Trying to figure out what these files are ...

Posted by: six_of_one

Trying to figure out what these files are ... - 03/17/10 09:56 AM

Hey hey!

So for work I run two MacBook Pros -- sometimes in Windows under BootCamp and sometimes in OSX. When I transfer stuff from the Windows environment using a jump drive, I keep getting these files showing up when I read the drive in OSX:



At first I thought it might be a virus, so I downloaded and ran AVG on the Windows side, and that found nothing. So I downloaded Kaspersky for the Mac and scanned the jump drive, and again, nothing. I did erase the jump drive a couple times with Disk Utility on the Mac, but the files show up again when I've used the stick in Windows -- so it's acting very virus-y in that it seems to replicate, but neither anti-virus package flagged the files ...

So does anybody have any idea what these files are for and if they're something I should worry about?

Thanks =)
Posted by: John Rougeux

Re: Trying to figure out what these files are ... - 03/17/10 10:18 AM

I wonder if they make the jump drive appear on your desktop in windows?

Otherwise, yeah, they would seem like a virus.
Posted by: Jim_

Re: Trying to figure out what these files are ... - 03/17/10 11:22 AM

It's a virus/trojan or whatever, Google y6cqb2is.exe.
Posted by: MacBozo

Re: Trying to figure out what these files are ... - 03/17/10 11:32 AM

Do they make a condom for jump drives? laugh
Posted by: kjbrown88

Re: Trying to figure out what these files are ... - 03/17/10 11:44 AM

Hi,
The autorun.inf is for when you use the jumpdrive in windows it auto starts the y2cqb2is.exe file, which is Malware and if you want to know how to get rid of it go here: http://hotzone-it.blogspot.com/2010/03/how-to-remove-y6cqb2isexe.html
Hope this helps!
kjbrown88
Posted by: Jim_

Re: Trying to figure out what these files are ... - 03/17/10 01:02 PM

I saw that page, I questioned its usefulness though.

After having time to check I see it seems to be part of a brand new trojan actually, Troj/Taterf-G.

http://www.sophos.com/security/analyses/viruses-and-spyware/trojtaterfg.html
Posted by: six_of_one

Re: Trying to figure out what these files are ... - 03/17/10 05:30 PM

Oddly, I did google that and got no hits at all -- maybe it's *really* new ;-)

Thanks for the links though -- I'll take a gander =)
Posted by: Jim_

Re: Trying to figure out what these files are ... - 03/17/10 05:59 PM

I don't see any removal tool yet unless you know the geekery of Windows.

I'm sure there will be a fix shortly. How long has that been happening? If not long ago it has to something done recently. Damn Windows only pr0n viewers.

Another Windows formatted flash drive or HD from a different machine maybe?
Posted by: six_of_one

Re: Trying to figure out what these files are ... - 03/17/10 06:02 PM

Well, these are show machines, so exceedingly rarely are they connected to an internet connection lest something decide to update during a presentation. Most likely the bug came from a client's flash drive or something.

I tend to be a bit snobbish with my pr0n and only indulge using OSX ;-)
Posted by: Jim_

Re: Trying to figure out what these files are ... - 03/17/10 06:03 PM

Quote:
I tend to be a bit snobbish with my pr0n and only indulge using OSX ;-)
It plays much smoother.