Posted 25 April 2010 - 04:26 AM
I have 3 pendrives, all by Transcend. (2GB, 4GB and 8GB)
I recently went to a cybercafe, inserted the pendrive to upload some documents as an attachment, mailed it and got back home.
My laptop at home has DefenseWall 2.56 installed, with pendrives as untrusted.
I also have a application caled USB disk security, which scans any inserted pendrive for autorun.inf viruses and other malware before it can automatically run itself on my system.
It also creates a AUTORUN.INF folder in my pendrive, that cannot be deleted.
So, i come home, insert the pendrive in my laptop.
USB disk security goes crazy, tell me threats found, and its automatically moved them to quarantine.
Oh god, the quarantined items were like a who's who of viruses and worms,
regsvr.exe, autorun viruses, i saw files with .sys extensions, so they probably were rootkits etc. etc. probably 6 or 8 of them.
I deleted all the quarantine items.
There still was one 0kb malicious file, that was still recreating itself everytime i deleted it mahually.
After the emptying of the quarantine items, usb disck security was telling me it was all clean, but i was still seeing this 0kb .exe file.
And this file had taken the name of one of my folders!!
What these viruses did was, they made all the folders that i had in the pendrive hidden!
Then, they created what looked like folders (had the folder icons) but with an extension of EXE,lol!
So, if someone went to open them, they would execute the virus!
I had to do a format, and the drive was clean.
The Laptop remained clean.
How did the viruses get on the system automatically if i had an autorun.inf folder already in it?
How do i block .sys files from getting onto my pendrive?