From: tburtenshaw on
Hey, has anyone had problems with AVG not detecting the RJUMP virus (i
keep getting one called adober.exe).

I'm in thailand (mae sot) at the moment, and it is incredibly prevalent
here. I have seen in at nearly every internet cafe I have been to.

It's a virus transmitted via USB drives and card readers, thanks to
Windows' habit of running any autorun.inf file on any item of new
media.

It's obviously quite simple to do. When someone puts an infected
pendrive into a USB port, Windows finds the autorun.inf file, and runs
adober.exe. This program copies itself to the C:\WINDOWS directory (or
whatever), and alters the registry so it is run when windows starts.

The program remains resident in memory, and hijacks the usual "new
drive found" stuff, and as soon as a new USB drive is inserted, it
copies an executable, a DLL and the autorun.inf file. The new drive is
now ready to infect the next computer in the next thai internet cafe.

Most have AVG installed, but this did nothing. Another antivirus
program at one place did detect the virus, and even cleaned it from my
USB drive.

I now lock my SD cards before connecting them, and quickly check for
adober.exe in the running processes.

I haven't seen much about this anywhere else, I was wondering if others
have seen something like this. And also, WHY DOES WINDOWS RUN SOMETHING
WITHOUT ASKING!!! :-D

Thanks,
Tristan

From: Potblak on
Do you happen to remember which version of AVG they were running?
And which update set?
Or could you take a look next time you go there?
tia
<tburtenshaw(a)gmail.com> wrote in message
news:1165917935.992398.326490(a)j72g2000cwa.googlegroups.com...
> Hey, has anyone had problems with AVG not detecting the RJUMP virus (i
> keep getting one called adober.exe).
>
> I'm in thailand (mae sot) at the moment, and it is incredibly prevalent
> here. I have seen in at nearly every internet cafe I have been to.
>
> It's a virus transmitted via USB drives and card readers, thanks to
> Windows' habit of running any autorun.inf file on any item of new
> media.
>
> It's obviously quite simple to do. When someone puts an infected
> pendrive into a USB port, Windows finds the autorun.inf file, and runs
> adober.exe. This program copies itself to the C:\WINDOWS directory (or
> whatever), and alters the registry so it is run when windows starts.
>
> The program remains resident in memory, and hijacks the usual "new
> drive found" stuff, and as soon as a new USB drive is inserted, it
> copies an executable, a DLL and the autorun.inf file. The new drive is
> now ready to infect the next computer in the next thai internet cafe.
>
> Most have AVG installed, but this did nothing. Another antivirus
> program at one place did detect the virus, and even cleaned it from my
> USB drive.
>
> I now lock my SD cards before connecting them, and quickly check for
> adober.exe in the running processes.
>
> I haven't seen much about this anywhere else, I was wondering if others
> have seen something like this. And also, WHY DOES WINDOWS RUN SOMETHING
> WITHOUT ASKING!!! :-D
>
> Thanks,
> Tristan
>


From: tburtenshaw on
Hi,

On this computer they're running version 7.5.432, which is unregistered
(it's thailand).

I tried to update the database, (it was from 9 December, not old) and
it warned me that it was a pirated version, but updated nonetheless (i
think). It now has the 11 December virus database).

I did another scan, and it still did not detect the virus.


Potblak wrote:
> Do you happen to remember which version of AVG they were running?
> And which update set?
> Or could you take a look next time you go there?
> tia
> <tburtenshaw(a)gmail.com> wrote in message
> news:1165917935.992398.326490(a)j72g2000cwa.googlegroups.com...
> > Hey, has anyone had problems with AVG not detecting the RJUMP virus (i
> > keep getting one called adober.exe).
> >
> > I'm in thailand (mae sot) at the moment, and it is incredibly prevalent
> > here. I have seen in at nearly every internet cafe I have been to.
> >
> > It's a virus transmitted via USB drives and card readers, thanks to
> > Windows' habit of running any autorun.inf file on any item of new
> > media.
> >
> > It's obviously quite simple to do. When someone puts an infected
> > pendrive into a USB port, Windows finds the autorun.inf file, and runs
> > adober.exe. This program copies itself to the C:\WINDOWS directory (or
> > whatever), and alters the registry so it is run when windows starts.
> >
> > The program remains resident in memory, and hijacks the usual "new
> > drive found" stuff, and as soon as a new USB drive is inserted, it
> > copies an executable, a DLL and the autorun.inf file. The new drive is
> > now ready to infect the next computer in the next thai internet cafe.
> >
> > Most have AVG installed, but this did nothing. Another antivirus
> > program at one place did detect the virus, and even cleaned it from my
> > USB drive.
> >
> > I now lock my SD cards before connecting them, and quickly check for
> > adober.exe in the running processes.
> >
> > I haven't seen much about this anywhere else, I was wondering if others
> > have seen something like this. And also, WHY DOES WINDOWS RUN SOMETHING
> > WITHOUT ASKING!!! :-D
> >
> > Thanks,
> > Tristan
> >

From: Gabriele Neukam on
On this special day, tburtenshaw(a)gmail.com wrote :

> And also, WHY DOES WINDOWS RUN SOMETHING
> WITHOUT ASKING!!!

Get the TweakUI for Windows XP and aplly it.

"My Computer", branch "AutoPlay", branch "Types", uncheck "Enable
Autoplay for removable drives"

I've been running my machine like this from the beginning. I don't like
to see a menu shoved into my face, which asks me, if I want to see a
slide show of the pictures on my SD card, or do something else.

I want to copy the portion which is newest to the hard disk, and that's
it, dammit.


Gabriele Neukam

Gabriele.Spamfighter.Neukam(a)t-online.de

--
Die Installation von Linux ist in den meisten F�llen nicht die Ursache
von Sicherheit, sondern die Folge von Wissen.
-
(Wilfried Kramer in de.admin.net-abuse.mail)


From: David H. Lipman on
From: <tburtenshaw(a)gmail.com>

| Hey, has anyone had problems with AVG not detecting the RJUMP virus (i
| keep getting one called adober.exe).
|
| I'm in thailand (mae sot) at the moment, and it is incredibly prevalent
| here. I have seen in at nearly every internet cafe I have been to.
|
| It's a virus transmitted via USB drives and card readers, thanks to
| Windows' habit of running any autorun.inf file on any item of new
| media.
|
| It's obviously quite simple to do. When someone puts an infected
| pendrive into a USB port, Windows finds the autorun.inf file, and runs
| adober.exe. This program copies itself to the C:\WINDOWS directory (or
| whatever), and alters the registry so it is run when windows starts.
|
| The program remains resident in memory, and hijacks the usual "new
| drive found" stuff, and as soon as a new USB drive is inserted, it
| copies an executable, a DLL and the autorun.inf file. The new drive is
| now ready to infect the next computer in the next thai internet cafe.
|
| Most have AVG installed, but this did nothing. Another antivirus
| program at one place did detect the virus, and even cleaned it from my
| USB drive.
|
| I now lock my SD cards before connecting them, and quickly check for
| adober.exe in the running processes.
|
| I haven't seen much about this anywhere else, I was wondering if others
| have seen something like this. And also, WHY DOES WINDOWS RUN SOMETHING
| WITHOUT ASKING!!! :-D
|
| Thanks,
| Tristan

Follow Gabriele Neukam's suggestion and then...

Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * * Please report back your results * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


 |  Next  |  Last
Pages: 1 2
Prev: Hmmmm
Next: LGKodiak Cruise Window