Malware transmitted via camera SD card!

  bamfiesler 08:48 02 Feb 2009
Locked

I have recently been abroad and uploaded some pix from an internet cafe in Singapore. While I was truing to do so, another, yet damaged, copy of the pictures folder suddenly appeared on the camera folder which, incidentally, I had to open as a drive, and not as a camera.

I never thought any more about it until now, when the camera has done the same thing: opening as a drive with that damaged copy og the DCIM folder sill there. I ran a scan on it and found nothing, yet when I try to open the drive or explore it, My Documents opens up and a the firewall warns me of 'system.exe' trying to access the web, which I've denied, every time. Now here comes a scary part: when I tried to open the Task Manager to see what processes are running, an alert box popped up saying 'Task Manager has been disable by the administrator', which is me, and I haven't.

I think either the admin at that cafe, or an program on that pc I used, dumped something onto to camera. Questions: Do you guys think I should wipe the camera (I'd hate to lose the pix, but so be it) and how do I get Task Manager back? Must go do a full scan. now.

  Technotiger 08:53 02 Feb 2009

What is more important - the pics or your PC?

'nough said!

A System Restore should get your task manager back.

  bamfiesler 08:56 02 Feb 2009

I fear the damage is already done: Sysrestore is off.

  bamfiesler 08:59 02 Feb 2009

Hold on - I usually have it off, but I must have kept it on after the last re-install. Here goes. Keep posting any ideas as to what this thing is, guys! I get the impression it's trying to export My Documents to a computer somewhere.

  Technotiger 09:04 02 Feb 2009

And I guess you had not made a backup??

A hard way to learn a lesson.

Well, first I would burn that Card from the camera (not the camera).

Try another card and see if that behaves ok. Just to check that the in-built memory has not been affected.

You could also try SHIFT+CTRL+ESC to launch Task Manager.

If you have your original OS disc, try a Windows Repair.

  bamfiesler 09:40 02 Feb 2009

Sysrestore has got Task Mananger back and has removed 4 entries that appeared when I ran HijackThis. I've formatted the disc on the camera, I had to. I've lost loadsa pix but as Technotiger says: 'What's more important'?

I'd still like to know from forumites what this guy did. The more I've thought about it, the more sus I've become of him! I was in a booth and as soon as the camera came up as a drive, it only gave me the option to either take no action or to open a folder. So, as I was sniffing my way around, I noticed the damaged icon of the second, new DCIM folder. I now recall that when I started tampering with that, he appeared in my booth in a flash, doing stuff like showing hidden folders in Folder Options, but by the time I saw my pix my curiosity was dampened. Also, a day later, in the same place at another booth, I saw jpegs of people's bank details sitting on the desktop! I just thought it was punter carelessness and told the guy; I now think he is waay dodgy!!

So, how did he drop an executable file onto my camera so quick, and without me knowing about it? I'd like to know.

  bamfiesler 09:43 02 Feb 2009

Also, how come AVG never sniffed a thing, yet HijackThis got it??

  MAJ 10:16 02 Feb 2009

If you have an SD card reader, either a standalone reader or one integrated into your PC or printer, download CampicRestor click here disconnect from the internet and try to restore your pictures from the card using CampicRestor.

  bamfiesler 10:32 02 Feb 2009

MAJ,

I've already wipe the camera.

  bamfiesler 10:36 02 Feb 2009

Ok, here's another thing about all this. Sysrestore seems to have got rid of it all, but when I went into Safe Mode to do a full virus scan the Administrator -of which I am - is now asking for a password, yet I can't see Administrator in my User Groups, only my name and that I am the Admin. How has this guy done this, and why hasn't Sysrestore wiped it?

  Forum Editor 10:42 02 Feb 2009

and how it happened - you'll be none the wiser if you find out - and concentrate on getting your system into order.

In future I'm sure you'll avoid connecting your camera or its SD card to any computer in an internet cafe - wherever it is.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

The Evil Within 2 review-in-progress

Photoshop CC 2018 released with new Curvature Pen and better brush tools

Camera tips to take better iPhone photos

Les meilleures applications de covoiturage 2017