I run my laptop on Ubuntu. Here in the college library, I use my pen drive to store things I download on their comp (Win XP). Must have picked up a virus.
jwgkvsq.vmx
I'm not very worried, as I presume it can't touch Linux.
The virus checker on this machine tells me every time I plug the pen drive in, that it has a virus. When I go home, I plug it into my computer and delete the whole directory recycled, put there by the virus checker.

But when I come back the library comp tells me I have it again on the pen drive.

I delete it as root, and presume it is gone. How does it survive? Can there be more copies of it on the pen drive, somehow unseen? I generally have show hidden files ticked, so I know what is on my comp.
The fact that I'm in China, and the anti virus is in Chinese is not very helpful---- I can't read what it says!

Any suggs?

You can try taking a backup of the useful data from the pen drive, format the pen drive and restore the data from the backup., though running a good antivirus would have been a better option.

Heuristic Piece Wise. It's infected with subsequent code other inert files. A triggering event re-assembles.

And to get rid of it?

Re-format?
Do you know this particular beast? What does it do apart from get on my nerves?

Pen drive uses FAT so the virus could have marked itself as a system file, in which case no (Windows-based) AV software will be able to remove it (as the OS will prevent the delete operation). Use the attrib command to remove any attributes, or just (re)format the thing if there's no data that needs to be salvaged.

Now that I think about it, you can boot off a pen drive too, so you should really repartition before reformatting, just in case the MBR has also been corrupted.

I once encountered a boot sector virus that encrypted the FAT table itself. Remove the virus and the whole disk became unreadable. Leave it there and your system ran really slowly but it ran, as did the botnet software, anywho...

Oh well, going down for a re-partition then. Little bastard thingy. Does it actually do anything then?

According to this page this file is probably connected to the Conficker (Kido, Downadup) worm. In essence, your stick may be able to infect Windows systems with that malware, which is currently the most successful and dangerous piece of malware extant. You should really delete all partitions on that stick and then rebuild it.

Robin

You might also want to inform the library that their computers are infected. It probably is no surprise to them, but they really should do something about it. Like not run Windows, but they probably wouldn't like that suggestion.

You should use dd to zero the drive then format it again.

!0 million to one, it will be reinfected at the library. But if I format it ext3 or so, Win XP in the library won't read it!

Didn't get that bit about dd, can you elaborate?

According to McAfee, it is the downadup (conficr) worm.
http://threatinfo.trendmicro.com/vin...M_AUTORUN.CHN;

I don't like what you said about the chinese language removal tool. Did you fall for scare-ware which may itself contain malware? Linux isn't immune from people who run trojan'ed download installers. Rely on your package manager and only use vetted code.

If you have an older pendrive, reformat it using a live distro, and insert it in the computer in the library. If it gets the malware on it, then it is the library computer that is the cause.

I do have chkrootkit.
I have set it in motion several times. It finds nothing.
What was that with dd? Do you know?

Live disk is good: I have Knoppix 6. Just it talks so much, and I'm not blind!

where 'of=' points to the USB drive. Be careful not to zero your HDD, it's very easy to put in sda instead of sdb and the like. This is a dangerous command, so be careful.

Then you can use fdisk or cfdisk to re-partition the USB drive. As for the library, I usually upload to gmail from the library, no need for the primitive USB stick method.

Thanks, I'll kill the beast now!