Robin Hoods Playground

Today I had a run in with a trojan horse known as the "recycler virus" to some. I just wanted to bring it to your attention since I know many of you work with usb flash drives. This nasty thing makes an autorun.ini and a spoof recycle bin on your usb stick or any other drive it happens across. Thankfully there is Combofix to rub it out. But the clue to watch for, is when you right click your drive, the menu says AutoPlay instead of explore or open as the default action. I am certain there is a special place in Hell for people who create this shit. When I found this on my client's PC today I thought, I should tell the guys hanging out in the deep dark woods about this beast. It took me about a good 2 hours just to ID the virus since it won't allow you to run any anti-spyware.

KBB

Avast will run but wont detect the virus. Another fix is in the registry just search for mountpoints2 and edit the permissions to deny all. Until you can delete the virus.

technoe wrote:Avast will run but wont detect the virus. Another fix is in the registry just search for mountpoints2 and edit the permissions to deny all. Until you can delete the virus.

Well not many will. I went through the arsenal of anti-spyware and virus removal. What clued me in was the behavior of his IE, the virus sends a redirect to other websites after you click on a google search. I am glad to be done with it. I hate working on a law firm's PC and having to tell the client that his workers are downloading virus from the internet. But her PC was loaded with those iWin games and crap like that, so you know she is going to get a lecture. With the PC on a network it put all the office PC's at risk.

Oh I know I'm a Network Administrator for the Army. I have hundreds of computers that I'm responsible for most on classified networks. So I, probably more than most know the danger and issues that go along with viruses on the network.