Operating System » MS Windows » Windows - Virus Protection » Alert: Computer Virus Outbreaks » Trojan horse Small Computer Virus

Trojan horse Small Computer Virus

During the infected PC, when I double click on my drives, it will automatically open out a new Window. When I right click on the drive, it appeared in some double byte characters, instead of Open and Explore options. When I scanned using AVG, it shows the above Trojan horse has created as autorun.bat and autorun.vbs in my system drive and system windows file. And it is infected with "Trojan horse Small" 2.ZZ and 2.AA.

Small Virus

When I right click on my computer drive icon, I get to see the following "evil" looking options.

evil right click

I scan the entire harddisk to look for autorun.bat and autorun.vbs and remove them manually. Then I use regedit to remove the following keys by searching "MountPoints2"...

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersion
ExplorerMountPoints2{130377b4-0586-11db-bf8c-806d6172696f}]
"BaseClass"="Drive"

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersion
ExplorerMountPoints2{130377b4-0586-11db-bf8c-806d6172696f}
Shell]

@="Open"
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersion
ExplorerMountPoints2{130377b4-0586-11db-bf8c-806d6172696f}
ShellAutoRun]

"Extended"=""
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersion
ExplorerMountPoints2{130377b4-0586-11db-bf8c-806d6172696f}
ShellAutoRuncommand]

@="C:\"
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersion
ExplorerMountPoints2{130377b4-0586-11db-bf8c-806d6172696f}
Shellexplore]
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersion
ExplorerMountPoints2{130377b4-0586-11db-bf8c-806d6172696f}
ShellexploreCommand]

@="WScript.exe .\autorun.vbs"
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersion
ExplorerMountPoints2{130377b4-0586-11db-bf8c-806d6172696f}
Shellopen]
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersion
ExplorerMountPoints2{130377b4-0586-11db-bf8c-806d6172696f}
ShellopenCommand]

@="WScript.exe .\autorun.vbs"
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersion
ExplorerMountPoints2{130377b4-0586-11db-bf8c-806d6172696f}
ShellopenDefault]

@="1"

Wow, this is like having unprotected sex and got VD after that. I was lucky this time as I stick my flash drive into my mac and noticed some additional files. And immediately, I protect my other PCs with NOSCRIPT. This had prevented the virus from jumping into my computer. Another alternative is to use GPEDIT to disable the Autorun when the next time you plug in a USB drive. Read procedure.

Updated On: 15.02.22

Leave your message, comment or feedback:
Your Name (shown) & Your E-mail (hidden) is used only to alert you when someone reply your message.