I found this thread when I was researching this virus and wanted to add my experience with it. I have a Media class with HDD camcorders and video editing computers. We picked this up from someone's (a high school student) USB stick, IPod or wherever. We were on the internet briefly, but my editing computers don't have virus protection (long story) but I think it came from a stick drive or someone's personal HDD camcorder. We have seen little damage but weird stuff is starting to happen more than a month after the infection. Today a student couldn't find their still pictures in the designated DCIM file. I can clean the camcorders off with my office school computer, but when they go back to the editing computers they reinfect each other. So today I cleaned off the camcorder and was able to retrieve the still pictures onto another drive, but you still can't see the pictures on the camcorder itself. The virus moves/deletes/hides the containing folder but seems to retain the images but doesn't seem to bother the video (maybe that is next). We didn't know if we were even going to bother removing it but now that it has started hiding files we are going to try to kill it. An interesting part of the problem is that it infects media devices but not our big portable hard drives. All of our 500 GB and terabyte drives don't get the virus.
Another very interesting issue is that you can actually see the virus on the camcorders. It appears either as secret.exe or the other one and with companion files, either autorun.inf or an AV_Info folder. I truly hate this virus! I will update this post when we get it cleaned to see what it has damaged. So far the computers are fine because they aren't on the internet. I think this virus is just waiting to be spread so without resources it hasn't slowed us down or hurt our video projects.
Message was edited by: MediaProduction on 2/24/10 4:28:17 PM CST