 Pen Drive - Infected? |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
When posting your problem, do not run and post a ComboFix logs. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.
To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.
  |
 Apr 16 2008, 07:27 AM
Post
#1
|
|
|
Member  Group: Members Posts: 19 Joined: 16-April 08 Member No.: 203,361  |
I have been doing some work on my sister's computer and she has been badly infected. She has found a worm and it looks as is there is a problem with scvhost. We have been cleaning the computer and using various tools, etc. Problem is we ran a backup to CD just when the problems started and I have also used my usb pen drive on her computer. 1) Will the backup be infected? How do we reload the files in the event of a complete crash without reloading the virus? 2) How do I find out if my pen drive is ok? I have tried various scan options and most of the antivirus software and the online scanner for scvhost don't allow for scanning of usb devises. I also understand that this particular trojan doesn't show up on most virus scans. I really don't want to lose the files on my pen drive and I don't want to infect any other computer. So is it possible that it has written itself into my files? How do I find out? Hope you can help |
 |
 
|
|
Apr 16 2008, 08:22 AM
Post
#2
|
|
 Bleepin' Janitor Group: Global Moderator Posts: 12,511 Joined: 9-July 05 From: Virginia, USA Member No.: 26,513 |
Flash drive infections usually involve malware that loads an autorun.inf file into the root folder of all drives (internal, external, removable). When the removable media is inserted, autorun looks for autorun.inf and automatically executes another malicious file to run on your computer. When a flash drive becomes infected, the Trojan will infect a system when the removable media is inserted if autorun has not been disabled.
Please insert your flash drive. Hold down the Shift key when inserting the drive until Windows detects it to bypass the autorun feature and keep autorun.inf from executing automatically. Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. Read Danger USB! Worm targets removable memory sticks. You can hold down the Shift key when inserting the drive into your computer until Windows detects it to keep autorun.inf from executing automatically. However, I recommend disabling the Autorun feature feature on USB and removable drives as a method of prevention. This should keep the malicious file from automatically running upon insertion and infecting your system while allowing you to safely perform a scan. The easiest way to disable Autorun on a specific drive is to download and use Tweak UI PowerToy.
When Autorun is disabled, double-clicking a drive which has autorun.inf in its root directory may still activate Autorun so be careful. Always scan USB Flash Drives after they have been used in other computer systems, even your own. An easy way to do this is to download "ClamWin Portable", install it on your USB Flash Drive, update its definition files and perform a scan. Also scan the files you backed up to CD. -------------------- "THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?"
Microsoft MVP - Windows Security 2007-2008  |
|
|
|
|
Apr 22 2008, 01:51 PM
Post
#3
|
|
|
Member Group: Members Posts: 19 Joined: 16-April 08 Member No.: 203,361 |
Wow, thank you so much!! I will only be able to do this when I visit my friend as I don't have an internet connection, so it may be a few days, but I will follow all the steps above.
THANK YOU SO MUCH! |
|
|
|
|
Apr 22 2008, 01:59 PM
Post
#4
|
|
|
Bleepin' Janitor Group: Global Moderator Posts: 12,511 Joined: 9-July 05 From: Virginia, USA Member No.: 26,513 |
You're welcome and good luck.
Post back if you continue to have issues. -------------------- "THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?"
Microsoft MVP - Windows Security 2007-2008 |
|
|
|
|
Apr 23 2008, 10:33 AM
Post
#5
|
|
|
Member Group: Members Posts: 19 Joined: 16-April 08 Member No.: 203,361 |
One quick question. If I disable autorun on the CD/DVD drive, will it cause a problem if I need to boot from a CD at some point? I don't have a floppy drive.
|
|
|
|
|
Apr 23 2008, 11:09 AM
Post
#6
|
|
|
Bleepin' Janitor Group: Global Moderator Posts: 12,511 Joined: 9-July 05 From: Virginia, USA Member No.: 26,513 |
A bootable CD is different from an AutoRun CD. A bootable CD-Rom is a CD from which you can boot the computer by loading a boot image from the CD-Rom.
Bootable CD FAQs -------------------- "THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?"
Microsoft MVP - Windows Security 2007-2008 |
|
|
|
|
Apr 30 2008, 05:15 AM
Post
#7
|
|
|
Member Group: Members Posts: 19 Joined: 16-April 08 Member No.: 203,361 |
Hi there
Me again with another question. I would like to know what I should put on my computer to protect it. As I don't currently have an internet connection I just need to protect against stuff that could be hiding on my usb pen drives or CD/DVDs. I was looking at loading Avira Antivir. Should I also load a firewall (I am currently using the Vista one) and do I need anti-spyware? Not sure if I should load Comodo or something like that. Hope you can help! 
|
|
|
|
|
Apr 30 2008, 07:15 AM
Post
#8
|
|
|
Bleepin' Janitor Group: Global Moderator Posts: 12,511 Joined: 9-July 05 From: Virginia, USA Member No.: 26,513 |
To protect yourself against malware and reduce the potential for re-infection, read:
• "Simple and easy ways to keep your computer safe". • "How did I get infected?, With steps so it does not happen again!". • "Best Practices - Internet Safety for 2008". • "Hardening Windows Security - Part 1 & Part 2". • "IE Recommended Minimal Security Settings". As I already said, you can put "ClamWin Portable Antivirus", on your USB Flash Driveso its always available to perform a scan. Another prevention measure you can use is Symantec's NoScript utility. Scroll down to the section "How to disable (or re-enable) the Windows Scripting Host" to find the link and follow the instructions. Noscript will disable the Windows Scripting Host and prevent VBScripts from running on your machine until you run the utility again. Firefox also has a free NoScript Add-on for its browser. Yes having a firewall, is very important. • Understanding and Using Firewalls • What is a Firewall • How Firewalls Work If you choose to use a 3rd-party firewall, you need to disable the Windows firewall. Using two software firewalls on a single computer could cause issues with connectivity to the Internet or other unexpected behavior. Further, running multiple software firewalls can cause conflicts that are hard to identify and troubleshoot. Only one of the firewalls can receive the packets over the network and process them. Sometimes you may even have a conflict that causes neither firewall to protect your connection. However, you can use a hardware firewall (your router) and a software firewall (Kerio or ZoneAlarm) in conjunction. For more information see "The Differences and Features of Hardware & Software Firewalls" and "Choosing a Firewall: Hardware v. Software". Choosing a firewall is a matter of personal preference, your technical experience and what will work best for your system. A particular firewall that works well for one person may not work as well for another. You may need to experiment and find the one most suitable for your use. See BC's Freeware Replacements For Common Commercial Apps and List of Virus & Malware Resources. -------------------- "THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?"
Microsoft MVP - Windows Security 2007-2008 |
|
|
|
|
Apr 30 2008, 08:14 AM
Post
#9
|
|
|
Member Group: Members Posts: 19 Joined: 16-April 08 Member No.: 203,361 |
Thank you quietman7. Sorry to keep asking, I am struggling a bit to understand all the stuff. I did put ClamWin on my pen drive and want to load AntiVir.
I am still not sure if it will be ok to keep the Win firewall or if I should use Comodo instead. If I want to use Comodo, how do I disable the Win firewall. |
|
|
|
|
Apr 30 2008, 08:50 AM
Post
#10
|
|
|
Bleepin' Janitor Group: Global Moderator Posts: 12,511 Joined: 9-July 05 From: Virginia, USA Member No.: 26,513 |
Discontact your pen drive and load AntiVir as your primary anti-virus on your hard drive.
The Windows XP firewall protects against port scanning but has limitations and it is no replacement for a robust 3rd-party two-way personal firewall.
How to turn on or turn off the firewall in Windows XP -------------------- "THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?"
Microsoft MVP - Windows Security 2007-2008 |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 4th September 2008 - 11:31 PM |
© 2003-2008 All Rights Reserved Bleeping Computer LLC.