From: FromTheRafters on 9 Mar 2010 21:08 <vjp2.at(a)at.BioStrategist.dot.dot.com> wrote in message news:hn67g9$7dr$1(a)reader1.panix.com... > > So IRCBRUTE works through the file system? Devices, not files. Well, there are files on the device... When the USB device is inserted, the OS "recognises" the device and there is a feature that allows data on the device to cause the OS to invoke a player (autoplay) or otherwise chose a program to execute (autorun). If your home computer has this feature disabled (as it should), then you were in no danger. It seems to me that the library has the worm, and inserting your USB device caused the worm to try and load an autorun.inf and program (worm body) on the device so as to infect the next vulnerable (autorun=on) computer it got plugged into. There is no way to tell (from here) how the library's computer got infested, there are *other* channels (vectors) used by the worm to spread. > *+-There was no need to destroy the fob. > > I agree, but no one was willing to help me fix it. That's too bad.
From: vjp2.at on 10 Mar 2010 07:54 I had to log on to the library with password. Clamwin (updated) found nothing on my main machine, so it does seem the library was the source. I checked the CDs going back. No infection, no autorun, no RESTORE. THe infected fob never had contact to my machines except via CDROMS burned from it. But CLAMWIN did find a chkdisk error on an 8MB PDF on the 4GB USB fob. - = - Vasos Panagiotopoulos, Columbia'81+, Reagan, Mozart, Pindus, BioStrategist http://www.panix.com/~vjp2/vasos.htm http://www.facebook.com/vasjpan2 ---{Nothing herein constitutes advice. Everything fully disclaimed.}--- [Homeland Security means private firearms not lazy obstructive guards] [Urb sprawl confounds terror] [Phooey on GUI: Windows for subprime Bimbos]
From: FromTheRafters on 10 Mar 2010 08:46 <vjp2.at(a)at.BioStrategist.dot.dot.com> wrote in message news:hn84pa$sp3$2(a)reader1.panix.com... >I had to log on to the library with password. Thus giving you a false sense of security. > Clamwin (updated) found nothing on my main machine, > so it does seem the library was the source. I use ClamWin as a second opinion scanner, but I still don't trust it completely. It does have its share of false positives, and I suspect its share of false negatives as well. If it detects the malware on the USB device, but not on the machine, my guess is that your machine is not infested. > I checked the CDs going back. No infection, no autorun, no RESTORE. > > THe infected fob never had contact to my machines except via CDROMS > burned from it. Then how was it detected as being infected with an autorun worm?
From: vjp2.at on 10 Mar 2010 19:00 *+-> *+-> THe infected fob never had contact to my machines except via CDROMS *+-> burned from it. *+-Then how was it detected as being infected with an autorun worm? On a machine at another library I went to download info from Actually, I got no warning - I just saw something Resote/Taquito (faded) on the fob, and when it didn't let me delete it, got suspicious and right clicked virus scan. - = - Vasos Panagiotopoulos, Columbia'81+, Reagan, Mozart, Pindus, BioStrategist http://www.panix.com/~vjp2/vasos.htm http://www.facebook.com/vasjpan2 ---{Nothing herein constitutes advice. Everything fully disclaimed.}--- [Homeland Security means private firearms not lazy obstructive guards] [Urb sprawl confounds terror] [Phooey on GUI: Windows for subprime Bimbos]
From: Dustin Cook on 12 Mar 2010 04:01
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in news:hn6hs8031al(a)news3.newsguy.com: > From: <vjp2.at(a)at.BioStrategist.dot.dot.com> > > >| So IRCBRUTE works through the file system? > >| *+-There was no need to destroy the fob. > >| I agree, but no one was willing to help me fix it. > > It loaded via an AutoRun worm. > That's why you should disable AutoPlay/AutoRun on a PC where you use > random-read/random-write media. > > > > Hold down right shift key when inserting your media if you don't know or cannot disable the autorun. This will do it for you, but ONLY for that go around. -- "Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh.. nudge this boulder right down a cliff." - Goblin Warrior |