Adober.exe, Flash Drive Trojan Horse

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by comstarr, Feb 24, 2008.

  1. comstarr

    comstarr Private E-2

    Hi everyone,
    I was wondering if anyone can help me with this problem?

    I have some sort of Trojan Horse on my flash drive (Kingston Data Traveller). I went to a stationary store with the flash drive to print out some call cards and must've got it from the store. I opened the Flash Drive on my ThinkPad which runs Windows XP Professional OS. It was immediately detected by avg (free edition). I clicked on the Heal button but got a description that it is unhealable. I ran the avg again from my laptop and found two errors in the virus vault: Virus name: Generic.SV (Worm) File name: AdobeR.exe; and Generic.ZWE (Trojan Horse) File name: ctfmon.exe; with paths to the E drive (USB port).
    I closed and ejected the flash drive, then ran the scan on my laptop and got no errors. I plugged back in the flash drive and got a Threat Detected message from avg showing 1 error: the autorun.inf file was infected. No other detections.
    I did not execute/open any file on the flash drive.

    I searched for answers on the net but found only ones in French and Vietnamese - Nothing in English. I translated the page but the translator did not do a good job. On antivirus websites I did not find any solutions, can someone point me in the right direction?

    I was wondering:
    1. How would I know if my laptop was infected?
    2. Can I safely wipe the 2 errors from the virus vault? The software cannot heal the worm or trojan.
    3. How do I disinfect the flash drive?

    I found the autorun file on the flash drive and deleted it. It was created yesterday - which is when the drive was opened on the store's pc. I ran the scan again and found no threats: Does this mean I'm safe?
    Thanks.
     
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    By doing the below procedure and attaching the requested logs.
    Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

    READ & RUN ME FIRST. Malware Removal Guide


    Yes.

    Possibly but running the READ & RUN ME may still be a good idea. You said you deleted the autorun.inf file on the flash drive but did you check to make sure that AdobeR.exe does not exist on the flash drive?
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds