RofisLight        
Results 1 to 9 of 9

Thread: Found a Trojan horse on a new jumpdrive

  1. #1
    Flashaholic*
    Join Date
    Apr 2004
    Location
    3rd Stone
    Posts
    2,241

    Default Found a Trojan horse on a new jumpdrive

    Just a heads up, and if this is not posted in the correct area, please feel free to move it.

    I recently purchased a jumpdrive at a good price. It was in new and unopened packaging and I still found it had a Trojan horse on it.

    The product information:

    Lexar Firefly Jumpdrive 2GB. Model JDFF2GB-431 Rev. H
    UPC: 6-50590-14097-8
    Other package labeling:
    -- 2518676
    -- 1824968
    -- "China"

    There was software (Dmailer_for_Lexar_V7_0_334.exe) on the drive and my security software detected and handled the Sheur2.blp Trojan horse within it. Now I freely admit that I do not know if this might be a benign program or not, but I did not want anything on the drive at all (I'm using this USB drive for storage only).

    I run a few different anitvirus and spyware programs and constantly update them. I also have a USB specific antivirus program. All this helps, but the easiest thing to do is to always check any USB drive whenever you plug it in. I also always recommend holding down the shift key when installing a USB drive. This prevents any autorun programs that might be on the drive from starting. Just be aware that if you hold down the shift key for more than about 8 seconds it might put you into a different keyboard mode (weird characters may appear as you type and if you cannot get out of that, just reboot. Not that big a deal but it can look scary). You can right click and then select "explore" to see what is on the USB drive.

    Also, if you have installed TweakUI on your system, bring it up, and in teh left column under "my computer" select "autoplay" and then "types." Select which types you want to disable autoplay on and you're good to go.

    Good habits pay off I guess, and I just wanted to let folks be aware.
    Last edited by chmsam; 12-06-2008 at 05:55 PM.
    "Show them a light, and they'll follow it anywhere..."

  2. #2

    Default Re: Found a Trojan horse on a new jumpdrive

    There were recently stories about usb picture frames containing various viruses, they traced it to workers in factories plugging mp3 players on the computers that formatted the drive.

  3. #3
    Flashaholic* snakebite's Avatar
    Join Date
    Mar 2001
    Location
    dayton oh
    Posts
    2,349

    Default Re: Found a Trojan horse on a new jumpdrive

    false positive or a counterfiet drive.
    not that a disgruntled employee couldnt have infected the file to cause trouble.it has happened before with software.

  4. #4
    Flashaholic*
    Join Date
    Dec 2006
    Location
    Montreal, Canada
    Posts
    3,123

    Default Re: Found a Trojan horse on a new jumpdrive

    I googled the file name and there aren't any other reports, in fact the third result leads back to your thread on edcf.

  5. #5
    *Flashaholic* StarHalo's Avatar
    Join Date
    Dec 2007
    Location
    California Republic
    Posts
    9,752

    Default Re: Found a Trojan horse on a new jumpdrive

    I'd wager "Heur" is short for "heuristic", which means it's most likely a false positive. Use a big-gun scanner if you're still unsure: http://www.eset.com/products/nod32.php

  6. #6

    Default Re: Found a Trojan horse on a new jumpdrive

    I googled it too.... and here is two links
    HERE
    The "installed" files are in 2 folders:
    1. dmailer - has 1 file: Dmailer_for_Lexar_v7_0_334.exe (from reading the website, this is for a 30-day trial and I don't need this)
    2. Secure II - has both Mac & Windows subfolders

    DMAILER

    apparently there is a trial version of dmailer on that drive which is some sort of backup program
    Last edited by Lynx_Arc; 12-07-2008 at 04:13 AM.
    Fenix Split rings 1400+ sent, SWIVELS now available also!
    Psalm 112:4 Light shines in the darkness for the godly. They are generous, compassionate, and righteous.

  7. #7
    Flashaholic*
    Join Date
    Apr 2004
    Location
    3rd Stone
    Posts
    2,241

    Default Re: Found a Trojan horse on a new jumpdrive

    Very well could be a false positive. I sort of figured it might be. On the other hand since there was zero information on the packaging about any software whatsoever being loaded on the USB drive, and more importantly I wanted it for storage solely for storage, I wasn't about to chance it, especially since it tripped multiple warnings. I'm used to finding undocumented software on drives but I prefer to know about it in advance, not that it is a biggie, but getting flags from AV and malware protection always makes me err on the side of caution. It always will, too. Anything that rings security bells when you plug it in is going to get quarantined as far as I am concerned.

    I e-mailed the company from which I purchased it and have yet to hear anything from them. Not a biggie either.

    This all is "just in case" more than anything else. However, why risk a single thing especially for software you do not want in the first place even if it is benign?
    "Show them a light, and they'll follow it anywhere..."

  8. #8

    Default Re: Found a Trojan horse on a new jumpdrive

    I am guessing you can download the dmailer trial version from their site anyway if you wanted to try it later then deleting it is not a big deal.
    Fenix Split rings 1400+ sent, SWIVELS now available also!
    Psalm 112:4 Light shines in the darkness for the godly. They are generous, compassionate, and righteous.

  9. #9

    Default Re: Found a Trojan horse on a new jumpdrive

    Quote Originally Posted by StarHalo View Post
    I'd wager "Heur" is short for "heuristic", which means it's most likely a false positive. Use a big-gun scanner if you're still unsure: http://www.eset.com/products/nod32.php
    ...or use 30+ scanners: http://www.virustotal.com


    Touching on the main topic: infecting CDs, DVDs, thumb drives, flash memory cards, cameras, MP3 players and external hard drives is pretty common practice by today's malware. Here are three defensive techniques for Windows 2000/XP/Vista systems:

    1) modify your AutoPlay settings so removable devices and discs don't get AutoPlayed. Easy to do, minimal side effects.

    2) use a non-Admin user account for daily-driver stuff. This would not prevent an infected device's attack from running, but would severely limit its options when it did run. Malware is typically not designed to work within the constraints of a non-Admin user account. There can be side effects, such as stupidly-made software that doesn't work properly with a non-Admin account, but it's simple to undo if you find it doesn't work out for you.

    3) for people running XP Pro, XP Media Center Edition, Vista Business, Vista Ultimate or Vista Enterprise, you can set up a Software Restriction Policy that arbitrarily prevents such attacks. This is somewhat of a "power user" technique. Use SRP in combination with tip #2 above for the intended type of protection.


    I'd also suggest Windows users check their systems for vulnerabilities using Secunia's free online checkup, or their free installable checkup utility: http://secunia.com/vulnerability_scanning/ Secunia reports that 98% of their users have at least one unpatched program installed when they scan for the first time.

    Users of other OSes should also check their software, add-ons and plug-ins for updates, particularly stuff like FireFox, Opera, Safari, Sun Java, VLC Player, QuickTime, iTunes, Adobe Flash Player, Adobe Reader, OpenOffice and whatever else you have, not to mention your OS itself.
    Last edited by mechBgon; 12-07-2008 at 05:17 PM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •