Cheat Engine

haha01haha01 · Posted: Mon Apr 14, 2008 11:28 am Post subject: Ok, this is really weird.

i have a U3 8 GB sandisk cruzer micro usb stick, and one day i plugged it in one of my computers (where "show hidden system files" was enabled) and found out that theres an autorun.inf file on my usb stick, pointing to a file on the stick called svchost.exe. the svchost.exe wasnt the normal one, it was 222 KB, and it had the media player icon. luckily U3 usb sticks dont autorun the file, but i accidently runned it by double clicking the drive (microsoft made the autorun the deafult command when double clickin...)
anyway, every time i deleted these 2 files, they came back when i replugged the usb stick. i kept a copy of the svchost.exe on that computer, and plugged my (infected?) usb stick in my other computer. this time, instead of running the autorun and then deleting, i deleted it without running it. the file didnt come back. i used my first computer to disasm the file. it was packed with UPX. i unpakced it. the file wasnt detected as virus by norton\mcaffee\kaspersy, b4 and after unpacking. the unpacked file looked to me like it was built in delphi, but PEiD didnt recognize anything. i have to go to sleep, but tomorrow ill check if the file is invoking ws2, and what exactly is it doing.
PS: i googled the problem, no1 posted about it.

Madman · Posted: Mon Apr 14, 2008 3:34 pm Post subject:

Some USB sticks have autorun files, etc...

Psy · Posted: Mon Apr 14, 2008 3:51 pm Post subject:

They shouldn't do.
Its a common trait of some viruses/malware variants to plonk an autorun file in certain places, thus enabling themselves to execute without user intervention.

haxor5354 · Posted: Mon Apr 14, 2008 8:27 pm Post subject:

same problem with my mp3 player, i reformated it and now the firmware is gone =( couldn't even trun on

haha01haha01 · Posted: Tue Apr 15, 2008 12:22 am Post subject:

News: i disasmed he file, its loading ws2.