Viruses: A Pen Drive story

Last semester, a lot of viruses have been spreading in pen drives and it didn’t take longer for a virus to find a seat for itself in my pen drive. The first being the Orkut virus (didn’t know the exact name)

Virus 1:

Affects: Prevents Firefox from opening and also some sites such as Orkut and Youtube,

Harm: Virus created for prank.

I got this virus from a system in my college library. I don’t know how it got into my system but I realized that it is in my system when I tried to open Firefox. It resulted in a dialog box that said

“Use Internet Explorer you dope or else”

Later when I tried to open Orkut using IE, I got another dialog box saying

“Orkut is banned you fool, The administrators didnt write this program guess who did?? MUHAHAHA!!”

The first thing that came into my mind was to google to find out more about the virus and how to delete it. Here is a blog that could help you to delete the virus.

http://my.opera.com/krishnan/blog/index.dml/tag/%22Orkut%20is%20banned%20you%20fool

Virus 2:

Affects: Creates a folder called ‘New Folder.exe’ in your pen drive and creates a copy of every folder in itself with the same name (which is actually a .exe file). For example, if you have a folder called ‘example’, you would find another folder called ‘example.exe’ inside the ‘example’ folder.

Harm: Doesn’t seem to be any harm until you accidentally tried to open the ‘New Folder.exe’ or any of the replicas. If you had done that,

1. you would not be able to open the task manager.
2. you would not be able to open registry editor
3. System slows down.

Symptoms:

1.A folder named “New Folder.exe” created in your pen drive.

2. Right Click on your pen drive. If you find any gibberish language, there is a 99.99% chance that the pen drive is infected with virus.

3. There is a replica of a folder inside each folder.

I didn’t know from where I got this virus, but the first time I found it was in my lab where the system had automatically shut down itself in order to prevent the virus from doing any more damage. It also saved me from the lab session, as I was not able to show my output. Thanks to the virus, cause I was not ready with the output.

The first thing that my friend and I tried to remove the virus was to delete the “New folder.exe” virus and also the replicas. There were more than 200 replicas. Thanks to Search feature in Windows! But the “New Folder” is created once again everytime the pen drive is loaded.

To remove the infections:

Just restore the system to a earlier date when the virus was not there. That will do temporarily to keep the system away from the virus. Now you can reopen the task manager (doesn’t work if you had tried to open “New Folder.exe” before). Beware that the infections come again if you try to load the pen drive again.

To remove the virus:

There are removal tools for this virus. One of the removal tool I came across is

http://technodigits.wordpress.com/2007/07/18/new-folderexe-sohanad-virus-removal-tool/

(Cautious Note: Use the above removal tool at your own risk)

Virus 3:

Affects: Hides the original folders and replaces it with the replicas of the same folders (but these are .exe files which look like folders)

Harms: Slows down the system. Some devices will be unable to read the memory card if plugged in through USB.

Symptoms:

1. Right Click on your pen drive. If you find any gibberish language, there is a 99.99% chance that the pen drive is infected with virus.

2. Right Click on any folder in your pen drive. If you can find “Run as”, the folder is a virus as no folder can be run as an application.

The important thing to note about this virus is that you wouldn’t even know it actually exists in the pen drive. Neither did I. When I was wondering how I managed to delete Virus 2 in my pen drive, I didn’t even know that another virus was actually in my pen drive.

When you click on the folder, you would feel as if you are opening an exe file but the resultant would be the contents of the folder (I hope you get what I mean). But that is not easy to detect, is it?

What confirmed that the virus was there in my pen drive was when I plugged in a mobile through USB to load songs. But the mobile phone didn’t find any song, as it was unable to find any folder as all it could see was .exe files. I tried to create a new folder and store the songs in it, but the virus’s algorithm is to find any folder (if existed), hide it and create a replica .exe of it. So there was no use doing it.

Cure:

The above sohanad removal tool will work for this virus too.

I deleted them using a Antivirus. But then still the actual folders were not visible. To view the folders, follow these steps.

1. Click on Start -> Run.
2. Go to the command prompt by typing “cmd” (without quotes).
3. Go to the pen drive. For example, if F is your pen drive, type F:
4. in F drive, type the following

F:>attrib –s –h /s /d

1. Wait for sometime and the hidden folders would be automatically restored.

I hope you find all the above information useful. Good luck.