Odd File in Network Share

Discussion in 'Malware Help (A Specialist Will Reply)' started by myoungbl, Jul 26, 2013.

  1. myoungbl

    myoungbl Private E-2

    I was updating ATI video drives for one of my users today when his AV (AVG Free) alerted me to an infected file in one of our major network shares.

    I use MSE on almost every other PC in the building and they did not find any problems with the file. S & D Spybot did not detect anything amiss, either. Definitions were up to date. And I targeted the file inquestion to scan using bot MSE and S&D.

    The file was named autorun.inf and it was hidden. There are a couple of 'Open=' entries in it, as well as a few 'Action=' and a 'UseAutoPlay=' entries listed as well. The character casing in all entries seems random. Since it appears to be all text (mostly non-sense), I feel it would be safe to paste here.

    [dcsmzypna]
    vppohubd=cpxcj
    wcxub=vsbpwglx
    wnqhofpcuqptge=fqspixw
    ierfbnwjbquxvjy=xitgutp
    rnthztlvwhlxxph=tgqlovdjzwzk
    [autorun]
    ywgwqqzzzj=saxwiezojfhbg
    crefyjjzvgs=qmzlbdjxneiyot
    yltliwsuzpeycd=yhrihhrdrij
    dejwdznftale=jxjdbhib
    ioknsoc=7995
    simxldgafxloni=3390
    open=niAqEg.Exe
    tnhtvwcuaqnikp=1623
    fwiwyx=9647
    zitwniiffer=9976
    acTiON=24805
    lgzwfwnffbqj=sixtcotwmhjajr
    vwpwjmbdoy=ludeyamz
    pwqrxm=kpnltdysjj
    zcscegasnyrmwn=glfrxpizjohky
    embtgleol=okbueyzqtrxebdf
    usEauTOpLAY=1
    mtzqkiy=bmiywha
    dmfkpdepupavira=tlxuaqhz
    etgwn=prxtpuevbeujqzp
    xdyxknniidklip=sbpztfxqzakpwpy
    enjeitlcdctf=recxqswkvxjdo
    [bjkytsuztplaq]
    icjooh=fudvqckqphcobrq
    mbqqaeoq=jqjgtxznplbpeu
    mgdwokatax=ohxlg
    saxlcmb=jgswdzmtfog
    sklqzdxv=estby
    [trjwemiyc]
    uaujasceq=1825
    khuhb=1918
    qoghpyxw=5824
    [autorun]
    ptozngzgij=8775
    buhsubranbp=7348
    hubxjyvncnltnz=2754
    ucimkydmiopkq=xzcwagifwtd
    bsvse=ivnwkz
    npcggx=yepifaje
    hwcotjzydo=mliqgusvx
    open=Niaqeg.EXe
    tnpkucn=hrcssqxz
    ibsrnynr=xkpsn
    zpydydtdeo=xizejgyubz
    mdeizwwgll=npckzzxypvmu
    ACTIOn=21202
    lzaome=xxqfg
    ibevs=syxprpotuyaks
    funstwg=mtowgszjbgye
    bkymvqcgxfhapxw=iuwaejlxflkdzf
    wdummkxyafuboe=adrhn
    useaUToPLay=1
    axppuwbhaamsg=5420
    putyzbpn=4201
    pcjoeabmeur=2098
    [dtjsugseblyikwn]
    tfras=1132
    gzipxpc=7411
    hffxdvzy=8533

    AVG removed the file without a problem, but I'm concerned about not finding the file referenced in the 'open=' entries, which is always 'niAqEg.Exe' (character casing random, lol).

    Any ideas where I can locate this file or how to find it. The autorun.inf file is on a network share on our main server. The is the main share where our companies app resides, so everyone uses it. I've had 3 users turn up with viruses today and I can't help wonder if this file has something to do with it.

    Any help with this matter would be greatly appreciated.

    Thanks.

    Marshall
     
    myoungbl, Jul 26, 2013
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, Jul 28, 2013
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds