Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Flash Disinfector


  • Please log in to reply
11 replies to this topic

#1 scff249

scff249

    Indecisive Lurker


  • Members
  • 1,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:04:09 AM

Posted 03 February 2009 - 01:34 AM

I've been doing the best I can to remember to put all of my USB based storage devices to be immunized with Flash Disinfector. However, I'm not sure how to tell if it worked or not. Is there a way to know if it worked?

Reason why I ask is because my class is going to be using an external harddrive to pass around a file for our project (well....I'm also trying to make sure it's there on my flash drives and other things as well). Ever since our little flash infection outbreak a year ago, I'm a bit worried about cross infection this time, especially since flash infections are on the rise (and the fact that I'm not sure how trustworthy some computers are). I know it creates a dummy folder or something somewhere, but I'm not exactly sure where that is.....

If an OS is needed for easier times, we're all using Windows XP with basically the same model laptops (except for maybe a few internal hardware as well as an obvious difference in software).

"Ototo'i wa usagi o mita no...Kino wa shika...Kyo wa anata." -Kotomi Ichinose (Clannad) [see below for translation]
"Day before yesterday I saw a rabbit, and yesterday a deer, and today, you." -The Dandelion Girl
"You are not alone, and you are not strange. You are you, and everyone has damage. Be the better person." -Katawa Shoujo


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:09 AM

Posted 04 February 2009 - 11:39 AM

Flash_Disinfector will create a hidden "dummy" autorun folder/file with special permissions in each partition and every external drive that was connected when the tool was run. If the folder is hidden Reconfigure Windows XP to show hidden files, folders.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 scff249

scff249

    Indecisive Lurker

  • Topic Starter

  • Members
  • 1,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:04:09 AM

Posted 04 February 2009 - 12:24 PM

Ah, okay. Now I see it there (and now I can be assured that it's there).

Thanks for the help.

"Ototo'i wa usagi o mita no...Kino wa shika...Kyo wa anata." -Kotomi Ichinose (Clannad) [see below for translation]
"Day before yesterday I saw a rabbit, and yesterday a deer, and today, you." -The Dandelion Girl
"You are not alone, and you are not strange. You are you, and everyone has damage. Be the better person." -Katawa Shoujo


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:09 AM

Posted 04 February 2009 - 12:32 PM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 scff249

scff249

    Indecisive Lurker

  • Topic Starter

  • Members
  • 1,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:04:09 AM

Posted 25 February 2009 - 12:33 AM

Hate to bring this topic back up as it still involves something with Flash Disinfector (separate this if you feel it should be its own topic).

I tried to put Flash Disinfector onto my buddy's computer somewhere around last week and I couldn't seem to get it onto his laptop. We can't get it through the link since our school blocks that particular downloading sector (or whatever it is), so I have to do this via flash drive. Everytime we plug it in, it always seems to get deleted off of the flash drive. As soon as he opens the drive for it (after helping him disable Autoplay), it disappears off of the flash drive (I know it's gone because when I put it back into my computer, it's gone from there as well). I'm pretty much sure the flash drive is infection free since it was put through the Flash Disinfector process, so I can eliminate that. Of course, I haven't tested to see if the other's computers will react the same way, so I'm not completely sure on what to make of it.

Is it possible that it could be something on his computer, or does Flash Disinfector tend to delete itself when being transferred over?

"Ototo'i wa usagi o mita no...Kino wa shika...Kyo wa anata." -Kotomi Ichinose (Clannad) [see below for translation]
"Day before yesterday I saw a rabbit, and yesterday a deer, and today, you." -The Dandelion Girl
"You are not alone, and you are not strange. You are you, and everyone has damage. Be the better person." -Katawa Shoujo


#6 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:04:09 AM

Posted 25 February 2009 - 07:23 AM

Its probably something on his computer. As you can see by these VirusTotal results a number of anti-virus programs flag Flash Disinfector as a baddie.

How To Use The Tool

*Please remember to disable any AV / ScriptBlockers as they might detect Flash Disinfector to be malicious and block it. Hence, the failure in executing. You can enable them back after the cleaning process*


When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:09 AM

Posted 25 February 2009 - 10:04 AM

We can't get it through the link since our school blocks that particular downloading sector

If this is a school computer, the IT Department may have policies/restrictions in place that prohibit programs placed on their equipment. In most school environments, the IT staff implement specific policies and procedures for the use of computer equipment and related resources. If its not a school computer, they still may have restrictions on equipment used on their network. If your school has an IT Team, then you need to go through them.

Good intentions are not a valid reason for bypassing the blocks placed on your laptop. Think of it this way. By allowing downloads, you can expose your work, and the school network to a host of malware - viruses, trojans, spyware, dialers, etc... Your school's IT department is required to maintain that laptop and insure that it operates the way it is suppose to. They also have an obligation to filter sites. If you, or your fellow students visit inappropriate sites, or download illegal software, that reflects very negatively back on the school. They have a moral duty to protect you, their equipment, and their legal rear ends too. We live in extremely litigious times and this is not a cost that can be borne lightly.

The Bottom line.
  • It is unethical to bypass their security.
  • It is their laptop.
Per the BC Discussion/Message Boards Rules, discussing methods of bypassing security measures is prohibited. Specifically this rule:

No subject matter will be allowed whose purpose is to defeat existing copyright or security measures. If a user persists and/or the activity is obviously illegal the staff reserves the right to remove such content and/or ban the user. This would also mean encouraging the use or continued use of pirated software is not permitted, and subject to the same consequences.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 scff249

scff249

    Indecisive Lurker

  • Topic Starter

  • Members
  • 1,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:04:09 AM

Posted 25 February 2009 - 11:05 AM

Actually, I never did intend to bypass the security (nor would I want to in the first place), and these laptops are actually ours since the school sells the laptops to us. I just noticed that it wouldn't download when I tried and figured that it was the college's internet security that was blocking it since it was the first time I tried to download Flash Disinfector from the school's internet (which also explains why I couldn't update SAS when I tried that time). If the school is blocking something that isn't school related, then it doesn't bother me and understand why they would.

If something doesn't make sense, I'll give more information if you'd like.

"Ototo'i wa usagi o mita no...Kino wa shika...Kyo wa anata." -Kotomi Ichinose (Clannad) [see below for translation]
"Day before yesterday I saw a rabbit, and yesterday a deer, and today, you." -The Dandelion Girl
"You are not alone, and you are not strange. You are you, and everyone has damage. Be the better person." -Katawa Shoujo


#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:09 AM

Posted 25 February 2009 - 11:17 AM

I didn't think you were attempting to bypass any security measures but I included the note about our rules so any further discussion would not go that route. As I said, even if the computers were sold to you by the school and are now personally owned, they still have restrictions when these machines are used on school property.

For personal computers, the proper course would be to download the file you need directly to your pc while at home. However, if you use it at school, the school's security measures may delete it when hooked back up to their network.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 scff249

scff249

    Indecisive Lurker

  • Topic Starter

  • Members
  • 1,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:04:09 AM

Posted 25 February 2009 - 12:15 PM

No, I understand that you have to give the warning and such. Board rules and security reasons. I'd just rather clear things up before anything would escalate into some misunderstanding.

For personal computers, the proper course would be to download the file you need directly to your pc while at home. However, if you use it at school, the school's security measures may delete it when hooked back up to their network.


The strange part of that is that it theoretically should be deleting it off of my computer as well, which is the part I don't quite understand as I have the .exe on here right now, assuming that's the case (let alone that it's just transferring over without starting it). I've only tried to transfer this onto one computer, so I'll have to try it on others to see if they have a similar effect. If it does delete, then I'll assume that the network is doing that. If it doesn't, then it's something isolated to his computer.

"Ototo'i wa usagi o mita no...Kino wa shika...Kyo wa anata." -Kotomi Ichinose (Clannad) [see below for translation]
"Day before yesterday I saw a rabbit, and yesterday a deer, and today, you." -The Dandelion Girl
"You are not alone, and you are not strange. You are you, and everyone has damage. Be the better person." -Katawa Shoujo


#11 kaizentheonerous

kaizentheonerous

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 07 March 2009 - 08:39 PM

Hey, I tried Flash Disinfector on my PC and after a few minutes an error message would indicate "the "The system cannot find the drive specified" then after closing it (including the notepad behind it), the PC would message "Windows cannot find Nircmd."

How do you solve this problem? I am afraid that it may wipe out all of my data.

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:09 AM

Posted 08 March 2009 - 12:01 AM

Certain embedded files that are part of legitimate programs or specialized fix tools such as FlashDisinfector may at times be detected by some anti-virus and anti-malware scanners as a "Risk Tool", "Hacking Tool", "Potentially Unwanted Program", or even "Malware" (virus/trojan) when that is not the case. This occurs for a variety of reasons to include the tool's compiler, the files it uses, registry fixes and malware strings it contains.

Common detections include NirCmd which is a command-line utility that allows writing to and deletion of values and keys in the registry.

Such programs have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. When flagged by an anti-virus or security scanner, it's because the program includes some features or additional files that can potentially be used for malicious purposes. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them. In these cases the detection is a "False Positive". Either have your anti-virus ignore this threat alert or temporarily disable it until you run the tool.

Edited by quietman7, 08 March 2009 - 12:02 AM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users