Jump to content


Photo

Win32.worm.trl


  • Please log in to reply
1 reply to this topic

#1 Stillwater

Stillwater

    Newbie

  • Members
  • 8 posts

Posted 28 January 2009 - 09:48 AM

I got a USB device that got infected with a worm. The device was scanned using bitdefender 2009 and it found the autorun.inf file on the USB device but it did not detect the system.exe file that was run by the autorun.inf file. My computer got infected and I had to find the service that was causing the worm to try and spread to all my drives (a drive in particular). Once i reboot the worm is still there. I can find no removal tools for this on your website. I'm submitting both files in the hope that your software will catch both of these not just the autorun.inf file. Can you provide me a removal tool for this. I can't find the file that it has infected when my system boot_s up. It infects the service.exe service using the kernel32.dll to attach itself to. Here is the zip file for your inspection.

Attached Files



#2 Stillwater

Stillwater

    Newbie

  • Members
  • 8 posts

Posted 28 January 2009 - 05:05 PM

Found the cure. It was a varient of the F-Secure "Worm:W32/AutoRun.NOI". It was spread by USB thumb drive and had the same autorun.inf and system.exe files on the removable drives. The exception was it added a C:\Program Files\Microsoft Common\svchost.exe file and the registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe
Debugger = "%ProgramFiles%\Microsoft Common\svchost.exe. I deleted the file and registry entry and the worm was gone. I had previously killed the process so it didn't keep spreading but this is how I found the reinfection on reboot. Hope this helps someone.

"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users