, i downloaded 2008, but blu
screen when

Norton 2008 starts on startup, so i went to safe mode, us
NortonRemovalTool and blasted it

out of my pc, i guess its the clash with AVG, it did warn me durin
installation but i am

not dumping AVG, i paid !

WHAT OTHER TRICKS U DID?

I tried renaming and changing its extension, but failed, it re-create
the same copy

again

IS HARDDISK AFFECTED BY THIS AUTORUN

NO, only Removeable Discs

GOT HIJACKTHIS

Yes, is it needed?

ANY MORE

Yea, i was once affected by this virus long time ago, it will create
Copy of the

autorun etc in EVERY DRIVE (including HDD) and put an autorun, and whe
u run the autorun,

it will check if the process to spread is ON or not, if not, it will o
it, and then it

will copy itself to ANY DISKS . This is very obvious cuz its in HDD a
autorun too and its

in Processes, which i obviously know where its from, so i terminated
and cleared all the

files, which made this virus permanently disappear but this i
something new...

AND as far as im concerned, there MUST be a process to check if i hav
inserted a
RemoveableDrive or not, right? Like a looping check everyone 1 second?
Well this is what i think, it may not be true... cuz i cant find thi
process
i always check at processlibrary.com

...hmmm , everything in my processes look clean, my only suspect is wh
so many svchost,

last time i didnt have that many




I have two screen shots :
_-Safe_Mode_all_processes_
http://img184.imageshack.us/img184/900/wthhhhri1.jpg

_-Normal_Windows_All_processes_
http://img168.imageshack.us/my.php?image=tasknq3.jpg


Help pls..

 

[bojimbo26one]

What antivirus program are you running ?

_*Hello_everyone,_i_totally_need_help__cuz_my_pc_is_in_trouble..._i_am_infected_with_

some_unknown_virus...*_

HOW IT HAPPENED?

I put my portable hard disc into a friend's pc, uploaded data, and when
i connect my
portable HD to my own PC, its infected, im sure its infects via USB

HOW IT EXECUTES?

well before that i didnt know its infected, so i just double clicked my
portable HD

(from
my pc) and nothing happened, after a few tries, i right click and saw
"auto-play", i was
shocked and then i use OPEN, and i saw some autorun.inf and
windows.scr, autorun.inf is
commanded(i know, wrong word) to execute windows.scr as auto play. BOTH
FILES ARE
SYSTEM+HIDDEN, i did turn on ability to view HIDDEN and SYSTEM long ago
(yeah i know the
risks but i wont simply accidentally delete a file)

.SCR FORMAT?

Its windows screen saver format but its an infected one, it says right
here (link

below)
and it claims to be a extension used to transmit TROJAN
http://filext.com/file-extension/scr

COULDN'T YOU JUST DELETE WINDOWS.SCR AND AUTORUN.INF ?

Yes i did try but it didnt work, my computer is ALREADY infected cuz the
first time

i
double clicked it (and it autorun)

WHAT U MEAN INFECTED?

i have no problems deleting windows.scr and autorun.inf BUT when i
insert the USB

(or any USB memory sticks, tested), it will re-create those two files
(Yes, it will re-

create it instantly once u insert it in, checked using the Created on :
<date>)

DOES THIS WORK IN SAFE MODE?

YES, WHAT A VIRUS !!!
It works and STILL SPREADS via usb in safe mode

DO U HAVE A SCREEN SHOT OF YOUR RUNNING PROCESSES IN SAFE MODE?

Yes i do, here is link below
http://img184.imageshack.us/img184/900/wthhhhri1.jpg

INSTALL THIS ANTI VIRUS, AND THAT, AND THE OTHER ONE, AND THAT TOO !!!

I use AVG 7.5 AntiVirus Professional (registered)
I use AVG AntiSpyware (registered)
I use Ad-Aware 07

U DIDNT UPDATE EH?

ALL UPDATED

U USE THOSE ANTI VIRUS AND UPDATED IT BUT DID U SCAN?

Yes, full system scan with NOTHING (sigh)

SCAN REMOVEABLE?

yes i did scan my usb...

NO NORTON FROM SYMANTEC ?

Yeah i have 2003 but since its so old, i downloaded 2008, but blue
screen when

Norton 2008 starts on startup, so i went to safe mode, use
NortonRemovalTool and blasted it

out of my pc, i guess its the clash with AVG, it did warn me during
installation but i am

not dumping AVG, i paid !

WHAT OTHER TRICKS U DID??

I tried renaming and changing its extension, but failed, it re-creates
the same copy

again

IS HARDDISK AFFECTED BY THIS AUTORUN?

NO, only Removeable Discs

GOT HIJACKTHIS?

Yes, is it needed?

ANY MORE?

Yea, i was once affected by this virus long time ago, it will create a
Copy of the

autorun etc in EVERY DRIVE (including HDD) and put an autorun, and when
u run the autorun,

it will check if the process to spread is ON or not, if not, it will on
it, and then it

will copy itself to ANY DISKS . This is very obvious cuz its in HDD as
autorun too and its

in Processes, which i obviously know where its from, so i terminated,
and cleared all the

files, which made this virus permanently disappear but this is
something new...

AND as far as im concerned, there MUST be a process to check if i have
inserted a
RemoveableDrive or not, right? Like a looping check everyone 1 second?
Well this is what i think, it may not be true... cuz i cant find this
process
i always check at processlibrary.com

..hmmm , everything in my processes look clean, my only suspect is why
so many svchost,

last time i didnt have that many




I have two screen shots :
_-Safe_Mode_all_processes_
http://img184.imageshack.us/img184/900/wthhhhri1.jpg

_-Normal_Windows_All_processes_
http://img168.imageshack.us/my.php?image=tasknq3.jpg


Help pls...

 

[helps_appreciated]

go here:

http://www.raymond.cc/blog/archives...k-c-drive-at-my-computer-and-not-opening-fix/

_*Hello_everyone,_i_totally_need_help__cuz_my_pc_is_in_trouble..._i_am_infected_with_

some_unknown_virus...*_

HOW IT HAPPENED?

I put my portable hard disc into a friend's pc, uploaded data, and when
i connect my
portable HD to my own PC, its infected, im sure its infects via USB

HOW IT EXECUTES?

well before that i didnt know its infected, so i just double clicked my
portable HD

(from
my pc) and nothing happened, after a few tries, i right click and saw
"auto-play", i was
shocked and then i use OPEN, and i saw some autorun.inf and
windows.scr, autorun.inf is
commanded(i know, wrong word) to execute windows.scr as auto play. BOTH
FILES ARE
SYSTEM+HIDDEN, i did turn on ability to view HIDDEN and SYSTEM long ago
(yeah i know the
risks but i wont simply accidentally delete a file)

.SCR FORMAT?

Its windows screen saver format but its an infected one, it says right
here (link

below)
and it claims to be a extension used to transmit TROJAN
http://filext.com/file-extension/scr

COULDN'T YOU JUST DELETE WINDOWS.SCR AND AUTORUN.INF ?

Yes i did try but it didnt work, my computer is ALREADY infected cuz the
first time

i
double clicked it (and it autorun)

WHAT U MEAN INFECTED?

i have no problems deleting windows.scr and autorun.inf BUT when i
insert the USB

(or any USB memory sticks, tested), it will re-create those two files
(Yes, it will re-

create it instantly once u insert it in, checked using the Created on :
<date>)

DOES THIS WORK IN SAFE MODE?

YES, WHAT A VIRUS !!!
It works and STILL SPREADS via usb in safe mode

DO U HAVE A SCREEN SHOT OF YOUR RUNNING PROCESSES IN SAFE MODE?

Yes i do, here is link below
http://img184.imageshack.us/img184/900/wthhhhri1.jpg

INSTALL THIS ANTI VIRUS, AND THAT, AND THE OTHER ONE, AND THAT TOO !!!

I use AVG 7.5 AntiVirus Professional (registered)
I use AVG AntiSpyware (registered)
I use Ad-Aware 07

U DIDNT UPDATE EH?

ALL UPDATED

U USE THOSE ANTI VIRUS AND UPDATED IT BUT DID U SCAN?

Yes, full system scan with NOTHING (sigh)

SCAN REMOVEABLE?

yes i did scan my usb...

NO NORTON FROM SYMANTEC ?

Yeah i have 2003 but since its so old, i downloaded 2008, but blue
screen when

Norton 2008 starts on startup, so i went to safe mode, use
NortonRemovalTool and blasted it

out of my pc, i guess its the clash with AVG, it did warn me during
installation but i am

not dumping AVG, i paid !

WHAT OTHER TRICKS U DID??

I tried renaming and changing its extension, but failed, it re-creates
the same copy

again

IS HARDDISK AFFECTED BY THIS AUTORUN?

NO, only Removeable Discs

GOT HIJACKTHIS?

Yes, is it needed?

ANY MORE?

Yea, i was once affected by this virus long time ago, it will create a
Copy of the

autorun etc in EVERY DRIVE (including HDD) and put an autorun, and when
u run the autorun,

it will check if the process to spread is ON or not, if not, it will on
it, and then it

will copy itself to ANY DISKS . This is very obvious cuz its in HDD as
autorun too and its

in Processes, which i obviously know where its from, so i terminated,
and cleared all the

files, which made this virus permanently disappear but this is
something new...

AND as far as im concerned, there MUST be a process to check if i have
inserted a
RemoveableDrive or not, right? Like a looping check everyone 1 second?
Well this is what i think, it may not be true... cuz i cant find this
process
i always check at processlibrary.com

...hmmm , everything in my processes look clean, my only suspect is why
so many svchost,

last time i didnt have that many




I have two screen shots :
_-Safe_Mode_all_processes_
http://img184.imageshack.us/img184/900/wthhhhri1.jpg

_-Normal_Windows_All_processes_
http://img168.imageshack.us/my.php?image=tasknq3.jpg


Help pls...