Solved USB Flash full of viruses! What do I do?

The Blessed One · Mar 22, 2010

Hello,

So my friends laptop is infested with viruses so I'm gonna do a clean Windows 7 install to freshen it up.

But he had some important stuff on it which he transferred to a USB flash drive. I know that USB is gonna be infested with viruses now. So how do I delete the viruses on the USB drive without them transferring to the clean Windows 7 copy?

Thanks.

Creer · Mar 22, 2010

The Blessed One said:
Hello,

So my friends laptop is infested with viruses so I'm gonna do a clean Windows 7 install to freshen it up.

But he had some important stuff on it which he transferred to a USB flash drive. I know that USB is gonna be infested with viruses now. So how do I delete the viruses on the USB drive without them transferring to the clean Windows 7 copy?

Thanks.

Hi,

you have few possibilities:

1. Use virtual machine for that, ie. install free VirtualBox (Sun) VirtualBox
2. Use special Shadow mode (software like Returnil or Shadow Defender) - with restart all changes are gone.
3. Use DefenseWall with USB drive run as Untrusted box checked in Options of this program. It will isolate your USB drives from rest of your system.
4. Do image backup and move it on another partition/drive, then put in infected USB drive and clean it by AV/AS/AM etc... after that your OS will be probably infected so do restore from image backup which have you done earlier, before putting in infected USB drive.
5. Use software Panda USB Vaccine: Panda USB Vaccine - Free software downloads and software reviews - CNET Download.com

Victek · Mar 22, 2010

Creer said:
5. Use software Panda USB Vaccine: Panda USB Vaccine - Free software downloads and software reviews - CNET Download.com

.
Lots of good suggestions. Regarding Panda USB Vaccine (@ the OP) make sure it's installed first, vaccinate the computer and set it to auto-vaccinate USB flashdrives.

Corrine · Mar 22, 2010

Hi, The Blessed One. You could have your friend use USBNoRisk. It was created and maintained by a well known member of the security community. The instructions follow:

-- Download USBNoRisk to your Desktop and run it by double-clicking the program's icon.
-- Wait a couple of seconds for initial scan to be done.
-- Connect all of the USB storage devices to the PC, one at a time, and keep each one connected at least for 10 seconds

Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC, e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras, memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.

D3ftOn3Z · Mar 22, 2010

+1 On Panda UsbVaccine.

It's a good tool.

whs · Mar 22, 2010

and keep each one connected at least for 10 seconds

Corrine, What is it doing in these 10 seconds. It could not be a fulll scan - or?

Corrine · Mar 22, 2010

It will scan for and block any autorun's.

whs · Mar 22, 2010

Corrine said:
It will scan for and block any autorun's.

Thanks Corrine, that's good to know. I will suggest it to the equipment director in our computer club because we get most of the infections from people bringing in sticks or SD cards.

RaviR · Mar 23, 2010

What about USB Disk Security? Is it any good?

alwinwinjoe · Mar 23, 2010

RaviR said:
What about USB Disk Security? Is it any good?

Now that's overpriced security software. Panda USB Vaccine is much better and its free...

Little Darwin · Mar 23, 2010

Isn't it possible to disable autorun, or did this disappear with Windows 7?

If it is still there, don't you just disable it, and scan with whatever scanner you have?

Surely there must be a setting somewhere to ensure that a USB can't be plugged in by a sociopath and automatically infect a library system.

EnemyWithin · Mar 23, 2010

I came across a tool "USB Vaccin" which not only stops the autorun and the spreading of the infection, but also prevents your thumb drive from getting some very common infections while using it at work or on a friend's computer: It creates a set of hidden, read-only folders with the following name scheme : malware_name.extension.
Among the created folders :
Autorun.exe
Adobe.exe
Adober.exe
svchost.exe ....

To distinguish these legitimate folders from actual malwares; hover the mouse and a the description popup will show you that they all contain the same text file (a description file).

Scanning a vaccin-ed drive will report as clean, the software itself (USB Vaccin) is being detected (falsely) as some sort of trojan dropper.

If the moderators agree, I'll post it here as a zip archive

Source : Infections par supports amovibles - Forums Zebulon.fr (French forum, use google translate)

Product FRED · Mar 23, 2010

Just use Sandboxie to isolate it and keep it from spreading and +1 for Panda.

whs · Mar 23, 2010

Little Darwin said:
Isn't it possible to disable autorun, or did this disappear with Windows 7?

If it is still there, don't you just disable it, and scan with whatever scanner you have?

Surely there must be a setting somewhere to ensure that a USB can't be plugged in by a sociopath and automatically infect a library system.

Sure, you can disable autoplay in Control Panel\Hardware and Sound\AutoPlay

Victek · Mar 23, 2010

whs said:
Little Darwin said:

Isn't it possible to disable autorun, or did this disappear with Windows 7?

If it is still there, don't you just disable it, and scan with whatever scanner you have?

Surely there must be a setting somewhere to ensure that a USB can't be plugged in by a sociopath and automatically infect a library system.

Click to expand...

Sure, you can disable autoplay in Control Panel\Hardware and Sound\AutoPlay

.
I've read that Auto-Play and Auto-Run are not exactly the same thing. Are you sure that disabling Auto-Play in the Control Panel prevents the autorun.inf file on a USB drive from running?

Product FRED · Mar 23, 2010

Until the introduction of Windows XP, the terms AutoRun and AutoPlay were used interchangeably, developers often using the former term and end users the latter. This tendency is reflected in Windows Policy settings named AutoPlay that change Windows Registry entries named AutoRun, and in the autorun.inf file which causes "AutoPlay" to be added to drives’ context menus. The terminology was of little importance until the arrival of Windows XP and its addition of a new feature to assist users in selecting appropriate actions when new media and devices were detected. This new feature was called AutoPlay and a differentiation between the two terms was created.[1]

AutoPlay is a feature introduced in Windows XP which examines removable media and devices and, based on content such as pictures, music or video files, launches an appropriate application to play or display the content.[1] If available, settings in an autorun.inf file can add to the options presented to the user.

Just use the Panda USB Anti-Virus tool and it'll do everything for you.

The Blessed One · Mar 23, 2010

Thanks for the Panda USB Vaccine, it worked great. I had heard of this software but didn't realise it could be so useful!

I was a bit worried at first though as the vaccine disabled autorun, but when I connected the USB flash, the 'AutoPlay' pop-up appeared asking me what to do. This must be different to the 'AutoRun'? Anyway I used Avast 5 free to scan the flash and indeed there two worms in there! The threat level was classed as 'High'. Avast just wiped them out with ease as usual. This new version 5 is a great antivirus!

whs · Mar 23, 2010

The Blessed One said:
Thanks for the Panda USB Vaccine, it worked great. I had heard of this software but didn't realise it could be so useful!

I was a bit worried at first though as the vaccine disabled autorun, but when I connected the USB flash, the 'AutoPlay' pop-up appeared asking me what to do. This must be different to the 'AutoRun'? Anyway I used Avast 5 free to scan the flash and indeed there two worms in there! The threat level was classed as 'High'. Avast just wiped them out with ease as usual. This new version 5 is a great antivirus!

May I suggest that you scan this stick with some more scanners. As good as Avast may be, it could have missed some. Superantispyware and Malwarebytes come to mind. And if you want to be really thorough, send the files here: VirusTotal - Free Online Virus and Malware Scan

Solved USB Flash full of viruses! What do I do?

The Blessed One

Guest

IT SecurityEnthusiast

My Computer My Computer

At a glance

New member

Attachments

My Computer My Computer

At a glance

Account closed

My Computer My Computer

At a glance

As requested

My Computer My Computer

At a glance

New member

My Computer My Computer

At a glance

Account closed

My Computer My Computer

At a glance

New member

My Computer My Computer

At a glance

New member

My Computer My Computer

At a glance

New member

My Computer My Computer

At a glance

New member

My Computer My Computer

At a glance

New member

My Computer My Computer

At a glance

Send Viruses to 127.0.0.1

My Computer My Computer

At a glance

New member

My Computer My Computer

At a glance

New member

My Computer My Computer

At a glance

Send Viruses to 127.0.0.1

My Computer My Computer

At a glance

The Blessed One

Guest

New member

My Computer My Computer

At a glance

Similar threads

My Computer

My Computer

My Computer

My Computer

My Computer

My Computer

My Computer

My Computer

My Computer

My Computer

My Computer

My Computer

My Computer

My Computer

My Computer

My Computer