Bienvenido! - Willkommen! - Welcome!

Bitácora Técnica de Tux&Cía., Santa Cruz de la Sierra, BO
Bitácora Central: Tux&Cía.
Bitácora de Información Avanzada: Tux&Cía.-Información
May the source be with you!

Thursday, August 26, 2010

Extra long system hidden folder in USB device

Acording to my last post
I found the shit in my flash memory in a doble subdirectory with a extrem long name, system hidden and with special permissions
After use in a command line box of

dir -s -h ****************************----*** /s /d  (the other system hidden exe files are a vaccination method for standard shit code) i found a file EmrVQMar0BHh9hKKJ9vG6gt5zm2slhPo.exe (118.784 Bytes)
and then another directory (system hidden) with other copy of the same exe file

Yet unhidden and not system file the avira antivir guard recognize hostil code (TR/VB.OEC) in this directory and executable and does not allow me to handle it .
Disabling the antivir guard, i was able to send the executable to the online virusscan.
I sent it to http://virusscan.jotti.org and surprise:

2010-08-26 Found nothing
2010-08-26 Trojan.VB.OEC
2010-08-26 Win32:Rootkit-gen
2010-08-25 Trojan.Click
2010-08-26 Worm/VB.BCXM
2010-08-26 Found nothing
2010-08-26 TR/VB.OEC
2010-08-26 Win32/Injector.CPS
2010-08-26 Trojan.VB.OEC
2010-08-25 W32/Brontok.EA.worm
2010-08-26 Found nothing
2010-08-25 Trojan.DelfInjector.gen
2010-08-26 Found nothing
2010-08-26 Mal/SillyFDC-G
2010-08-26 Found nothing
2010-08-25 Trojan.VB.Schmidti
2010-08-26 Found nothing
2010-08-26 Trojan.Injector.SPO
2010-08-26 Trojan.VB.OEC
 

No comments: