Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Flash Disinfector


  • Please log in to reply
8 replies to this topic

#1 Bub12

Bub12

  • Members
  • 144 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 24 May 2009 - 06:38 PM

I recently added Adware to my arsenal & it recorded a worm. The worm was my Flash Disinfector & Adware deleted it! Not sure what to make of this. I have heard that some AS/AV detect the Flash Disinfector as spyware...so what to do?

Thanks.

BC AdBot (Login to Remove)

 


#2 xblindx

xblindx

  • Banned
  • 1,923 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:27 AM

Posted 24 May 2009 - 06:48 PM

Read from instructions running flash disinfector:

Download and Run FlashDisinfector

You may have a flash drive infection. These worms travel through your portable drives. If they have been connected to other machines, they may now be infected.

  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
    Note: Some security programs will flag Flash_Disinfector as being some sort of malware, you can safely ignore these warnings
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.


Anti-Malware programs flag Flash Disinfector as being infected because of in which the way it runs.

Edited by xblindx, 24 May 2009 - 06:49 PM.


#3 Bub12

Bub12
  • Topic Starter

  • Members
  • 144 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 24 May 2009 - 07:07 PM

Thanks xblindx,

Looks like I will need to download Flash Disinf. again :thumbsup: I thought that it was an fp but I let Ad-Aware delete it. None of my other AV/AS's detected the Flash Dis. as a problem so I thought I would be sure.

An off topic question about the Flash Disinfector. Will running the tool damage any of the existing files on the drive?

Thanks

#4 xblindx

xblindx

  • Banned
  • 1,923 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:27 AM

Posted 24 May 2009 - 07:10 PM

Nope, running the tool does nothing more than 1) Scanning the drive for infection, and 2), Creates a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.

#5 Bub12

Bub12
  • Topic Starter

  • Members
  • 144 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 24 May 2009 - 07:12 PM

Cool...Thanks!

#6 xblindx

xblindx

  • Banned
  • 1,923 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:27 AM

Posted 24 May 2009 - 07:12 PM

Anytime :thumbsup:

#7 Bub12

Bub12
  • Topic Starter

  • Members
  • 144 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 24 May 2009 - 07:37 PM

Hey x,

One more thing...I also added Ad-Aware to my old machine, which also has Flash Dis. installed & of course, AdAware called it a worm. However....another file showed an infection & I am not sure if it's related to the Flash Dis. Understand that MBAM, Avast & SAS never picked up this other possible infection. The old machine differs from my newer machine in the sense that it is XP Pro, not standard XP. See reported issues below:

Quarantined items:
Description: C:\Documents and Settings\Desktop\Flash_Disinfector.exe Family Name: Win32.Worm.Agent Clean status: Success Item ID: 565063 Family ID: 1891
Description: C:\System Volume Information\_restore{6F62C496-5DBE-4FAD-817D-8EC78C190904}\RP920\A0518395.exe Family Name: Win32.Worm.Agent Clean status: Success Item ID: 565063 Family ID: 1891

Thanks!

#8 xblindx

xblindx

  • Banned
  • 1,923 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:27 AM

Posted 24 May 2009 - 07:50 PM

The second detection is in a system restore point, and may be a backup of Flash Disinfector. That's what it looks like to me at least, which is nothing to worry about :thumbsup:

#9 Bub12

Bub12
  • Topic Starter

  • Members
  • 144 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 24 May 2009 - 07:54 PM

Sounds good...think I'll delete old restores just in case :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users