Computer problems,Computer help
*AX SOFT>>>Security

What threat does Generic!atr pose?

About 6 months ago I got a trojan/worm on my flash drive. I started having problems opening it - I couldn't click on it to open; I had to go through auto play each time. When I plugged my flash drive into my own laptop, Norton Antivirus alerted me that there was a virus on it. I went through the steps to clean it, and even double-checked and went through the system restore files. I never had NAV detect it again, but I kept having trouble opening my flash drive. Eventually my hard drive got old and broke, so I just got a new computer that has McAfee trial software on it instead of NAV. When I plugged in my flash drive McAfee told me that I had Generic!atr and removed it. Now I am able to open my flash drive normally again. So I'm wondering why didn't my NAV clean it like it said it did, why the trojan wasn't detected again, and what harm could it have done these past 6 months? I always kept my NAV updates current. I couldn't even find info on Generic!atr on Symantec's site. Thanks.

The trhreat is low for such worms.

All it done is to copy some lines in JavaScript in autorun.inf folder located on the flash drive.
This info then copy onto your hard drive and execute everytime you access your flash drive.

Windows by default has autorun option enable, so they read automatically any flash drive, CD/DVD disk etc.BY READING INFO containing in AUTORUN.INF file.

When this file changed by a worm, swindows execute this worm first when you put a CD/DVD disk, or a flash drive,before read any other info and that makes the autostart of a CD/DVD or flash drive hard.

a typical autorun.inf file contain this:

[autorun]
open=setup.exe
icon=setup.exe,0
so windows run automatically setup.exe located on a CD/DVD,

OR

[autorun]
open=explorer.exe
so windows will open explorer to see the files from a disk or FLASH Drive.

If this change to something like:

[autorun]
open=worm.exe
shell/execute=worm.exe
open=setup.exe
icon=setup.exe,0

then wormexecuted before other info, and that has as a result you can't access disk properly.

Antivirus companies called it generic!atr worm, cause it's a worm with generic attributes, and threat of this worm is LOW. You just can't access your drive properly.

NAV found this threat and probably delete it and DISABLE AUTORUN from Windows. So Autorun.inf files couldn't be a threat and you could see contains of a flash drive properly.

When you got your new PC, AUTORUN option was ENABLE by default, again windows read the autorun.inf file from your flash drive, and that made acces to the drive difficult.

Ofcource AUTORUN.INF FILE can contain more commands than the simple examble I gave you above,(write something to registry, execute a program etc. so worm can cause more damage.

A general protection is to disable WINDOWS AUTORUN OPTION.

See here how to disable it in VISTA:l

http://forums.pcw.co.uk/thread.jspa?thre...

For windows XP see here:

http://www.pcdoctor-guide.com/wordpress/...

Another way, if you want AUTORUN OPTION ENABLE, is to :
START/SEARCH search for autorun.inf files, open each one with notepad and delete from there any line such :

"open=worm.exe
shell/execute=worm.exe" or simillar, when "worm.exe" is a name you don't know.

Best of Luck

Tags
  General - Computers & Internet   Software   Security   Programming & Design   Facebook   Flickr   Google
Related information
  • What registry key keeps information about services that run when a computer is booted into Safe Mode?

    While in Safe Mode, Windows will only load a very basic video driver along with just the essential files needed to run the operating system. Some functions, such as Network connectivity, will not b...

  • For pc repair guys?

    What are you doing this for? If you delete a partition, you WILL loose all the data. If you simply want to reinstall windows, you don't need to delete the partition. Too many people a...

  • When I am installing and downloading commando, am I spposed to turn off the windows xp firewall.?

    yes, just go to control panel>security center and click turn off. After the comodo does a scan, it will reboot the computer and the comodo should be in your taskbar (at the bottom right) and cl...

  • HelpI tried to install comodo firewall. did not know if I was supposed to turn off windows xp firewall, so I?

    I have windows xp too,and I downloaded Comodo Firewall pro,last night,I also turned my firewall off,and after the malware scan I just kept doing what Comodo said,I think I rebooted,and later I chec...

  • Security Toolbar 7.1... what should I do ?

    I would be surprised if Super *doesn't* remove it, but if it doesn't, RogueFix is said to remove Security Toolbar: The program just runs from your desktop and you simply delete it when ...

  • Please help..did not get help on my last tweo questions & am very worried about a computer security question?

    It sounds to me that comodo was not installed correctly and is faulty. You are correct, you can't have two firewalls running at the same time. I have been building and repairing compute...

  • Is there a system that could be set up to infiltrate noises in a different location?

    Yes. You can build and RF noise generator that would produce noise on other equipment but I must warn you, IT IS ILLEGAL to produce RF noise by any means for the object of bothering someone or inte...

  • Anyone know spy sweeper?

    ya ur ok and if spy sweeper didnt close the page , u dont need to close it and never use spyware doctor its not good at all tc

    ...
    •  

    Categories--Copyright/IP Policy--Contact Webmaster