Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

autoplay concerns for usb drive


  • Please log in to reply
7 replies to this topic

#1 joe blow

joe blow

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 20 March 2009 - 04:36 AM

Hi.

I have autorun disabled to help to prevent the spread of malware through USB flash drives. But I have heard that if you copy something from an infected USB drive to your computer, then having autoplay disabled makes no difference and the infection can still spread. Is this true? It would seem to make disableing autoplay pointless.

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,257 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:44 AM

Posted 20 March 2009 - 05:00 AM

Well, if you copy malware from an USB-device to your harddrive, you know you have copied something (even if you are not aware that it was/contained malware). If you did not copy, the malware would not have come to your PC.
If autorun is enabled, malware can be copied without you ever knowing there was copied something, so thats the difference.
I do not agree with you that disabling autoplay is pointless. When I plug in a strange device (not my own), I always scan it for malware before opening. With autoplay disabled, I can be reasonably sure that no malware, if present on the USB-device, has copied itself to my PC.

Of course, everything depends on the kind of malware, I would never use my USB-stick between an infected computer and my own to transfer files, unless using some kind of USB-desinfector.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:06:44 PM

Posted 20 March 2009 - 11:51 AM

Use Flash Drive Disinfector for suspected drives
------------------------------

Flash_Disinfector.exe
by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

Edited by garmanma, 20 March 2009 - 11:53 AM.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#4 joe blow

joe blow
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 21 March 2009 - 04:14 AM

Hi.

Thanks for the posts.

Could someone just clear this up. If autoplay is disabled and I insert a flash drive that has malware on it someware and I copy a perfectly safe uninfected file from it, can the malware still infect my computer?

#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,257 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:44 AM

Posted 21 March 2009 - 04:50 AM

I would say yes. Because when you copy a file, you open the USB-device. How do you know that file is perfectly safe? It may seem safe, but with malware you never know. Consider this, it is really easy to scan your device before doing anything with it. If the malware on the device, if there, can be removed, its safe, if it cannot be, it maybe some real nasty stuff and with real nasty stuff you never know, so better not risk.

But then, I am sometimes really a malware-paranoid.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:06:44 PM

Posted 21 March 2009 - 10:33 AM

The application I gave you will clear the malware on the flash drive
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#7 joe blow

joe blow
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 22 March 2009 - 01:01 AM

Hi.

Once again, thanks for the posts.

Everything I have on the flash drive is 100% safe mostly mainstream security software such as Avira, AVG, MBAM, Kerio etc. I am not certain that the drive is infected but previously my computer was and the drive may have been inserted while the infection was present. I ran Flash Disinfector as you suggested, it did not find anything. I also scanned the drive with Avira and Dr Web Cure It and they both found nothing.

I realise that the drive is either not infected, or is infected with something that is very good at hiding.

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,257 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:44 AM

Posted 22 March 2009 - 02:29 AM

Well thats another thing, once again, depending on the malware. But if you scanned your PC and your USB-device with different programs and found nothing, you can reasonably assume it did not spread. To be sure you can use some online scanners such asESET, Panda etc.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users