Members
  • Total Members: 14176
  • Latest: toxxxa
Stats
  • Total Posts: 42869
  • Total Topics: 16078
  • Online Today: 3496
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)









Author Topic: help wanted; PenDrive hidden file and shortcut folder problem  (Read 18790 times)

0 Members and 2 Guests are viewing this topic.

metalmunna

  • SCF Moderators
  • *****
  • Posts: 131
  • KARMA: 20
  • Gender: Male
    • my heart bleeds for none but my own!
hi guys,

fall on a trouble and the problem on the PenDrive only ..

whole the network is secured by McAfee Enterprise 8.8 VirusScan with latest update. on some client PC when attached a PenDrive those time all files gone hidden and some shortcut folder(my music, my documents .. etc) has been created automatically. VirusScan can't find any virus inside there. When take a look on the hidden files those time saw that some unknown Executable file inside there. If deleted that although not solved even added that Executable files on McAfee Unwanted files to deleted that when find inside the PC or PendDrive. But after sometime saw that problem isn't solved and the Executable files changed their own name and keep doing the same problem.

any help please? that's it and have a nice day guys ...

MetalMunnA
https://www.halfrain.com
https://www.coreyz.com
I just sit and wonder, why!! Everything i touch it dies!!!

Samker's Computer Forum - SCforum.info


jheysen

  • SCF Global Moderator
  • *****
  • Posts: 879
  • KARMA: 121
  • Gender: Male
Well.. first thing is to disable autorun, then you might want to access the pendrive via system console.
there I suggest you to do a dir /a to see what's actually in there, after that proceed to delete unwanted files, starting by autorun.ini

Anyway, if you can create a compressed file with all of the pendrive's content, you can sumbit it to AVERT lab so they provide a extra.dat for you (wich can be deployed via ePO) and eventually will be included in a official DAT Release.

metalmunna

  • SCF Moderators
  • *****
  • Posts: 131
  • KARMA: 20
  • Gender: Male
    • my heart bleeds for none but my own!
Well.. first thing is to disable autorun, then you might want to access the pendrive via system console.
there I suggest you to do a dir /a to see what's actually in there, after that proceed to delete unwanted files, starting by autorun.ini

Anyway, if you can create a compressed file with all of the pendrive's content, you can sumbit it to AVERT lab so they provide a extra.dat for you (wich can be deployed via ePO) and eventually will be included in a official DAT Release.

thanks for the reply and i can delete all of them(included hidden executable files) but the problem is after sometime it will be created again with new file name(Example; before it was; abc.exe and when deleted that file after then it will be created with new file name like xyz.exe. as it can change it's own file name that's why not working if i added that on the unwanted programs Policies on McAfee Enterprise). so the source might be inside the PC but it can't make any trouble on PC, only doing that on the PenDrive. More even the user was logged in they haven't installation rights on the domain and on domain policy has blocked to install anything from the removable drive ...


Quote
(if you can create a compressed file with all of the pendrive's content, you can sumbit it to AVERT lab so they provide a extra.dat for you (wich can be deployed via ePO) and eventually will be included in a official DAT Release.)

note; can you please give me the mail address for this solution?

MetalMunnA
https://www.halfrain.com
https://www.coreyz.com
I just sit and wonder, why!! Everything i touch it dies!!!

jheysen

  • SCF Global Moderator
  • *****
  • Posts: 879
  • KARMA: 121
  • Gender: Male
For submitting samples to AVERT..
http://service.mcafee.com/FAQDocument.aspx?id=TS100095
http://www.mcafee.com/us/mcafee-labs/resources/how-to-submit-sample.aspx

As for your problem, It looks like the case, that PC is infected, maybe it's a memory resident?
I don't know... but if you delete the files from linux maybe? (a live CD or something.. you can even use a Virtual Machine)

Samker

  • SCF Administrator
  • *****
  • Posts: 7528
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum

Hi MM, like "jheysen", I'm also 99% sure that this cause some nasty virus...  :-\

Check this solution also:

Quote
1. If you did not format your flash drive, then check whether the files are not in hidden mode (Go to folder options-> view tab and uncheck the option of “Hide protected operating system files(Recommended)).

2. Click on "Start" -->Run-->type cmd and click on OK.

3. Enter this command: attrib -h -r -s /s /d g:\*.*

Note : Replace the letter g with your flash drive letter.

4. Now check for your files in Pen Drive.

5. After that, download the Malwarebytes' Anti-Malware and run Full scan: http://scforum.info/index.php/topic,2201.0.html


Finally check mentioned PC with some Online AV scanner: http://scforum.info/index.php/topic,734.0.html (my suggestion for this case is NOD32), also here is one great tool "Panda USB Vaccine": http://scforum.info/index.php/topic,4274.0.html


Hope some of this things will help you to resolve this problem??





Samker's Computer Forum - SCforum.info


metalmunna

  • SCF Moderators
  • *****
  • Posts: 131
  • KARMA: 20
  • Gender: Male
    • my heart bleeds for none but my own!
thank you guys for the help and will let you know the result later ... have a nice day to all of you ...

MetalMunnA
https://www.halfrain.com
https://www.coreyz.com
I just sit and wonder, why!! Everything i touch it dies!!!

Samker

  • SCF Administrator
  • *****
  • Posts: 7528
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
thank you guys for the help and will let you know the result later ... have a nice day to all of you ...

Any news about this case, MM??

metalmunna

  • SCF Moderators
  • *****
  • Posts: 131
  • KARMA: 20
  • Gender: Male
    • my heart bleeds for none but my own!
thank you guys for the help and will let you know the result later ... have a nice day to all of you ...

Any news about this case, MM??


Nothing new yet, as i told you that it's not my problem and on my network and system has no trouble like that. it's a friend's office network and that's a Govt. office and you know how lazy they are on their own trouble! still i didn't get that virus file which isn't detected by McAfee Enterprise(that's not fake coz i saw that too on their pen drive before), but they sent me some files yesterday but that's already protected by McAfee .. so waiting for the files which was cause of the Pen Drive ..

MetalMunnA
https://www.halfrain.com
https://www.coreyz.com
I just sit and wonder, why!! Everything i touch it dies!!!

Samker

  • SCF Administrator
  • *****
  • Posts: 7528
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
thank you guys for the help and will let you know the result later ... have a nice day to all of you ...

Any news about this case, MM??


... still i didn't get that virus file which isn't detected by McAfee Enterprise (that's not fake coz i saw that too on their pen drive before), but they sent me some files yesterday but that's already protected by McAfee .. so waiting for the files which was cause of the Pen Drive ..

Probably some "mistake" in ePO configuration... but we'll see.

jheysen

  • SCF Global Moderator
  • *****
  • Posts: 879
  • KARMA: 121
  • Gender: Male
Did somebody put exceptions for the pendrive or executable files in ePO?

Samker's Computer Forum - SCforum.info


 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising