Infected USB drive (.Spotlight-V100 ?)
Sayanel
-
er -
er -
Hello,
A friend gave me his USB drive, saying it was infected and crashed his PC.
I scanned the drive with Avast, and it said "no threats detected".....
It contains 1 file and 2 hidden folders:
._.Trashes
.fseventsd
-0000000000f9786e
-fseventsd-uuid
.Spotlight-V100
-Store-V1
->VolumeConfig.plist
->Stores
-->A21D1AA4-A7E8-464D-A1AF-9F68DA8A460C
--->.store.db
--->0.indexArrays
--->0.indexCompactDirectory
--->0.indexDirectory
--->0.indexGroups
--->0.indexHead
--->0.indexIds
--->0.indexPositions
--->0.indexPostings
--->0.shadowIndexGroups
--->0.shadowIndexHead
--->indexState
--->journalAttr.7
--->journalExclusion
--->journalLive
--->journalSync
--->live.0.indexArrays
--->live.0.indexCompactDirectory
--->live.0.indexDirectory
--->live.0.indexGroups
--->live.0.indexHead
--->live.0.indexIds
--->live.0.indexIds
--->live.0.indexPositions
--->live.0.indexPositionTable
--->live.0.indexPostings
--->live.0.indexTermIds
--->live.0.indexUpdates
--->live.0.shadowIndexArrays
--->live.0.shadowIndexArrays
--->live.0.shadowIndexCompactDirectory
--->live.0.shadowIndexDirectory
--->live.0.shadowIndexGroups
--->live.0.shadowIndexHead
--->live.0.shadowIndexPositionTable
--->live.0.shadowIndexTermIds
--->permStore
--->psid.db
--->shutdown_time
--->store.db
--->store.updates
--->tmp.SnowLeopard
The imitation of the Windows tree structure is average, but I think it's readable
No .exe in all that, and there was no auto-execution when I plugged in the drive, so I don't think these are programs that were originally on the drive...
Could someone enlighten me about their function?
Configuration: Windows 7 / Google Chrome
A friend gave me his USB drive, saying it was infected and crashed his PC.
I scanned the drive with Avast, and it said "no threats detected".....
It contains 1 file and 2 hidden folders:
._.Trashes
.fseventsd
-0000000000f9786e
-fseventsd-uuid
.Spotlight-V100
-Store-V1
->VolumeConfig.plist
->Stores
-->A21D1AA4-A7E8-464D-A1AF-9F68DA8A460C
--->.store.db
--->0.indexArrays
--->0.indexCompactDirectory
--->0.indexDirectory
--->0.indexGroups
--->0.indexHead
--->0.indexIds
--->0.indexPositions
--->0.indexPostings
--->0.shadowIndexGroups
--->0.shadowIndexHead
--->indexState
--->journalAttr.7
--->journalExclusion
--->journalLive
--->journalSync
--->live.0.indexArrays
--->live.0.indexCompactDirectory
--->live.0.indexDirectory
--->live.0.indexGroups
--->live.0.indexHead
--->live.0.indexIds
--->live.0.indexIds
--->live.0.indexPositions
--->live.0.indexPositionTable
--->live.0.indexPostings
--->live.0.indexTermIds
--->live.0.indexUpdates
--->live.0.shadowIndexArrays
--->live.0.shadowIndexArrays
--->live.0.shadowIndexCompactDirectory
--->live.0.shadowIndexDirectory
--->live.0.shadowIndexGroups
--->live.0.shadowIndexHead
--->live.0.shadowIndexPositionTable
--->live.0.shadowIndexTermIds
--->permStore
--->psid.db
--->shutdown_time
--->store.db
--->store.updates
--->tmp.SnowLeopard
The imitation of the Windows tree structure is average, but I think it's readable
No .exe in all that, and there was no auto-execution when I plugged in the drive, so I don't think these are programs that were originally on the drive...
Could someone enlighten me about their function?
Configuration: Windows 7 / Google Chrome