TechSpot

Virus on flash drive, Avira and Spybot scan and still "Cannot find Setup.pif"

By hellokitty[hk]
Mar 27, 2009
  1. I put my flash drive into an infected computer (a WHOLE ton of viruses, don't ask, silly me...) and put it back on my computer (seemingly clean, Avira and Spybot scan). When i double click on the removable disk from my computer, it says "Cannot find Setup.pif" or something of that like, happens on every clean computer now, though I've never left my flash drive on a clean computer for very long. The worst part is that now my computer doesn't give me the error anymore while all other computers do. I ran a full scan on the flash drive using Avira and I ran a whole system scan with spybot, all clean they says. I accidentally confirmed the virus: on a clean computer, I pluged it in and a virus alert came up and told me my flash drive was infected. I was in a hurry so I was too lazy to catch what antivirus it was.

    I wouldn't mind reformatting the drive, but I would prefer not to because I would have to move all the files to my computer, format, then put them back on, maybe even put the virus back.

    My flash drive doens't exhibit any strange behavior and I don't see any suspicious files.

    I just went into Avira's expert mode, turned detection levels to high, disabled smart extension list, enabled archive scanning...and I am running another scan on the flash drive, which i just finished.

    Scan results:
    First, a lot of false positives, I know they are not actual viruses, but I did quarantine anyway.
    SecondI got about seven "I:\System Volume Information\_restore{9B9B2D1D-46D-4DA8-BF21-A0DC8436EF7F}\RP395\A0164933.exe"s, with a slightly different string of numbers in the "A0164933.exe". I thought I deleted those in the last scan last week. Avira says four are "TR/Drop.QuickBatch.U.3", "TR/Drop.QuickBatch.U.1", "TR/Drop.QuickBatch.U.4", TR/Drop.QuickBatch.U.5" and another is "APPL/PsExec.F", another is "WORM/Generic.9771.1" and the last is "TR/Horse.ZW", if that helps at all.
    Actually, I found
    Ok, I just found out the autorun file said to run setup.pif. I guess that means the clean computers do not have the virus, but my computer doesn't give me the error anymore!
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    How do you know they were false positives? And if they were, why did you quarantine them?

    The malware is in the System Restore points. You can't 'delete' them. Instructions for removal will follow the cleaning.

    This is grossly incorrect.

    All the sites coming up for KAV 7.0.0.124 are Torrent sites> file sharing and/or crack sites. Whoever sent that information is not looking out for your best interest.

    This IS a Trojan. If you downloaded a crack for program, that is likely where you got it.

    IF you decide to get serious about cleaning, follow the Steps HERE.

    When finished, attach the three logs.
     
  3. hellokitty[hk]

    hellokitty[hk] Hello, nice to meet you! Topic Starter Posts: 3,435   +145

    I quarrentined them so there is no need to question me about the false positives and because I don't need the programs right now. Yes I know what all the programs are, and if it helps their all marked by heuristic means and not actual virus detections.
    Ok, guess I will just follow the steps...
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    That will be best. Then the three logs you attached can be reviewed.
     
  5. hellokitty[hk]

    hellokitty[hk] Hello, nice to meet you! Topic Starter Posts: 3,435   +145

    Thanks, I posted the logs in a new thread here.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...