help wanted; PenDrive hidden file and shortcut folder problem

Custom Search

Hack in The Box
Experts Galaxy
UK Cheapest Hosting
DJ Software
Scanpst.exe
A3 Multifunction
Electricity Prices
Texas Electricity
Electricity Rates in Texas
Electric Companies in Texas
Web Design Geelong
SellSimple
MSN
Wallpapers
NewsApp Portal
Recover files from recycle bin

[Welcome to SCforum.info - Security [CENTRAL] Forum]

Welcome to SCforum.info - Security [CENTRAL] Forum, a home of the SCF Community devoted to provide Computer related News, Alerts, Downloads and FREE Help in such a way that even the novice computer user can understand.

Getting started using our community is extremely easy, check the two steps below:

Step 1: Create an account by clicking here and wait for approval from Administrator. It's completely free with no hidden strings attached.

Step 2: If you have a computer problem and need some help, or just want to take part in opened discussions, simply browse Forum. Once you *Register an account, you can quickly post your questions and comments.

(*Registered Members get: free support, also, they can communicate privately with other members via PM, removal of this message, see fewer ads and much more...)

[metalmunna]

hi guys,

fall on a trouble and the problem on the PenDrive only ..

whole the network is secured by McAfee Enterprise 8.8 VirusScan with latest update. on some client PC when attached a PenDrive those time all files gone hidden and some shortcut folder(my music, my documents .. etc) has been created automatically. VirusScan can't find any virus inside there. When take a look on the hidden files those time saw that some unknown Executable file inside there. If deleted that although not solved even added that Executable files on McAfee Unwanted files to deleted that when find inside the PC or PendDrive. But after sometime saw that problem isn't solved and the Executable files changed their own name and keep doing the same problem.

any help please? that's it and have a nice day guys ...

[jheysen]

Well.. first thing is to disable autorun, then you might want to access the pendrive via system console.
there I suggest you to do a dir /a to see what's actually in there, after that proceed to delete unwanted files, starting by autorun.ini

Anyway, if you can create a compressed file with all of the pendrive's content, you can sumbit it to AVERT lab so they provide a extra.dat for you (wich can be deployed via ePO) and eventually will be included in a official DAT Release.

[metalmunna]

Well.. first thing is to disable autorun, then you might want to access the pendrive via system console.
there I suggest you to do a dir /a to see what's actually in there, after that proceed to delete unwanted files, starting by autorun.ini

Anyway, if you can create a compressed file with all of the pendrive's content, you can sumbit it to AVERT lab so they provide a extra.dat for you (wich can be deployed via ePO) and eventually will be included in a official DAT Release.

thanks for the reply and i can delete all of them(included hidden executable files) but the problem is after sometime it will be created again with new file name(Example; before it was; abc.exe and when deleted that file after then it will be created with new file name like xyz.exe. as it can change it's own file name that's why not working if i added that on the unwanted programs Policies on McAfee Enterprise). so the source might be inside the PC but it can't make any trouble on PC, only doing that on the PenDrive. More even the user was logged in they haven't installation rights on the domain and on domain policy has blocked to install anything from the removable drive ...

(if you can create a compressed file with all of the pendrive's content, you can sumbit it to AVERT lab so they provide a extra.dat for you (wich can be deployed via ePO) and eventually will be included in a official DAT Release.)

note; can you please give me the mail address for this solution?

[jheysen]

For submitting samples to AVERT..
http://service.mcafee.com/FAQDocument.aspx?id=TS100095
http://www.mcafee.com/us/mcafee-labs/resources/how-to-submit-sample.aspx

As for your problem, It looks like the case, that PC is infected, maybe it's a memory resident?
I don't know... but if you delete the files from linux maybe? (a live CD or something.. you can even use a Virtual Machine)

[Samker]

Hi MM, like "jheysen", I'm also 99% sure that this cause some nasty virus... 

Check this solution also:

1. If you did not format your flash drive, then check whether the files are not in hidden mode (Go to folder options-> view tab and uncheck the option of “Hide protected operating system files(Recommended)).

2. Click on "Start" -->Run-->type cmd and click on OK.

3. Enter this command: attrib -h -r -s /s /d g:\*.*

Note : Replace the letter g with your flash drive letter.

4. Now check for your files in Pen Drive.

5. After that, download the Malwarebytes' Anti-Malware and run Full scan: http://scforum.info/index.php/topic,2201.0.html

Finally check mentioned PC with some Online AV scanner: http://scforum.info/index.php/topic,734.0.html (my suggestion for this case is NOD32), also here is one great tool "Panda USB Vaccine": http://scforum.info/index.php/topic,4274.0.html


Hope some of this things will help you to resolve this problem??

[metalmunna]

thank you guys for the help and will let you know the result later ... have a nice day to all of you ...

[Samker]

thank you guys for the help and will let you know the result later ... have a nice day to all of you ...

Any news about this case, MM??

[metalmunna]

thank you guys for the help and will let you know the result later ... have a nice day to all of you ...

Any news about this case, MM??

Nothing new yet, as i told you that it's not my problem and on my network and system has no trouble like that. it's a friend's office network and that's a Govt. office and you know how lazy they are on their own trouble! still i didn't get that virus file which isn't detected by McAfee Enterprise(that's not fake coz i saw that too on their pen drive before), but they sent me some files yesterday but that's already protected by McAfee .. so waiting for the files which was cause of the Pen Drive ..

[Samker]

thank you guys for the help and will let you know the result later ... have a nice day to all of you ...

Any news about this case, MM??

... still i didn't get that virus file which isn't detected by McAfee Enterprise (that's not fake coz i saw that too on their pen drive before), but they sent me some files yesterday but that's already protected by McAfee .. so waiting for the files which was cause of the Pen Drive ..

Probably some "mistake" in ePO configuration... but we'll see.

[jheysen]

Did somebody put exceptions for the pendrive or executable files in ePO?