Internet Handholding Newsletter

Internet Handholding(tm)

Thoughts on the Internet, computers, networking and life.

Articles

See the articles page for articles.

Sign Up for the Internet Handholding Newsletter Now

Stimulate your creative thinking. Avoid the suffering of others.

Know More, Read Less

Let us do your reading for you.

Stay informed about the Internet, networking, computers, software, domain names, websites, email, online marketing, DotNetNuke and programming Asp.net, Sql, Css and Html.

We read countless articles on everything Internet and computer related. We distill down the important, interesting and fun information into a manageable amount to keep you in touch and entertained.

Be the smartest person in your field on what is happening with the Internet and computers and how they can help your.

Enter your name and email in the form at left.

Introduction to Internet Handholding

Browse through the articles and forum for information on the Internet, computers, email, online marketing, software and more.

Look through the link directories for resources to solve your problems.

Internet Marketing - directory to help you with your internet marketing. Some of the categories are:
- Content for your Website - get relevant articles, music, photos
- Email Marketing List Services - build your email, find email list service providers
- Monetize Your Website - convert your readers and visitors into revenue
- Website Traffic via Link Building - get more visitors to your website
Webmaster Tools - resources for your website and yourself.

Articles

Current Articles | Archives | Search

Friday, June 04, 2010

MIRC Virus on Sandisk USB Drive from Costco on Windows XP
By Internet Handholding @ 10:06 AM :: 1517 Views :: 1 Comments ::

:: Windows

My customer got a virus from a USB Drive on Windows XP.

He used the USB drive on three computers and all got infected.

We suspect the virus came on the USB drive in the shrink wrapped package. The USB drive came from China.

Normally these USB drives have a virtual CD drive and the USB drive, but this one was missing the virtual CD.

The root of the USB drive had Autorun.inf, run.exe and I think system.bat. Not sure, because I did not see the USB drive in its original state.

These files had the Hidden and System attributes so they would normally not be seen.

When the USB drive was inserted, it automatically ran the program run.exe and installed MIRC, a chat program.

This connected to microsoftupdate.yi.org.

The virus put a number of files in the root of the C drive and in the Windows folder, added registry keys and started MIRC as a service.

Stopped the MIRC service and removed MIRC via remove programs from the control panel.

MalwareBytes.com anti malware program found and removed some of the files and registry keys, but not all of them.

Sorted the root and Windows folders by Date Created (which you have to add to Windows explorer by right clicking in the header area, since normally only Date Modified is shown).

Found some other files that I deleted. The computer seems to be working now.

The root of the C drive had obvious bad files like

fukfuk.exe
kaka.exe

Here are some of the offending filenames in the Windows folder.

run.exe
system.bat
svcnost.exe

Weitzen is the publisher of several online Internet journals including: InternetHandholding.com, DomainNames.gs, DotNetNuke.bz, Programmer.bz, Software.vg, WebHosting.vg