Member Avatar for Cyber 14

Hello,

Earlier this morning, after a scheduled McAffee scan, I looked through my quarantine section and found the Autorun Generic!atr trojan on my K drive flash drive, a Cruzer micro. It had picked it up on the 20th, which was the first time I had inserted the drive into my pc since coming back from vacation, where I used it often on various pcs. A manual scan of my flash drive also found the Recycler virus W32\IRCbot.gen.a, which the autorun is apparently a part. Now, McAffee quarantined them immediately and subsequent scans of both my flash drive and my PC came up clean, but the question still bugs me. How did it get there. I haven't copied or moved anything except a couple of photos onto my flash drive in months, and a scan before I left for vacation came up clean. I must have picked it up on vacation. But I always thought that something could only infect a flash drive if something is manually copied to the drive. Am I wrong? Can they become infected by just being connected? This has me very worried.

It's a stretch, but could this be a false positive? I've attatched the log info below.

Thank you.

Peace out and God bless.

3212333.png 32.79 KB 32133.png 27.77 KB
  • 2 Contributors
  • 4 Replies
  • 111 Views
  • 2 Days Discussion Span
  • Latest Post Latest Post by Cyber 14

Recommended Answers

All 4 Replies

Member Avatar for rch1231

It is my understanding that all you have to do is connect the drive to an infected system and you are open to getting a virus. Many viruses look for the addition of a drive and copy them selves the moment they detect a new arrival.

Member Avatar for Cyber 14

Hm. Guess I'll have to turn on write protection, then.

Is there any way this could have been a false positive?

Member Avatar for Cyber 14

Hello,

I apologize if this is a double post, but new info has come to light that makes me reevaluate the question slightly. I posted earlier in the thread 'Virus on Cruzer?" It is not neccessary to read that thread to understand this question, but I would greatly appreciate it if you checked that thread out too.

Now. I've read up on the W32/IRCbot.gen.a virus and it usually writes itself into the root or drivers directory, not the recycle bin. Could this have simply been an infected file that was deleted before it could do any harm, and compressed into the recycle bin, to eventually be found and promptly eaten by McAfee? To my knowledge, this is the first time that I can ever remember scanning my flash drive for viruses. Could it simply have found something that had been there before, but was compressed on deletion?

I've attatched the McAfee log file image below for convenience.

Thank you.

Peace out and God bless.

3212333.png 32.79 KB
Member Avatar for Cyber 14

Sorry for the double post, but I can't find out how to edit earlier ones.

Is it possible that this virus was lying dormant until a certain button or action was taken on the drive? On this vacation was the first time I've ever poked around with the U3 system's functionality as a tool. Just curious.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.