0
vbs malware movemenoreg.vbs probably ruined our presentation clickers (lemmy.dbzer0.com)
submitted 1 week ago* (last edited 1 week ago) by altkey@lemmy.dbzer0.com to c/techsupport@lemmy.world
1 comments fedilink hide all child comments

One of our Win PCs got infected with that thing. It creates a VB script in appdata, and when it runs, every USB drive you put in it gets everything on it hidden - but a new shortcut with a name of a drive, that actually points at a script leading to a new infection. Updated Win just blocks it, but this one PC was on 1709, nuff said.

Itsohappens we had a thing to present via this PC, and quick, and at that time no one told me about the virus. We tried 4 different clickers one by one (2 A4 Tech, one generic, one Logi) and first three of them stopped working after that. They are all with fresh batteries, their BT adapters weren't recognized as USB drives I assume. What could go wrong?

I don't believe this VB script could by any chance move critical information on BT adapters like it did with USB drives, right? Even if there's a little flash drive with software, it should be set as RO by default. But I don't see any other explanation to that.

I don't have access to any of these three at the time, but I'm curious where should I begin to inspect this problem? How can I, probably, see the 'contents' of such an adapter, see coming inputs and outputs, maybe watch it initiating a searching routine, etc? I also have a couple of universal BT adapters that I bought for my gamepads, is there any use for them here, or are these toys strongly paired device-to-adapter?

Now, thinking about it, I am not sure if I tried them on my Arch (btw!) so, somehow, maybe it's only reproduceable under Win (with Logi clicker and Logitech bluetooth m+kb still working on that infected machine?)? Again, would like to hear, if there's something I can look for.

Bonus points for advices I can try on Linux, since Lemmy landed me there, and if I'd ever need to look deep into various devices again, better to learn it on a system that I'd use in the future, so I won't need to relearn it.

top 1 comments
sorted by: hot top controversial new old
[-] dustyData@lemmy.world 1 points 1 week ago

That virus has been around since the 90s. Windows actually took a long time to block it. I have seen it in the wild for decades, with different iterations. Linux is indeed immune as it is a visual basic script which doesn't run without permission on Linux. The USBs also have an autorun, but Linux won't do anything with it.

You can actually check this on Linux, the VB script can be easily open on a text editor and its coding read plainly. The dongles are usually pretty generic if they're BT, and paired to a single device if they're 2.4Ghz WiFi. They should have flash memory, but how vulnerable they are to this type of malware is unknown to me. I do remember having read code that switched the read-only flag of USB filesystems. But I haven't done IT in almost a decade, I'm probably out of date with the technicals. I do remember that antivirus couldn't even detect this particular attack until late in the 2010s, and automated pendrive fixes were made mostly by the underground and Foss scene.

this post was submitted on 05 May 2025
0 points (NaN% liked)

techsupport

2630 readers
1 users here now

The Lemmy community will help you with your tech problems and questions about anything here. Do not be shy, we will try to help you.

If something works or if you find a solution to your problem let us know it will be greatly apreciated.

Rules: instance rules + stay on topic

Partnered communities:

You Should Know

Reddit

Software gore

Recommendations

founded 2 years ago
MODERATORS
GatoB@lemmy.world