USB-transmitted-Virus, the "s"-virus.

[nj4ck]

Hey everyone, I've had this sort of virus-thing going on lately, which seems to be "transmitted" through USB sticks. What happens is that after you use a random USB stick someone gave you, all the folders and files on it have an "s" added at the end of their name, for example "Folder" becomes "Folders" and "Pictures" becomes "Picturess". The folders and files also become completely useless, as they apparently turn into shortcuts leading nowhere (but still occupy the same amount of space on the USB drive). 

Alright, gave the USB stick back to its owner, told him something wasn't working and thought that was it. Wrong: the next time I used my own usb drive, the virus (or whatever it is) had apparently been transmitted to it, because it had the same problem.

 

I've had this problem multiple times in the past, but have always managed to somehow get rid of it. Can't remember how, I guess I just ran a scan over it and deleted the problem. 

My father currently has this problem though and his anti-virus (norton) can't find anything on his computer or on the usb stick.

 

Does anybody know what this is and how best to get rid of it?

[Cad6500]

Get a better anti-virus, something like Avast or AVG. Also, my school used to have some kind of USB security software that automatically checks for viruses when something is attached, although I'd expect any decent anti-virus to have this feature now...

[Unhelpful]

Get a better anti-virus, something like Avast or AVG. Also, my school used to have some kind of USB security software that automatically checks for viruses when something is attached, although I'd expect any decent anti-virus to have this feature now...

I personally dislike AVG... But I'm just insane.

[ross06187]

you said shortcuts?

 

I would have a look at the shortcuts and see if they are infection related.  Also turn off hidden files.  I have seen a lot of pen virus that change all of the folders to hidden and replace them with shortcuts.  These shortcuts are not just straight short cuts they use CMD to open the folder and they also launch a payload file into memory.  it quite clever.

 

this virus is recurring,however is making it keeps changing the payload so its no longer detected, in some cases it has taken 2-3 weeks for av to catchup to it. 

 

have a look in the shortcut and see if there is a second command.  Also see if any files are hidden that should no be there.  if the shortcuts and hidden file are fine disregard this post

 

if there is second command find the file its pointing to and upload it to one of the multi av scanning website.  that will let you know which av you will need to get a free trial of to fix you computer.  This payload generally infects the pc you plug them into so it infects more usb then more pc's.

[Cad6500]

I personally dislike AVG... But I'm just insane.

don't worry, you're not alone, I hate it because it hijacks browsers and (theres a toolbar and the homepage is changed) and no matter what I do, it wont change back... But I know a lot of people like it, so I included it...

[Unhelpful]

don't worry, you're not alone, I hate it because it hijacks browsers and (theres a toolbar and the homepage is changed) and no matter what I do, it wont change back... But I know a lot of people like it, so I included it...

Well you can force it not to do those horrid things, if you force it not to then it is okay.

[ttam]

Well this isn't a virus. It's malware.

[ybriK]

Most anti-virus/anti-malware products have a toolbar feature or browser protection feature but you can disable those during the installation, you just have to find somewhere "Custom Installation" or something similar.

 

I'll show you a basic troubleshooting method I do whenever I encounter a malware.

 

1. Install Malwarebytes http://www.malwarebytes.org/ and make sure to use it as a free product and do not activate the "Trial" edition or "Pro" edition. Also update the database when it asks for it.

2. Go to start and type in msconfig if you have Windows XP, go to run and type in msconfig.exe

3. Go to the boot tab and click on the check box Safe Boot and choose the Minimal radiobox

4. Ok and restart the system

5. Log in like normal and start up Malwarebytes

6. Make sure the USB is plugged in and other componenets that might've been affected

7. Choose the Perform Full Scan feature under the Scanner tab of the Malwarebytes program

8. Choose the components that you think is infected

9. Once it's finished report back

10. If you want to boot up normally all you have to do is run msconfig and uncheck the Safe Boot checkbox, press Ok and restart.

[ttam]

Most anti-virus/anti-malware products have a toolbar feature or browser protection feature but you can disable those during the installation, you just have to find somewhere "Custom Installation" or something similar.

 

I'll show you a basic troubleshooting method I do whenever I encounter a malware.

 

1. Install Malwarebytes http://www.malwarebytes.org/ and make sure to use it as a free product and do not activate the "Trial" edition or "Pro" edition. Also update the database when it asks for it.

2. Go to start and type in msconfig

3. Go to the boot tab and click on the check box Safe Boot and choose the Minimal radiobox

4. Ok and restart the system

5. Log in like normal and start up Malwarebytes

6. Make sure the USB is plugged in and other componenets that might've been affected

7. Choose the Perform Full Scan feature under the Scanner tab of the Malwarebytes program

8. Choose the components that you think is infected

9. Once it's finished report back

10. If you want to boot up normally all you have to do is run msconfig and uncheck the Safe Boot checkbox, press Ok and restart.

Malwarebytes is ok but slow. The infection doesn't really live on the USB, it's just being infected from the PC.

 

Run AdwCleaner, Hitman Pro and Combofix in 1/4 of the time and get all the malware infections.

Top that off with a little JRT cleaner and some CCleaner and you're set.

[ybriK]

Malwarebytes is ok but slow.

 

Run AdwCleaner, Hitman Pro and Combofix in 1/4 of the time and get all the malware infections.

Top that off with a little JRT cleaner and some CCleaner and you're set.

I was going to ask him to do that but it seems a little inconvenient but then again its way better  to have those in your arsenal that can detect something than nothing.

[nj4ck]

@ nj4ck