jonathan80 0 Posted December 25, 2016 Share Posted December 25, 2016 I had this weird trojan, originally started from a js file, and, I have not quite managed to remove all the bad files. Now that 25th December 2017 is today finally my DVD drive eject is working, it was blocked, I wonder which virus blocks the opening and closing of my DVD drive, I thought this was a hardware problem initially, however, the infection came after the problem was observed where .js files messed up some of my files and corrupted them. I think I deleted the files that were converted to .html, basically the script changed the format, I cleaned out some of them. Now a side effect is that I insert my USB stick and the computer is creating a shorcut to C:\Windows\system32\rundll32, and I wonder if this is the system file or another rabbit hole created by the virus. Originally the virus was found in a spam folder, when I was reading Yahoo Mail! [www.yahoo.it]. The RAR file can be opened with the application WinRAR available at www.rarlabs.com. rundll32.rar Link to comment Share on other sites More sharing options...
jonathan80 0 Posted December 25, 2016 Author Share Posted December 25, 2016 (edited) Basically my computer is blocking either the DVD writer or the USB external drive, what are the roots of this legacy OS, is it the OS that is infected? Edited December 25, 2016 by Marcos Personal post address removed for privacy reasons Link to comment Share on other sites More sharing options...
ESET Moderators Aryeh Goretsky 390 Posted December 28, 2016 ESET Moderators Share Posted December 28, 2016 Hello, This sounds like it might be a USB autorun worm of some kind that is modifying HTML and JS files on your system in order to include a link to a network-based copy of itself. If your copy of ESET's software didn't detect it, you may wish to send some copy of the infected file, as well as a few modified files to the virus per the instructions in ESET Knowledgebase Article #141, "How to submit a virus, website or potential false positive sample to ESET's lab." Regards, Aryeh Goretsky Link to comment Share on other sites More sharing options...
Recommended Posts