Portable malware + ipod

Samir Duran Duran

So it seems I've got a sweet new portable app on my ipod nano: badware portable.

Basically it seems to be operating from a subfolder of a hidden read-only system folder called RECYCLER, and edits my autorun.inf to do... something. Here is the text as of now:

[autorun]
open=RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
icon=%SystemRoot%\system32\SHELL32.dll,4
action=Open folder to view files
shell\open=Open
shell\open\command=RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
shell\open\default=1

I assume the above is meant to launch ise32.exe when autorun runs, yes?

Anyway it also creates files with similar names that look like windows apps:



And of course, everything associated with it is system hidden read-only and the files are recreated the moment they are deleted.

Now I would think portable walware would be a lot easier to combat but I'm just lost here, for starters I need to know how to delete that folder and if doing so would uproot this thing as I think it might.

Does anyone have some familiarity with this or do i need to provide more info?

thegloaming

Your music's on your computer, right? A full reformat (of the iPod) will probably get rid of your problem.

ben0207

Best way to be rid of it would be to first make sure your PC is clean, then to restore the iPod in iTunes, as that includes a format. Or to be sure, format it yourself as a drive then get iTunes to repair it.

Samir Duran Duran

I'm considering doing that but I thought I'd see about killing the thing first since it doesnt have a registry to help defend itself with.

wunderbar

just format it. it'll be easier, and quicker.