Got A Virus Here...

Discussion in 'ESET Smart Security' started by hiayushman, Jul 8, 2008.

Thread Status:
Not open for further replies.
  1. hiayushman

    hiayushman Registered Member

    Joined:
    Jul 8, 2008
    Posts:
    3
    Hi there,
    So this is how i made a mark in this forum....


    I plugged out my phone out of the system and checked the memory card through the phone. Fortunately the phone runs linux as OS, so could clearly see whats happening. I checked out and saw a new folder named "System" containing another folder "Security" holding a file called Driveguard.exe.
    I checked in my processes and find this process odd... flashguard.exe. Though i have terminated it from the task manager, disabled from the startup processes and has also deleted few of the suspected registry entries.

    From the "msconfig" startup list, found out that it is existing in Program Files. Went there and found just a readme file(has been attached).

    I googled but found nothing pretty. I have got Eset Smart Security(didn't detected any threat even after a scan) working all the time and utorrent 24/7. Yesterday, one of my friend used his pen drive(was clean, couldnt see any hidden file too).

    I have found this blog talking something...

    Code:
    http://blog.threatfire.com/2008/06/removal-tool-no.html


    can anyone tell me what should i do now?

    I am not able to delete the file from my Motorola phone(definitely not through windows as it fails to show any folder/file with that name and my phone comes up with an error to delete the folder or file).


    I would certainly be grateful if anyone could come up with a fix or something for it.
    (Sorry to give you all that trouble...)
    Thanks,
    anu_1128
     

    Attached Files:

  2. denno

    denno Registered Member

    Joined:
    Mar 22, 2006
    Posts:
    49
    check for default browser instance running... i.e. look for any firefox.exe or IExplorer.exe , using small amount of memory. this is how RAT call home undetected.
     
  3. hiayushman

    hiayushman Registered Member

    Joined:
    Jul 8, 2008
    Posts:
    3
    Okay,


    I havent found anything in task manager than this sprtsvc.exe taking the memory of around 200K(stopped it now). I formatted my phone so at least that can be free from the infection.

    Also, i have reported it to ESET and came with few steps to follow.


    Thanks denno for the advice...i did what you said and got the same as mentioned above.

    Thanks guys...
     
Thread Status:
Not open for further replies.