1 reply to this topic

[teppei]

EDIT: i was able to fix the problem... just a couple of things.. should i really have to make a new restore point? and why? and how does flash_disinfector work? everytime i run it, seems nothing happens. thanks for the reply.. u may as well close this topic right after. thanks.

Edited by teppei, 12 October 2007 - 12:30 PM.

[LDTate]

EDIT: i was able to fix the problem...

just a couple of things.. should i really have to make a new restore point? and why?
and how does flash_disinfector work? everytime i run it, seems nothing happens.


thanks for the reply.. u may as well close this topic right after. thanks.

Yes, you need to create a new "clean" restore point. Bad and good files are in restore points. If you restore to a date that a infected file is, you'll load the infection again.


Okay, here's a brief descript of the worm:

It usually comes in through your removable drives - flash drives, cds, memory cards, usb disks.
When infected, it creates the following files:

* \Windows\System32\temp1.exe
* \Windows\System32\temp2.exe
* \Windows\xcopy.exe
* \Windows\Svchost.exe
* \Windows\Autorun.inf

Will also create these in the root every partition:

* \Autorun.inf
* \copy.exe
* \host.exe

Most of the time, your antivirus programs will detect & remove the infected files but that causes a minor side effect. Clicking on your drives would produce error messages about not being able to find "copy.exe"

flash_disinfector Will create a Autorun.inf folder on every drive including the flash drive,
Do Not remove the Autorun.inf folder. It will prevent the infection from creating a new Autorun.inf file.