I don’t know why or if this got deleted before, but here it is again:

I had a user who had some type of malware, but I don’t know what it is. Now I have it on my portable drive (after using it to back up her data) and I got it on my PC after trying to run SAV on the portable. (I had to reimage both PCs to get trid of it.) But I need to clean the portable drive before I use it again.

I have run SAV, SpybotS&D, Malwarebytes, but nothing can even detect whatever this is.
The symptoms are:
User cannot open local HD. Error message is: Cannot find RECYCLER\S-8-8-24-100026533-100007783-100027606-8409.com c:\

The malware puts a false AUTORUN entry in the context (rigth click) menu. I have found this in the registry: C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-8-8-24-100026533-100007783-100027606-8409.com C:\
Also it change the DNS entries from DHCP to 83.255.112.67 and 85.255.112.170

There was also a process running (even in safe mode) called system the was constantly using 50% of the proc time.

The user could not open or run any apps or do a proper shut down.

I could not install Hijackthis and it probably would not have been able to run anyway due to the erratic operation of the system.

Also the OS was XP Pro SP2.

Any ideas what this is or how to get rid of it without formatting the drive?

Thanks.

P.S. I forgot to say that it was also periotically trying to read the floppy drive with no disk in it.

Tagged with:

Filed under: Registry Cleaners