Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Sed posuere consectetur est at lobortis. Vestibulum id ligula porta felis euismod semper. Donec ullamcorper nulla non metus auctor fringilla. Aenean lacinia bibendum nulla sed consectetur. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Cras mattis consectetur purus sit amet fermentum. Morbi leo risus, porta ac consectetur ac, vestibulum at eros. Sed posuere consectetur est at lobortis. Etiam porta sem malesuada magna mollis euismod. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Aenean eu leo quam. Pellentesque ornare sem lacinia quam venenatis vestibulum. Curabitur blandit tempus porttitor. Sed posuere consectetur est at lobortis.
Same happened to me. All disks (external and internal), memory cards, usb-sticks infected. Only Kaspersky detected Trojan.VBS.Agent.ck and Trojan.VBS.Agent.ch. No TaskManager, Regedit only with notepad, cursor slow, ... After cleanrig everything at the end I reformatted the OS. No idea from where the infection came. In confirm what Jem says.
This is the log file:
19/09/2008 22.38.26 Attività completata
19/09/2008 22.18.20 Non isolati: Trojan.VBS.Agent.ck J:\Recycle.bin Rimandato
19/09/2008 22.18.20 Rilevato: Trojan.VBS.Agent.ck J:\Recycle.bin
19/09/2008 21.42.23 Non isolati: Trojan.VBS.Agent.ck F:\Recycle.bin Rimandato
19/09/2008 21.42.22 Rilevato: Trojan.VBS.Agent.ck F:\Recycle.bin
19/09/2008 20.49.35 Non isolati: Trojan.VBS.Agent.ch J:\System Volume Information\_restore{61016153-E226-446A-B54F-A94478FF6F43}\RP82\A0018765.vbs Rimandato
19/09/2008 20.49.35 Rilevato: Trojan.VBS.Agent.ch J:\System Volume Information\_restore{61016153-E226-446A-B54F-A94478FF6F43}\RP82\A0018765.vbs
19/09/2008 20.46.59 Non isolati: Trojan.VBS.Agent.ch F:\System Volume Information\_restore{61016153-E226-446A-B54F-A94478FF6F43}\RP82\A0018665.vbs Rimandato
19/09/2008 20.46.59 Rilevato: Trojan.VBS.Agent.ch F:\System Volume Information\_restore{61016153-E226-446A-B54F-A94478FF6F43}\RP82\A0018665.vbs
19/09/2008 20.42.58 Non isolati: Trojan.VBS.Agent.ck c:\System Volume Information\_restore{61016153-E226-446A-B54F-A94478FF6F43}\RP82\A0014782.vbs Rimandato
19/09/2008 20.42.57 Non isolati: Trojan.VBS.Agent.ck c:\System Volume Information\_restore{61016153-E226-446A-B54F-A94478FF6F43}\RP82\A0014780.dll Rimandato
19/09/2008 20.42.57 Rilevato: Trojan.VBS.Agent.ck c:\System Volume Information\_restore{61016153-E226-446A-B54F-A94478FF6F43}\RP82\A0014782.vbs
19/09/2008 20.42.56 Rilevato: Trojan.VBS.Agent.ck c:\System Volume Information\_restore{61016153-E226-446A-B54F-A94478FF6F43}\RP82\A0014780.dll
19/09/2008 20.32.16 Operazione avviata
Als for you please submit the samples to Symantec so they can have a look.
But it looks like they are in systen restore so you could try disabling system restore and that do a full scan
I was not able to send the virus file to symantec, I think i cleared everything on my computer, but i still have the txt file of the script copied from the virus file four2one.vbs and recycle.bin
Can I submit this *.txt file to the link you provide me for virus submition?
or is there any other way i can post this txt file.
You can send the file. Symantec probably has some questions for you though. But for now all the info is helpfull
Hi jem,
The files that you've listed are in old versions of system restore snapshots. By default, we excluded System Volume Information. If Kaspersky is deleting those files on your system, that means the system restore will now be broken.
In the Norton AntiVirus and Norton Internet Security 2009 products, we have more elaborate handling of SVI, which can detect active threats running in SVI, while keeping system restore intact. I hope this helps. Please let me know if you have any other questions. Thanks!
Why is Norton typically weak in detecting autorun viruses from USB drives? Most of the times, it happens that the files are processed before Norton does anything and then autorun viruses spread like wildfire. Further sometimes the viruses are not detected at all.
In comparison, particularly Kaspersky detects very fast before you do anything.
Please guide as to whether norton is not capable of handling these viruses?
Of course Norton is capable. The only problem is that in N360 the /System Volume Information/ folder is listed as an exclusion, removing it from risk scanning. Unless there is active malware running from the SVI, Norton will ignore SVI.
What are those specfic viruses that Kaspersky detected which Norton did not? What were the sympotms? And then, of course the files must be processed before you have access to the flash drive.
Just wondering if your norton 360 is near expiration? If it is you may try uninstalling N360 to see if the infection goes away?