ESET Smart Security can't protect me from .lnk malware
- Thread starter Maxxx58
- Start date
- Status
@Maxxx58 If you think your PC is infected, please visit the Malware Removal Assistance forum.
http://malwaretips.com/forums/malware-removal-assistance.10/
Any malware removal should not be done outside of the said sub-forum.
http://malwaretips.com/forums/malware-removal-assistance.10/
Any malware removal should not be done outside of the said sub-forum.
- Feb 3, 2015
- 90
ah, about that, the vaccination never really worked, i have tried them before, and yes, this is a new virus. If you still find your pc infected with this shortcut, tried a noob step like i always do. launch task manager, look for any weird apps launch or at startup section. It might be there launching startup along with other startup program. right click open file location, and it should point you to where the malware are.
Simply isolate the malware folder and put it into Arvhive (Rar/ZIP). Didnt know how to do this? Let me do it for you. Im just simply crazy love malware and love to help.
Assuming that according to all of the stories here, this is a new type viruses that undetectable by AVs (Based on 3 different AV that used here, and 4 different Av engine that only able to remove the lnk but not the source of infection).
- Feb 3, 2015
- 90
Its a valid file, but i can ensure you that it didnt created there y the user themselves. Thast why i called it "left over". As it being created by the virus.
- Dec 20, 2014
- 619
Thank you all of you for supporting me! @WinXPert , @Huracan, @Khairul @NatsuruHaveALife :D @Enju
But now, I think my computer isn't infected anymore (Thanks to @jamescv7 guide above), because when I plug USB in again, it doesn't show any USB shorcut in drive. I just want to know how to protect my computer from USB infection (as mentioned above, ESET SS, Zemana and EEK can't protect me). Can someone guide me how to that because I'm very scared about that type of malware (past till now)
But now, I think my computer isn't infected anymore (Thanks to @jamescv7 guide above), because when I plug USB in again, it doesn't show any USB shorcut in drive. I just want to know how to protect my computer from USB infection (as mentioned above, ESET SS, Zemana and EEK can't protect me). Can someone guide me how to that because I'm very scared about that type of malware (past till now)
- Jul 16, 2014
- 443
It's not undetectable, but it was 0-day when he got infected with it.
The file is a legitimate and needed Windows executable, it's included in every installation and by removing it you get an unbootable system.
Disable autoplay and don't open any unknown executable files contained on an USB stick, even if it's from a friend.
- Feb 3, 2015
- 90
I agreed with @Enju disable the autoplay. It will stop it from automatically entered your PC. But still, there isn't anyway that we could say, guaranteed its 100% safe. Its still up to you to carefully examined things on the thumb drive before clicking any. Have a nice day
- Dec 20, 2014
- 619
Have a nice day, too!I agreed with @Enju disable the autoplay. It will stop it from automatically entered your PC. But still, there isn't anyway that we could say, guaranteed its 100% safe. Its still up to you to carefully examined things on the thumb drive before clicking any. Have a nice day
Before, when I use Windows XP and 7, after install Windows, I always disable autorun. But when I use Windows 8.1, I missed it (because I think most of AV can detect and kill this old type malware). Henceforth, I always disable autonrun on my Windows.
- Feb 3, 2015
- 90
Even though it look like old, but theres is always a new way hackers will make the current viruses undetected.
- Jan 9, 2013
- 1,457
360 TS (Built-in)
Autorun Protector
http://www.usb-guardian.com/
Make sure this is configure to start with Windows
The best AV will still be common sense.
- Feb 3, 2015
- 90
This viruses arrive at one of cyber cafe that are agreed to be under my watch, and we able to identify the whole part of the virus.
It mainly undetectable by most AV except:
https://www.virustotal.com/en/file/...44d7b2d6cb9f48931fbb2847/analysis/1432341188/
it hidden on 2 places which is program data, and users folder, and store part of its process on the "operating memory". Each time deleted manually, it will auto replace it self again. Once the process on the "operating memory" are killed, it cannot reproduced.
Spreading via LNK Trojan (Shortcut) and each time, the source of the malware on the thumbdrive changes ex: ~$jyckliqymkezoei.bak / ~$aazunsme.bak /~$kalmfskemd.bak
The only way to stop this is to kill the shortcut, and the .bak wont be any function at all.
And the malware files, are hell big, around 94Mb. As my internet are slow, will share the sample to this community once it has been uploaded.
It mainly undetectable by most AV except:
https://www.virustotal.com/en/file/...44d7b2d6cb9f48931fbb2847/analysis/1432341188/
it hidden on 2 places which is program data, and users folder, and store part of its process on the "operating memory". Each time deleted manually, it will auto replace it self again. Once the process on the "operating memory" are killed, it cannot reproduced.
Spreading via LNK Trojan (Shortcut) and each time, the source of the malware on the thumbdrive changes ex: ~$jyckliqymkezoei.bak / ~$aazunsme.bak /~$kalmfskemd.bak
The only way to stop this is to kill the shortcut, and the .bak wont be any function at all.
And the malware files, are hell big, around 94Mb. As my internet are slow, will share the sample to this community once it has been uploaded.
- Status
Similar threads
