locked
DarksUSB.exe virus...Anyone speak Spanish?? RRS feed

  • Question

  • Hi. Does anyone know anything about DarksUSB.exe? I think it's a virus/trojan and relatively new. Someone on our network said she got the program onto her USB thumbdrive somehow. We think one of the computers she was using might be infected, but that's all we know.

     

    Anyway, the Spanish population seems to know more about it, since when I Google the virus, I get alot of Spanish websites. But I can't read Spanish and the Google translator doesn't help much:

     

    http://foro.el-hacker.com/index.php/topic,104084.msg391507.html

     

    or here:

     

    http://www.el-hacker.com.ar/showthread.php?t=2825

     

    Can anyone translate this and give me an idea what it means? Or where else can I go to get more info? Thanks.

    Friday, November 16, 2007 9:23 PM

All replies

  • Hi ...

     

    I am not sure if you fixed this problem, but i had the same problem and its annoying.

     

    If your tumb drive is infected and you connected to your pc... just by plugging it in your pc is now infected. If someone else connects their usb drive they will infected.  If you are infected your SHOW ALL FILES options is gone... they ha

     

     

    One way to know that you are infected is by checking the name of your drive. Instead of USB DRIVE or FLASH DRIVE it will say Aplicaciones Portables ... and it will change your OPEN to ABRIR and things like that.

     

    How to remove it .... here it is:

     

    Go to TASK MANAGER and close the process DARKSUSB.EXE

     

    Check if you have the virus in your tumbdrive. ( you may not be able to check it at that moment , because you can not see the Invisible files).

     

    Go to RUN >  REGEDIT

     

    Then click COMPUTER and hit F3 ... Search and delete everything from DARKSUSB

     

    After deleteing all the files with the name DARKSUSB .... go to the following registry

     

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL

    at your right side you will have a CHECKEDVALUE ...open it and change the value to 1.

     

    After that... you can now do the SHOW ALL HIDDEN FILES .... Please delete the DARKSUSB.EXE and the AUTORUN.INF from your thumbdrive or usb drive.

     

    Please check your SYSTEM32 Folder.... Dont forget to have the SHOW HIDDEN FILES enable. Search for DARKSUSB.exe and delete it. (Remember to close the process DARKSUSB.EXE )

     

    That should be all... Please.. let me know if you have any question. I am worry of this because the AV does not pick it up.

     

     

     

     

    Thursday, December 6, 2007 4:10 PM
  • Your post was perfect, thanks a bunch!

    Sunday, March 23, 2008 4:47 AM
  • I followed all the steps except for when you say we should go to registry.  Where do I please find the following Registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWAL.

     

    Thank you So much!! =)

    Wednesday, January 28, 2009 10:51 PM