Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Scanning external and flash drive protection


  • Please log in to reply
7 replies to this topic

#1 brussel57

brussel57

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Long Island
  • Local time:09:03 PM

Posted 16 August 2009 - 09:51 PM

I recently had help on Bleeping Computer getting rid of a rootkit on my computer. As you can imagine this is leaving me very cautious about anything. I would like to scan my external and flash drives to make sure nothing is residing on them. I was also advise to scan a cd-rom with documents that came from my old computer (infected and retired).

My question is - is there a particular program that I can use to scan both the external drives and the cd-rom? I already disable autorun for the drives and cd-rom.

BTW, I did see where "flash disinfector" was recommended to one poster in one message here, problem was when I tried to download it - my McAfee zapped it immediately with warning "generic.dx (trojan)" was found in Flash_Disinfector.exe.

Forgot to add - I'm running windows Xp - service pack 3

Would appreciate any help.
Thank you
brussel57

Edited by brussel57, 16 August 2009 - 11:59 PM.


BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:09:03 PM

Posted 17 August 2009 - 03:31 PM

my McAfee zapped it immediately with warning "generic.dx (trojan)" was found in Flash_Disinfector.exe.

That would be a false positive

As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.



What it does:

The vaccination is two fold. If the computer's autorun settings are enabled, then files can spread to any drive that's plugged in. If the drives themselves are vaccinated, all the tool does is prevent the autorun.inf file from executing any of the malicious content that may have been copied to the drive when it's plugged in.

In other words, say you vaccinate your USB drive. The tool writes an autorun.inf file that's harmless. When it's inserted in a computer that does not have autorun disabled, the computer will attempt to read and process the autorun.inf file from the inserted drive. If an infection that spreads to network or USB drives is presenton

the computer, the infection may very well succeed in putting the files on the drive, but they will not be able to overwrite the autorun.inf file and as such the files will not run without user input (i.e. actually clicking on them).

If the computer's infected and that infection tries to multiply to external drives, then yes, it'll likely copy some files to it. You could then remove those as they wouldn't be running automatically once the drive's inserted in another PC. Nothing you do will stop files from being copied over to an external drive if an infection of that type is present on the system. Well, technically you can prevent that by setting the write protect mode, but not every USB drive has one of those and it prevents writing anything to the drive.
[TNX to Galadriel]
----------------------------------------------------------

Most of the tools we use, using the full or complete scan option, will scan whatever is attached or give you a choice to select which drive
Just remember to hold down the shift key while attaching any device

Edited by garmanma, 17 August 2009 - 03:42 PM.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 brussel57

brussel57
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Long Island
  • Local time:09:03 PM

Posted 18 August 2009 - 12:41 AM

Thanks garmanma, I actually disable autorun on this computer (thanks to Bleeping Computer's instructions). Just wanted to make sure no problems if I bring a cd from my infected machine - that the virus on that machine won't load on this machine.

Blade Zephon advise me to scan the cd before copying the contents. I wasn't sure which AV to use, if there was one that specifically could be used for cds and external drives.

Wanted to know what would be the best AV to use other than McAfee.

#4 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:09:03 PM

Posted 18 August 2009 - 08:40 AM

Blade Zephon advise me to scan the cd before copying the contents.

That would be with your resident AV program. Just right-click on it and select scan with AV

As to which one to choose, that's more or less a personal decision
Scroll down this sub-forum and you'll see plenty of topics discussing the many choices

Here's one discussion:
http://www.bleepingcomputer.com/forums/t/246892/which-antivirus-shall-i-get/

Edited by garmanma, 18 August 2009 - 08:43 AM.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#5 brussel57

brussel57
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Long Island
  • Local time:09:03 PM

Posted 19 August 2009 - 12:07 AM

Thanks for pointing to the discussion. I wasn't sure if there was one that was designed just for flash drives. Since I have McAfee, I continue to use it.

Appreciate all your help.
brussel57

#6 alittlehelp

alittlehelp

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 20 August 2009 - 03:42 PM

I'm also searching the BC site for kind of the same solution....

After being left with no alternative but to format a pc with years of data backed up on an external drive that was also compromised by a rootkit/infection, I backed up all my data on cd - after the fact.
Unfortunately, I am now left with a false sense of well being since the cd's backup data may be harboring copies of the virus,
just waiting to re-inject it self into my newly formatted drive.

Is there a safe method to to scan a cd for rootkits without unknowingly unleashing if from the drive/disk and on to the HD?
If there is a thread, tutorial or guidance one could share I would greatly appreciate it.
I can run AVG & Malwarebytes on a right click, but, as it has been stated - neither of these apps are a true defense for detecting/preventing rootkits in particular. I have had great luck detection with Rootrepeal and SuperAS; but they are not available on a right click. Not sure how to use/get them to scan CD drive on a right click.

Suggestions?

Really need to get my digital world back and up and running again - virus free!

Thanks in advance.

Edited by alittlehelp, 20 August 2009 - 03:45 PM.


#7 brussel57

brussel57
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Long Island
  • Local time:09:03 PM

Posted 20 August 2009 - 10:32 PM

Is there a safe method to to scan a cd for rootkits without unknowingly unleashing if from the drive/disk and on to the HD?


Oo, oo, wait I know this one. :thumbsup:

I think you have to turn off autorun or autoplay on the cd drive. That way the autorun.inf file will not engage (apparently this could hid a trigger in it for a virus or rootkit to start). Once the auto feature is disable you can insert the cd safely and then scan it. (I think this is what you're asking)

I found the instructions on Bleeping Computer, but now I can't find where I found it so I can point the way for you. I do know the instructions were pretty clear because I was able to do it. Unfortunately I can't remember how I did it.

I'm not sure if any of the monitors will see your question since my problem was solved.

My advise is for you to create a new topic/message and ask how to disable. They are really good about giving the right information.

Sorry I couldn't help further. Good luck
brussel57

#8 alittlehelp

alittlehelp

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 21 August 2009 - 10:14 AM

Good advice brussel :thumbsup:
Thanks!
I've been practicing that routine installing my files this morning. So far so good.
Only wish I had more AV options available on right click. I have Rootrepeal, SAS, and a couple
of other AMW apps that are not included on a right click. So far dragging the CD drive on to RR or SAS
icons doesn't scan the drive. It just defaults to C:

Will continue searching....

Thanks again for the added support!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users