WNEC
@wnec.edu
| Infected flash drive question
When using my flash drive at a public computer at my college, I noticed that an autorun and svchost.exe file were dropped in its root directory.
It was very clear that the computer was infected, so I went to another computer, opened my flash drive (using right-click, Explore) and then deleted the files.
I also plan to scan/backup any files on the flash drive and then perform a "quick format."
Is this sufficient to ensure that the drive can be used safely in the future? |
|
Le Boule
join:2001-09-20
Selma, AL | »www.myantispyware.com/2009/01/08···al-tool/ |
|
TheJoker
Premium,VIP,MVM
join:2001-04-26
Alexandria, VA
| reply to WNEC
As soon as you inserted the flash drive into the other computer to delete the files, if autorun was enabled you may have infected it (if their antivirus didn't detect it). I would read this on flash drive safety:
»www.spywareinfoforum.com/index.p···c=125953
--
Proud ASAP member since 2005
Microsoft MVP/Windows Security 2009 |
|
Indy Sabre
Sabre Rider From Indianapolis
join:2003-10-02 | reply to WNEC
I run panda's usbvaccine on each usb drive to be used outside of my trusted computers.
I saw it recommended here a few months ago. |
|
Shriyash
Sungazer
Premium
join:2005-02-23
PuNe, InDiA
| reply to WNEC
Yeah, like TheJoker  said, you may have infected the other computer with the same virus the moment you inserted the flash drive in it.
I would suggest read these threads, they contain a lot of information on how to secure your flash drives and your computer from viruses which use autorun.inf to spread.
»Disabling 'Autorun' on USB and beyond. Need help.
»Which AV best for Real-time protection against USB drives?
»infected USB memory stick
»Removable media could easily distribute a virus |
|
HA Nut
Premium
join:2004-05-13
USA
| reply to WNEC
said by WNEC :
When using my flash drive at a public computer at my college, I noticed that an autorun and svchost.exe file were dropped in its root directory.
It was very clear that the computer was infected, so I went to another computer, opened my flash drive (using right-click, Explore) and then deleted the files. Good catch! 
Yeah, as long as the PC you're scanning/checking it from is clean, you should be fine.
Rootkits are the issue at hand as they can be hidden from Windows itself. If a flash drive is not allowed to auto run something that creates a rootkit (and as I noted, the PC is clean), then anything on the flash drive should be visible.
The best means to alleviate this in the future would be to place an uneraseable autorun.inf file or folder at the root level of the drive. This will prevent anything else dumped onto the drive (like a rogue exe file) from auto running on any PC.
IMO, the best, simplest way to do this is what Indy Sabre mentioned, Panda's USB Vaccine »research.pandasecurity.com/archi···1.4.aspx |
|
WALL_E
Premium
join:2003-05-28
USA
| reply to TheJoker
said by TheJoker :As soon as you inserted the flash drive into the other computer to delete the files, if autorun was enabled you may have infected it (if their antivirus didn't detect it). I would read this on flash drive safety: » www.spywareinfoforum.com/index.p···c=125953 On some of my systems, I notice that when I connect a flash drive, Windows XP prompts me for an action to perform. For example, 'use Windows Explorer to open the folder', or 'perform no action.' There is also an option to launch the autorun.inf file.
If one does not use this window to launch the autorun.inf, is that not as safe as having autorun disabled altogether?
--
Ditch Adobe's bloated, security-hole ridden Reader and switch to an alternative - I recommend Foxit. |
|
HA Nut
Premium
join:2004-05-13
USA
| No, apparently it's possible to infect XP without direct user interaction.
The Panda tool mentioned helps because it gives a couple options. First, a flash drive can be "immunized" (by creating a protected autorun.inf file on the flash drive) from auto running anything and second, Panda's tool gives the option to a user to help protect their PCs from never-before-seen USB flash drives ("non-immunized") by blocking the autorun from ever running (even via an indirect method.) |
|
