Virus (not New)
I plugged my usb music player into my main pc. Hadn't used it in awhile and honestly unsure how the virus got onto it. Suspect it came from when i was connected to a university computer.
(notoriously virus riddled). Double clicked on the usb drive and window opened to show me the content of the home directory. Hidden directories and to my suprise hidden files. (I created the hidden directories).
For the briefest of moments saw a hidden file and the follow file fpg1.exe. It immediatly executed (I groaned internally). Cntrl-alt-delete on main computer and saw two new programs running on the background.
yedeayu.exe and ewwwoxi.exe. These truly are little bastards. I tried to get onto the net to search and see how to get rid of them as I was not running any virus protection as I rarely surf the net on my main computer, mainly games. This virus killed firefox everytime i tried to do a search on either virus. Went to univeristy and looked it up. Used USB at university and discovered that usb was still infected with i.exe and fppg.exe. Symantec said it was deleted so connected my usb to laptop (bad idea, symantec said it was deleted but another window said it was unable to delete it). Dicovered hidden directories on USB were nolonger visisble. Also discovered that laptop was now locked in a state where I could not see hidden directories. Got home and D/L Bitdefender. Discovered virus battling with Bitdefender on main computer. Bitdefender lost and subsequently main computer is currently in a wait-state (something about bitdefender failing to initialize it's engine, assume virus is trying to hijack it and bitdefender is atleast resisting though unable to overcome. Locks up computer.) Laptop installation of Bitdefender was alot better, it overcame virus and removed it, however, it failed to fully assess the severity of the damage the virus had caused and nuke the virus. I.exe write to quite a few files. Discovered I.exe insertions in autorun.inf which seriously screwed with my laptop. Preventing me from double-clicking or exploring directories, instead spat up "What program would you like to use to open this?" I navigated into C:/Windows/explorer.exe, found the autorun.inf files and renamed them. However upon reboot discovered they had not been remade and that now when I double click on the drive it gives me a search window (laugh). Unsure how badly main pc is affected but have windows disc and will attempt to sneak on via recover option and nuke the autorun.inf files and disable bitdefender and attempt to see if it is salvageable. (thank god I have a second drive with all my data). I think the research guys need to relook at this virus and look at what bitdefender does to address the manipulation of the computer by virus and if can't repair atleast spit a window up saying. Unable to repair. Require re-installation or atleast tech support. I'm still unsure if I am infected. I have run numerous scans thinking it missed something and also thinking, what if this trojan hasn't been detected yet? I have submitted all files via the auto-submit so enjoy.
I guess if anyone has run into this virus some advice would help
Thanks.
Comments
-
please upload those files here following those steps: http://forum.bitdefender.com/index.php?showtopic=84
this is a faster way to have those files and to look at them.
thanks0 -
please upload those files here following those steps: http://forum.bitdefender.com/index.php?showtopic=84
this is a faster way to have those files and to look at them.
thanks
Soz, I Deleted them after I uploaded them. No Point in keeping Mr Nasty on my laptop or pc.
Here is what essentially the virus does.
fpg1.exe -expands to become mcqnvdc.exe or i.exe
mcqnvdc.exe is also accompanied by ###it.dat which gets placed in system32 directory. (maybe system%)
mcqnvdc is copied to all drives in the root directory and is hidden.
autorun.inf is copied to all drives (may point to i.exe or mcqnvdc.exe) also hidden.
i.exe resides on the infecting drive along with mcqnvdc.exe and autorun.inf (all are hidden)
ewwwoxi.exe and yedeayu.exe loaded into virtual memory.
http://www.threatexpert.com/report.aspx?ui...6e-2e0279514e25
this is what you can expect to enjoy.
Also noticed loss of folder function to see hidden directories. Changing to see hidden directories whilst virus is in affect is useless.
Virus overrides this on a higher level or simply rewrites back immediately folder view to not show hidden files/folders. However if you
know the folder is there, create another folder, rename it to that name and system issues you with can't rename, folder already exists.
So I knew the virus was inaffect and used that to determine whether or not the virus had been removed.
Eventually Bitdefender will get the better of the virus and nuke the infections. (Lots of worms) I suggest down-loading latest virus info from bitdefender, disconnect from
network and internet and just run scan over everything. I found most of the viruses/worms lurking in system32/temp directories. Standard places.
I haven't figured out exactly what it did to change the double clicking on a drive, still working on that. Have discovered faulty drive on main computer which was
locking up after bitdefender was installed have switched it out to determine if THAT is the case as it could be something lurking, hidden on my other drive (250gig)
plenty of places to hide. Though I will scan it a few times both from my laptop and when I get a new system on.
(one way to learn WHY you should run virus software on every computer)
Thanks.0 -
please upload those files here following those steps: http://forum.bitdefender.com/index.php?showtopic=84
this is a faster way to have those files and to look at them.
thanks
I found mcqnvdc.exe and autorun.inf on a directory. I have uploaded them via virus_submission email.
in zipped file password infected.0 -
This looks like the Flash Drive infection:
You should first disinfect and then remove all Startup Run values it has created.0