Gaming [Threat Detected]

[M]artin

.
Member
Joined
Nov 7, 2006
Messages
3,658
Trophies
0
Age
32
XP
959
Country
United States
A few days ago, a friend of mine plugged in her flash drive into my desktop. ESET instantly popped up with the message below:

2nc47xf.png


She's accessed her flash drive through my desktop on a number of occasions and ESET never gave us any problems. I choose "Delete" and ESET hasn't been giving us any problems since then. However, I'm still curious as to what it was on that flash drive that caused this, and should I be concerned?
 

Lee79

Hyper...Active...Team Fortress 2 Addict
Member
Joined
Jul 29, 2007
Messages
920
Trophies
0
Age
42
Location
ctf_2fort
Website
steamcommunity.com
XP
210
Country
Autorun.inf (An INF file or Setup Information file is a plain text file used by Microsoft Windows for installation of software and drivers.) is a autorun file so when you plug it in it will auto run some software and try and install it on your PC could be legit or could be a virus so NOD32 flag it to protect your computer.
 

[M]artin

.
Member
Joined
Nov 7, 2006
Messages
3,658
Trophies
0
Age
32
XP
959
Country
United States
da_head said:
well if it detected it, then there should be no worries amirite?

but wth is eset? never heard of it.

ESET Software. I'm currently using ESET Smart Security.

QUOTE(Lee79 @ May 17 2009, 03:14 PM) Autorun.inf (An INF file or Setup Information file is a plain text file used by Microsoft Windows for installation of software and drivers.) is a autorun file so when you plug it in it will auto run some software and try and install it on your PC could be legit or could be a virus so NOD32 flag it to protect your computer.
Thanks. I flagged it. I have a flash drive similar to the one she used and it never contained any embedded Autorun software or anything like that IIRC, most likely not safe.
 

Salamantis

Well-Known Member
Member
Joined
Feb 20, 2007
Messages
1,942
Trophies
0
XP
367
Country
Canada
da_head said:
well if it detected it, then there should be no worries amirite?

but wth is eset? never heard of it.
ESET is the company that makes Smart Security and NOD32.

EDIT: Martin beat me by a few seconds, damn
tongue.gif
 

Lee79

Hyper...Active...Team Fortress 2 Addict
Member
Joined
Jul 29, 2007
Messages
920
Trophies
0
Age
42
Location
ctf_2fort
Website
steamcommunity.com
XP
210
Country
If you have a copy of the file "Autorun.inf" you can open it with Notepad and it should tell you the files it is trying to install.

For example this Autorun.inf file on my PC's HDD (i did a search for "*.inf" files the * is used as a wildcard, any name) looks like this when I open it with notepad

Code:
[autorun]
icon=App.ico
open=CodecInstaller.exe

Which means it auto runs the CodecInstaller.exe when it is executed
 

FlatFrogger

Well-Known Member
Member
Joined
Apr 20, 2007
Messages
291
Trophies
0
Age
110
Website
Visit site
XP
131
Country
Lee79 said:
If you have a copy of the file "Autorun.inf" you can open it with Notepad and it should tell you the files it is trying to install.

For example this Autorun.inf file on my PC's HDD (i did a search for "*.inf" files the * is used as a wildcard or any name) looks like this when I open it with notepad

Code:
[autorun]
icon=App.ico
open=CodecInstaller.exe

Which means it auto runs the CodecInstaller.exe when it is executed


This.

Its worth finding out of if its a real threat or its a false detect, if its the latter submit it for analysis.
 

Law

rip ninjacat that zarcon made me
Member
Joined
Aug 14, 2007
Messages
4,128
Trophies
0
Age
29
Location
‭jerkland
Website
www.twitch.tv
XP
302
Country
I remember something similar that was happening on the college PCs, whenever you would put a flashdrive in it would copy an autorun.inf file and a folder onto it, and then when you placed the flashdrive into another computer it would copy the autorun.inf and the folder somewhere onto the hard drive. Cycle repeats, thousands of computers infected. I think it was rather harmless, though.

Find out where else your friend has been using their flashdrive, those computers might still be infected. I remember my AVG was bitching at me for a while about it, literally everytime I got home from college and used my flashdrive in my laptop. Stopped using my flashdrive at college, never happened again.
 

zeromac

Finally reached 1000 posts EXACTLY
Member
Joined
Mar 7, 2009
Messages
2,193
Trophies
0
Age
24
Location
Earth
Website
Visit site
XP
242
Country
wait.. im not trying to freak you out our anything but wasn't that the april 1st supposed virus? it could spread by flash drive and when u plug in a flash drive into ur comp there would mysterysly be another folder that would instantly open
 

moodswinger

Well-Known Member
Member
Joined
Sep 6, 2008
Messages
237
Trophies
0
Age
32
XP
128
Country
@ zeromac, I think we need 1 more evidence to confirm that, did the icon of the flash drive turned into a "folder" icon? Cause if it did, it probably is the Conficker worm.
 

xcalibur

Gbatemp's Chocolate Bear
Member
Joined
Jun 2, 2007
Messages
3,163
Trophies
0
Age
31
Location
Sacred Heart
XP
657
Country
Law said:
I remember something similar that was happening on the college PCs, whenever you would put a flashdrive in it would copy an autorun.inf file and a folder onto it, and then when you placed the flashdrive into another computer it would copy the autorun.inf and the folder somewhere onto the hard drive. Cycle repeats, thousands of computers infected. I think it was rather harmless, though.

Find out where else your friend has been using their flashdrive, those computers might still be infected. I remember my AVG was bitching at me for a while about it, literally everytime I got home from college and used my flashdrive in my laptop. Stopped using my flashdrive at college, never happened again.

Yeah I had that same one only it disallowed access to task manager and folder options and it duplicated each folder by creating a shortcut to itself inside the folder.
If it has "new folder.ink" at the root, its probably this.
 
General chit-chat
Help Users
  • No one is chatting at the moment.
    Guggimon @ Guggimon: NSO EP sucks who agree with that???