• CONTEST ALERT - Experience the power of DDR5 memory with Kingston Click for details

Virus / trojan / malware problem.

Status
Not open for further replies.

clayman

Broken In
Myproblem: My system is infected with some virus or a trojan. Also, i was not able to set the "Show hidden files" in folder option & i feel it is related to my problem.
Detail: In all my drives, there seems to be 2 files with attributes: S H R

File 1: autorun.inf
Code:
[AutoRun]
;q217Akjdk9l3sKaroliwwpaa45JsDmKwaDD2JJl2S90jFd3
open=[I]m0vnonh.bat[/I]
;Lji1HajonSwKwD
shell\open\Command=[I]m0vnonh.bat[/I]
File 2: m0vnonh.bat
Code:
MZÉ ♥   ♦       ╕       @                                   8☺  ♫▼║♫ ┤  ═!╕☺L═!T
his program cannot be run in DOS mode.
$       ↨å ¬SτN∙SτN∙SτN∙SτO∙┘µN∙ÉΦ‼∙PτN∙ÉΦ↕∙RτN∙ÉΦ►∙RτN∙ÉΦA∙VτN∙ÉΦ◄∙ÄτN∙ÉΦ.∙WτN∙
ÉΦ¶∙RτN∙RichSτN∙                        0Ç?'tßQttßQttßQttßPtCßQt≈Θ♀tsßQtr┬ZtwßQt
[The 2nd file does not have anything understandable]

Whenever i double click on the drive my KAV informs me that m0vnonh.bat is doing some malicious activity & asks me what to do. I had to use the explorer to access the data on my drives.

I have KAV 2009 with latest updates & it failed to detect the virus. I tried Bitdefender, McAfee online scan but they did not succeed.:?

I had to go to safe mode & then remove the read only attributes, delete the contents of the file(not the file itself coz when i del the autorun.inf, its back the next instant:mad:), add the read only attribute. My system is stable for the moment but i still need a proper solution. There seems to be some process which copies back autorun.inf file as soon as it is deleted.

Any help will be appreciated.
 
Status
Not open for further replies.
Top Bottom