MP3 Players and Viruses

[lindalbo]

We have 2 MP3 players, an iRiver IFP 795, and a newly purchased Sansa Fuze.
We use 2 different computers, both with Windows XP Pro, one has Norton
Anti-virus, and one has BitDefender Anti-virus version 10. Neither one will
give us an option to scan our MP3 players. After dealing with viruses and
cleaning them up twice, we discovered that the viruses evidently were still
lurking on the Sansa Fuze. After plugging it in again, I once again had the
same viruses on my computer. We don't know what the source of the viruses
was. But since the Fuze was still new enough, the store replaced it. Our
question - since it seems that they are capable of becoming infected with
viruses, how can we scan for them? Thanks for any help.

 

[David H. Lipman]

From: "lindalbo" <[email protected]>

| We have 2 MP3 players, an iRiver IFP 795, and a newly purchased Sansa Fuze.
| We use 2 different computers, both with Windows XP Pro, one has Norton
| Anti-virus, and one has BitDefender Anti-virus version 10. Neither one will
| give us an option to scan our MP3 players. After dealing with viruses and
| cleaning them up twice, we discovered that the viruses evidently were still
| lurking on the Sansa Fuze. After plugging it in again, I once again had the
| same viruses on my computer. We don't know what the source of the viruses
| was. But since the Fuze was still new enough, the store replaced it. Our
| question - since it seems that they are capable of becoming infected with
| viruses, how can we scan for them? Thanks for any help.

The *only* way is if when the device is connected to the PC it is given a drive letter
such as "G:".

Then you can perform an "On Demand" scan of "G:".

You said "viruses".
What viruses were detected ?

 

[PA Bear [MS MVP]]

Have you contacted Symantec and BitDefender Support?

 

[lindalbo]

The *only* way is if when the device is connected to the PC it is given a drive letter
such as "G:".

Then you can perform an "On Demand" scan of "G:".

You said "viruses".
What viruses were detected ?

When the iRiver is connected, it is not recognized as a drive at all. The
Sansa Fuze is recognized as "other" in Windows Explorer. That's why I posted
here first, before contacting Symantec or BitDefender. I thought possibly
there was some way to make Windows recognize them.

Here is a partial copy of my scan report of the viruses detected.

C:\autorun.inf Infected: Trojan.Autorun.EU
C:\autorun.inf Disinfection failed
C:\autorun.inf Moved
C:\copy.exe Infected: Backdoor.Hupigon.ADI
C:\copy.exe Deleted
C:\Documents and Settings\All Users\Application
Data\BitDefender\Desktop\Quarantine\temp1.exe Infected: Trojan.Perlovga.B
C:\Documents and Settings\All Users\Application
Data\BitDefender\Desktop\Quarantine\temp1.exe Disinfection failed
C:\Documents and Settings\All Users\Application
Data\BitDefender\Desktop\Quarantine\temp1.exe Move failed
C:\host.exe Infected: Trojan.Dropper.Small.APL
C:\host.exe Disinfection failed
C:\host.exe Moved
C:\WINDOWS\autorun.inf Infected: Trojan.Autorun.EU
C:\WINDOWS\autorun.inf Disinfection failed
C:\WINDOWS\autorun.inf Moved
C:\WINDOWS\svchost.exe Infected: Trojan.Dropper.Small.APL
C:\WINDOWS\svchost.exe Disinfection failed
C:\WINDOWS\svchost.exe Moved
C:\WINDOWS\system32\temp1.exe Infected: Trojan.Perlovga.B
C:\WINDOWS\system32\temp1.exe Disinfection failed
C:\WINDOWS\system32\temp1.exe Moved
C:\WINDOWS\system32\temp2.exe Infected: Backdoor.Small.LO
C:\WINDOWS\system32\temp2.exe Disinfection failed
C:\WINDOWS\system32\temp2.exe Moved
C:\WINDOWS\xcopy.exe Infected: Backdoor.Hupigon.ADI
C:\WINDOWS\xcopy.exe Deleted

Thanks

 

[lindalbo]

Have you contacted Symantec and BitDefender Support?

No, I thought it seemed like there should be a way to make Windows recognize
the drives, since both Norton and BitDefender will not scan them. I guess if
I don't get it resolved here, that might be my next step. Thanks.

 

[PA Bear [MS MVP]]

No, I thought it seemed like there should be a way to make Windows
recognize
the drives, since both Norton and BitDefender will not scan them. I guess
if I don't get it resolved here, that might be my next step. Thanks.

Who says Windows doesn't recognize them? Your issue is with your anti-virus
applications, not Windows.

 

[nass]

When the iRiver is connected, it is not recognized as a drive at all. The
Sansa Fuze is recognized as "other" in Windows Explorer. That's why I posted
here first, before contacting Symantec or BitDefender. I thought possibly
there was some way to make Windows recognize them.

Here is a partial copy of my scan report of the viruses detected.

C:\autorun.inf Infected: Trojan.Autorun.EU
C:\autorun.inf Disinfection failed
C:\autorun.inf Moved
C:\copy.exe Infected: Backdoor.Hupigon.ADI
C:\copy.exe Deleted
C:\Documents and Settings\All Users\Application
Data\BitDefender\Desktop\Quarantine\temp1.exe Infected: Trojan.Perlovga.B
C:\Documents and Settings\All Users\Application
Data\BitDefender\Desktop\Quarantine\temp1.exe Disinfection failed
C:\Documents and Settings\All Users\Application
Data\BitDefender\Desktop\Quarantine\temp1.exe Move failed
C:\host.exe Infected: Trojan.Dropper.Small.APL
C:\host.exe Disinfection failed
C:\host.exe Moved
C:\WINDOWS\autorun.inf Infected: Trojan.Autorun.EU
C:\WINDOWS\autorun.inf Disinfection failed
C:\WINDOWS\autorun.inf Moved
C:\WINDOWS\svchost.exe Infected: Trojan.Dropper.Small.APL
C:\WINDOWS\svchost.exe Disinfection failed
C:\WINDOWS\svchost.exe Moved
C:\WINDOWS\system32\temp1.exe Infected: Trojan.Perlovga.B
C:\WINDOWS\system32\temp1.exe Disinfection failed
C:\WINDOWS\system32\temp1.exe Moved
C:\WINDOWS\system32\temp2.exe Infected: Backdoor.Small.LO
C:\WINDOWS\system32\temp2.exe Disinfection failed
C:\WINDOWS\system32\temp2.exe Moved
C:\WINDOWS\xcopy.exe Infected: Backdoor.Hupigon.ADI
C:\WINDOWS\xcopy.exe Deleted

Thanks

You have an Autorun Trojan/Worm which not easy to cure. This behavior new
like the (Sality.??) Worm varity which install itself on start up giving no
chance for the antivirus to remove it, copy itself on shared Drives and on
the Network drives.
Your best option is to reformat these removable/USBFlash sticks/DVDs/CD or
the media which reinfect your machine and spread the infestation.

 

[David H. Lipman]

From: "nass" <[email protected]>




| You have an Autorun Trojan/Worm which not easy to cure. This behavior new
| like the (Sality.??) Worm varity which install itself on start up giving no
| chance for the antivirus to remove it, copy itself on shared Drives and on
| the Network drives.
| Your best option is to reformat these removable/USBFlash sticks/DVDs/CD or
| the media which reinfect your machine and spread the infestation.


Yes. and DISABLE AutoRun on removeable media.

 

[lindalbo]

Who says Windows doesn't recognize them? Your issue is with your anti-virus
applications, not Windows.

Well yes... Windows does recognize them, since I can access the files on
them. But they aren't recognized with a drive letter, as are most revovable
devices. Do you think it's likely that I'll get my anti-virus software to
scan them? It seems like they should already be doing that, without it being
so difficult. Or am I going to have to look for new software? Any
recommendations? (And yes, I will try contacting Symantec & BitDefender
first.) Thanks.

 

[David H. Lipman]

From: "lindalbo" <[email protected]>



| "PA Bear [MS MVP]" wrote:


| Well yes... Windows does recognize them, since I can access the files on
| them. But they aren't recognized with a drive letter, as are most revovable
| devices. Do you think it's likely that I'll get my anti-virus software to
| scan them? It seems like they should already be doing that, without it being
| so difficult. Or am I going to have to look for new software? Any
| recommendations? (And yes, I will try contacting Symantec & BitDefender
| first.) Thanks.


If the device does not show up as a drive letter (e.g, "G:") then the AV software will
most likely NOT be able to detect them.

As PA Bear noted, this is a concern that the AV vendor should be notified about.