Need help deleting virus on memory stick

Darkphenom

Ok so I am running vista home premium 64-bit and I have Norton 2010 installed.

Whenever I plug in one of my 3 memory sticks into my computer I sometimes get a warning from Norton saying that it has blocked some virus sometimes called autorun.inf and other times microsoft_hbkl32.exe . When I run a scan my computer picks up a virus called microsoft_hbkl32.exe and recently has picked up on server.exe .

These viruses keep coming back (even though norton says taken care of :mad:)
I tried to delete them manually but they replicate.

I have tried formatting my memory sticks but they still come back!

I am thinking of backing up all my files to an external hard disk so I can wipe everything and reinstall vista, but i am worried that the viruses will spred to the external hard drive. Any advice on this or on removal of these viruses?

Any help would be greatly appreciated!

u140acro3xs7dm

Well if you have properly reformatted them it might just be a false negative. Maybe try the tips in this post to be sure.

Zillah

Norton is a steaming pile of chocolate surprise. Uninstall it immediately and use any one of the excellent free anti-virus programs, like avira, AVG or pay a nominal amount and use the outstanding malwarebytes (scan mode is free, active shield requires registration).

Suffice to say, if you've formatted the flash sticks then it is a false positive.

Darkphenom

I have formatted and reinstalled vista, which was well needed.

I backed up everything from a ubuntu installation on a separate hard drive.
I will format the flash sticks again in ubuntu, to be sure, to be sure.

Just wondering, is the free Avast as good as other products you pay for?

b1rd_t3h_w0rd

First, sorry for resurrecting an old topic. This is not a false-positive though. You can't see it on your FAT drive because it has been linked in an NTFS-stream way. Windows has a "feature" that allows you to hide a file with NTFS-streams, however it is not supposed to work to FAT. Well it does. Why am I posting? Because I have isolated the worm and I am working on reverse-engineering it. I have come up with a solution for locating and removing the worm. Using a Live Linux CD, I opened the device and opened the autorun.inf file to locate the worm. Mine was in the Recycler folder (which you also can't see in Windows Explorer). I went ahead and isolated the worm to a different device, and removed the autorun.inf file, and then rescanned and the worm not detected anymore. As for what the worm does, I am working on that. I have a feeling that it spreads from one flash drive to the next if there is more than one plugged into a system, but I won't be sure until more decompiling is complete.

~b1rd5_t3h_w0rd

Darkphenom

b1rd_t3h_w0rd wrote: »

First, sorry for resurrecting an old topic. This is not a false-positive though. You can't see it on your FAT drive because it has been linked in an NTFS-stream way. Windows has a "feature" that allows you to hide a file with NTFS-streams, however it is not supposed to work to FAT. Well it does. Why am I posting? Because I have isolated the worm and I am working on reverse-engineering it. I have come up with a solution for locating and removing the worm. Using a Live Linux CD, I opened the device and opened the autorun.inf file to locate the worm. Mine was in the Recycler folder (which you also can't see in Windows Explorer). I went ahead and isolated the worm to a different device, and removed the autorun.inf file, and then rescanned and the worm not detected anymore. As for what the worm does, I am working on that. I have a feeling that it spreads from one flash drive to the next if there is more than one plugged into a system, but I won't be sure until more decompiling is complete.

~b1rd5_t3h_w0rd

After I formatted all my memory sticks to FAT with a live ubuntu cd, I have had no more problems (that I know of). Reverse engineering... that sounds like a complicated job :eek: