Flash drive infections usually involve malware that loads an autorun.inf
file into the root folder of all drives (internal, external, removable). When the removable media is inserted, autorun looks for autorun.inf and automatically executes another malicious file to run on your computer. When a flash drive becomes infected, the Trojan will infect a system when the removable media is inserted if autorun has not been disabled.
Please insert your flash drive before we begin!
by sUBs and save it to your desktop.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that is plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.
- Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
- The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
- Wait until it has finished scanning and then exit the program.
- Reboot your computer when done.
When done remove any Startup RUN value by downloading and using Autoruns
When an anti-virus quarantines a file by moving it into a virus vault (chest), that file is essentially disabled and prevented from causing any harm to your system. The quarantined file is safely held there and no longer a threat
until you take action to delete it. One reason for doing this is to prevent deletion of a crucial file that may have been flagged as a "false positive
". If that is the case, then you can restore the file and add it to the exclusion or ignore list. Doing this also allows you to view and investigate the files while keeping them from harming your computer. Quarantine is just an added safety measure
. When the quarantined file is known to be bad
, you can delete
it at any time.
"Understanding AVG7 Free Virus Vault
"AVG FAQ #647: I have some files in the AVG Virus Vault. What next?
Keeping Autorun enabled on USB and other removable drives has become a significant security risk
due to the increasing number of malware variants that can infect them and transfer the infection to your computer. Read Danger USB! Worm targets removable memory sticks
I recommend disabling the Autorun feature on USB and removable drives
(especially an external drive used for backup
) as a method of prevention.
The easiest way to disable Autorun on a specific drive is to download and use Tweak UI PowerToy
- After installation, launch Tweak UI, double-click on My Computer in the tree menu on the left, then click on AutoPlay > Drives. This will allow you to change the system settings for AutoPlay/autorun.
- Uncheck the drives you want to disable AutoPlay on and click on Apply.
- Next, click on the Types in the left tree. This allows you to control whether Autoplay is enabled for CD and DVD drives and removable drives. You may need to restart Tweak UI if it closes after step 2.
- Uncheck the box to disable Autoplay for a particular type of drive.
- Click Apply.
See "Disable Autorun/AutoPlay
" for instructions with screenshots.When Autorun is disabled, double-clicking a drive which has autorun.inf in its root directory may still activate Autorun so be careful.
Another prevention measure you can use is Symantec's NoScript
utility. Scroll down to the section "How to disable (or re-enable) the Windows Scripting Host" to find the link and follow the instructions
. Noscript will disable the Windows Scripting Host and prevent VBScripts from running on your machine until you run the utility again. Firefox also has a free NoScript Add-on
for its browser.