Are they trying to say that you can't run an exe from a thumbdrive or that you can't copy an infected file from a thumbdrive? Weird thing to say. Or maybe they're saying that their software will stop that from happening?
Not sure if the ability to scan from a thumbdrive means that the drive has a cpu on it-you can boot an OS (eg puppylinux) from a thumbdrive and load it to RAM and use the native CPU and do lots of things. Have you got a list of running processes? Personally I'd think it was a virus going by symptoms alone but still you'd want to check so many other things-a registry that is shot for instance. Can you do a system restore? Make sure you've isolated it from the network first of course. Can you get into safe mode with command prompt? Then run netstat -a -o to see what processes are running and trying to connect. Lost email? Have you tried running searches etc? Use *.pst as a search term. Or perhaps the extension got changed. If the pst has been deleted and you've been using the machine all this time then you may find it hard to recover the file-it would have been marked as empty space and then any booting/saving of files etc will be writing to that empty space and potentially over your lost pst file. You could download some free undelete type software to see old files that have simply had their headers removed and see if you can find the file. Take an image of the drive and then at least you have a copy of what it looks like now. And make it a binary image so that you don't lose space/slack that may be important-see the security focus basics list for the thread about dd and windows disks.(I learnt something invaluable this week!) Helped me out immeasurably. Also have you tried running spybot and hijackthis in safe mode? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, December 13, 2006 9:05 AM To: [email protected] Subject: strange new virus VAR in Honolulu has a previously squeaky clean XP system now infected with sonmething strange: Symptom list: 1) All desktop icons disappeared 2) When recreated by hand, some days later they all were rendered un-runnable because they had all been renamed with an additional .lnk suffix. 3) On every boot, after the XP splash screen, but before User Login (2 profiles), there is a 4" x 5" screen with an Exit and an OK button. The screen shows a black background which overlays the XP blue login screen; it looks like a VB screen. The name in the top bar changes on every boot, such as c:\windows\system32\mup.sys, or i20mgr.sys, etc. This full file name is preceded by usually 8 small box characters. Inside the white body of the screen there are a few special characters: [\} and a character that looks like an inverse equal sign, standing vertically. 4) CTRL-ALT-DEL at this point shows you flashes of blue underneath 5) The Outlook .PST file is missing 6) My antivirus and all other SYSTRAY items are gone 7) IE6 or IE7 won't connect to home page, instead Internet Properties opwns on the General Tab 8)Trend Micro PC-Cillin 2006 sees nothing, same with their Housecall and WinSIC, or SYSCLEAN utilities. 9) MS RootkitRevealer finds nothing. Infection route: while it could have been web browsing, or email, I really think it came from an odd incident when a client came in with CAD files to print on a thumb drive. Trend says thumbdrives don't infect PCs, though I've looked at the U3.com software available for a SanDisk Cruzer (and several other makes)and it seems like there's a CPU in it, because you can scan a new PC for viruses using Avast from the thumb drive. AT one point they sent me a tool to fix the associations with applications, so that now Start Programs run most apps. However, I've lost my email. This case has been open at Trend for more than a month, and now they are telling me it is not a virus and don't worry. Not only that, when I call Trend Tech support, they hang up on me repeatedly, or put my call back in the queue, or promise to work the next day with me, and then don't. They want me to go away, but I think this is a serious threat. CAN a thumbdrive infect a system? Has anyone seen anything like this, or know how to respond to it and recover my email (besides backup)? Thanks for any leads. That can't be correct, is it? --------------------------------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
