Win32.Vidro.xxx
Infected PC(s) have the trojan installed on the PC with files usually located
C:\Documents and Settings\LocalService\Application Data\Microsoft\[random].exe
C:\Windows\system32\[random].exe
There can be more than one set of files installed on the PC(s) due to the random file names
Personal files like music, pictures and documents are seen as becoming .exe's, for instance "......The Bangles\Greatest Hits\03 Manic Monday.exe" and the list can become quite large when all the files that like above have changed to .exe's when the .exe's are detected by security software for all of the files that people can have stored on the PC.
This gets the user just seeing all their music, photos and so on as .exe's causing possibly some panic to of "Can I get my files back............" jumping up and down. Thinking school work, work documents.....................
BUT of note all the .exe's are of the same size or approx 100 -150kb dependent on variant no matter what the size of the original files were.
The original files have in fact been set to "Hidden" (invisable) but if the active Trojan is not removed from the PC (and any other possibly infected PCs that removable drives could have been connected to) first then just deleteing the .exe's and restoring the originals back to their locations is a never ending circle as the active Trojan creates the .exe copies again, and the originals set back to hidden (invisible).
All the PC's have to be checked that have been in contact with the drive because when a External Hard Drive or Flash drive is plugged in the Trojan infects the external drives, also if there are personal files stored on the external Hard Drive / flash drive will also have the visable .exe's created with the originals all set to hidden.
Most people I know have their system settings, set to hide "hidden files and folders" so will not be able to see the original mp3's, jpg's, doc's xml's and so on.
No need to rush into things, all the personal files are gone, so go ahead and start wiping drives
Quads