I purchased a usb key slash mp3 player slash fm tuner slah voice recorder to use for school off of ebay. It's no name, but I had a similar one before with the name hung ye on it. I love it becaues it requires no proprietary software to put files on it. And it automatically just plays the music files. It screwd up with folders but I'm not trying to sell it to you.

I noticed after I plugged it into my laptop that my laptop started doing well funny things. My mouse clicks became useless. Windows flashed on the taskbar for no reason. And my internet was incredibly slow.

I installed ZoneAlarm to get to the root of the problem, at one point it blocked more than 500 attempts to send data off my laptop to an IP address that seems to trace to somewhere in asia. I have the IP address saved, and the arin.net/whois and arnic.com whois page info there too.

I am wary of plugging it in again, but would do so once more just to see if there's a way to still make use of my usb key and voice recorder. The last one I had like this had a hidden .asm file on it, I can no longer see that file in a windows environment.

Would anyone like to work with me on the case of the fracked usb key?

at309alerts.txt
Description:	this is the trail I followed, although I may have gone in the wrong direction entirely. I'm new to this.	Download
Filename:	at309alerts.txt
Filesize:	3.55 KB
Downloaded:	30 Time(s)

sweetdreamr, Based on what you have described, I would first assume that the malware has been firmly installed on your computer. So the first priority is on removing that -

http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction


The next step is dangerous because you are playing with a device that has live malware. A single misstep could cause the infection to return and undo all the work you did to remove it. Also keep in mind that the infection may have already spread to any other USB device you have connected to your computer. Disabling Autorun also makes many situations less convenient - such as iTunes and inserting a CDROM.

Disable Autorun on the USB drive so that you can insert the USB key and remove the malware. Follow the steps at enabling and Disabling AutoRun in windows explorer :

http://msdn2.microsoft.com/en-us/library/bb776825(VS.85).aspx#nodrive

In my case with XP, this wasn't enough to stop AutoRun - I also needed the following step:

sc stop ShellHWDetection & sc config ShellHWDetection start= disabled

For anyone interested: here is a harmless but attention-getting demo of the problem. Create the following file named Autorun.inf on the top folder of a USB drive. This is how malware can easily spread.