Friday, May 1, 2009

Virus on a NEW MP3 or USB stick?!?

Recently, I went out and bought my wife a nice little mp3 player. I bought a Green, 2GB iVO-Sound m220 Clip On MP3 Player, and it was only $20 from Microcenter.

After making the purchase, I went home and started to set up the new player. As soon as I plugged it in, my AVG anti-virus popped up to tell me I have a Trojan... ahhh, what? I just bought this thing!

It turns out this is NOT unique to iVO-Sound (Bay Consumer Inc.) products, but to ANY similar product made in a foreign country. In most cases, it comes from China. A worker will put a Trojan set to install when windows autoruns the new MP3 player. It does this by accessing an autorun.inf file that was placed there by said evildoer. If successful, this Trojan can be used for various purposes, such as identity theft. Bummer.

"So what exactly happened?"

As soon as I plugged in the MP3 player, AVG says it has detected Trojan horse PSW.Agent.YOM.

"So what, just delete the file..."

That's where this virus gets tricky! Windows Explorer loads the start.exe (the Trojan) as a CDROM drive! You can't just delete a CDROM... sneaky sneaky... So what can we do about it?

Never fear "Panda USB and AutoRun Vaccine" is here! Simply go to:

and select the USB drive letter... and.... vaccinate! That's it. Even though that should work, we still have to make sure.

Next download Autorun Eater:

and run it. It will make sure the autorun.inf bad guys won't cause any more harm.

Finally, scan your new MP3 player and computer with your anti-virus program. This should double check that all is clear. If Autorun Eater doesn't find anything when you are done with your virus scan, feel free to uninstall it.

Now it is time to put some songs on that neat, green thingy so my wife can use it... now that it will no longer compromise my network security.

1 comment:

  1. hey! i tried ur method which installing both the vaccine and autorun eater, but it doesnt work on my mp3. The mp3 which i just bought recently looks exactly like yours! would the trojan horse "sneak into" my compunter if i do NOT run the hoax "cd" ?