File haijacking !!!

Hello,

we have a case at the school where students missing their files and replaced with a text files that have the same names and extensions!!


the text files has the following message:

after looking around I found that all the files are there and they are hidden and renamed Hide_filename


what disturbed us that NOD32 in our school's computer did not find the program or the script that does this!!!

any idea how to stop that?


cheers

 

Hi !

I have never seen such thing but it sounds funny ... Anyway , it is a problem for you and your users.

Download and run ESET SysInspector
http://www.eset.com/download/sysinspector.php

When the utility has collected the information , click File > Save Log
Confirm your wish. A log file , placed in a zip archive , will be created.

Contact ESET Technical Support , samples@eset.com or to your local Support Dept. (depending on where you are located).

In the email describe the case , include a link to your thread here and attach the log file . Note , you may wish to send 2 or 3 log files from some different machines , for better analysis.

 

Besides sending the SysInpspector log to samples[at]eset.com with this thread's url in the subject, also attach the default template used by MS Word and Excel. Also try installing ESET NOD32 Antivirus which has better detection capabilities than v2.

 

A couple of links that may be helpful for research:

http://in.answers.yahoo.com/question/index?qid=20080717043409AAod3bz

http://tibebeantonios.wordpress.com/2008/03/10/53wedew-aysiku/

Before you delete anything if it's that simple, I'm sure Marcos would love a copy to analyse.

Cheers