One of our Win PCs got infected with that thing. It creates a VB script in appdata, and when it runs, every USB drive you put in it gets everything on it hidden - but a new shortcut with a name of a drive, that actually points at a script leading to a new infection. Updated Win just blocks it, but this one PC was on 1709, nuff said.

Itsohappens we had a thing to present via this PC, and quick, and at that time no one told me about the virus. We tried 4 different clickers one by one (2 A4 Tech, one generic, one Logi) and first three of them stopped working after that. They are all with fresh batteries, their BT adapters weren’t recognized as USB drives I assume. What could go wrong?

I don’t believe this VB script could by any chance move critical information on BT adapters like it did with USB drives, right? Even if there’s a little flash drive with software, it should be set as RO by default. But I don’t see any other explanation to that.

I don’t have access to any of these three at the time, but I’m curious where should I begin to inspect this problem? How can I, probably, see the ‘contents’ of such an adapter, see coming inputs and outputs, maybe watch it initiating a searching routine, etc? I also have a couple of universal BT adapters that I bought for my gamepads, is there any use for them here, or are these toys strongly paired device-to-adapter?

Now, thinking about it, I am not sure if I tried them on my Arch (btw!) so, somehow, maybe it’s only reproduceable under Win (with Logi clicker and Logitech bluetooth m+kb still working on that infected machine?)? Again, would like to hear, if there’s something I can look for.

Bonus points for advices I can try on Linux, since Lemmy landed me there, and if I’d ever need to look deep into various devices again, better to learn it on a system that I’d use in the future, so I won’t need to relearn it.