Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How do i make my USB pendrive more secure?


  • Please log in to reply
5 replies to this topic

#1 vladmir21

vladmir21

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 25 April 2010 - 04:26 AM

I have 3 pendrives, all by Transcend. (2GB, 4GB and 8GB)
I recently went to a cybercafe, inserted the pendrive to upload some documents as an attachment, mailed it and got back home.

My laptop at home has DefenseWall 2.56 installed, with pendrives as untrusted.
I also have a application caled USB disk security, which scans any inserted pendrive for autorun.inf viruses and other malware before it can automatically run itself on my system.
It also creates a AUTORUN.INF folder in my pendrive, that cannot be deleted.

So, i come home, insert the pendrive in my laptop.
USB disk security goes crazy, tell me threats found, and its automatically moved them to quarantine.
Oh god, the quarantined items were like a who's who of viruses and worms,
regsvr.exe, autorun viruses, i saw files with .sys extensions, so they probably were rootkits etc. etc. probably 6 or 8 of them.
I deleted all the quarantine items.

There still was one 0kb malicious file, that was still recreating itself everytime i deleted it mahually.
After the emptying of the quarantine items, usb disck security was telling me it was all clean, but i was still seeing this 0kb .exe file.
And this file had taken the name of one of my folders!!

What these viruses did was, they made all the folders that i had in the pendrive hidden!
Then, they created what looked like folders (had the folder icons) but with an extension of EXE,lol!
So, if someone went to open them, they would execute the virus!

I had to do a format, and the drive was clean.
The Laptop remained clean.

How did the viruses get on the system automatically if i had an autorun.inf folder already in it?
How do i block .sys files from getting onto my pendrive?

BC AdBot (Login to Remove)

 


#2 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:02:12 AM

Posted 25 April 2010 - 11:47 AM

Your "dummy" autorun.inf file keeps malicious programs from auto-executing, not from loading onto the drive.
To execute the malicious file, you have to click it.
Your "dummy" autorun.inf file is doing it's job.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#3 Romeo29

Romeo29

    Learning To Bleep


  • Members
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:03:12 AM

Posted 25 April 2010 - 12:55 PM

You can get one of those USB sticks that have a write lock. Just flip it on, and nothing can be written on the pen drive.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:12 AM

Posted 26 April 2010 - 06:57 AM

You can download and use Autorun Eater or Autorun USB Virus Finder which will allow removal of any suspicious 'autorun.inf' files they find. Panda USB Vaccine. Computer Vaccination will prevent any AutoRun file from running, regardless of whether the removable device is infected or not. USB Vaccination disables the autorun file so it cannot be read, modified or replaced and creates an AUTORUN_.INF as protection against malicious code. The Panda Resarch Blog advises that once USB drives have been vaccinated, they cannot be reversed except with a format. If you do this, be sure to back up your data files first or they will be lost during the formatting process.

Another option for XP users is Flash_Disinfector by sUBs. Please read About Flash Disinfector by Papakid and USB/Flash Drive Safety by TheJoker.

Finally, always scan USB flash drives and any external storage media after they have been used in other computer systems, even your own. An easy way to do this is to download "ClamWin Portable Antivirus", put it on your USB Flash Drive, update its definition files and perform a scan.

Other scanning tools:
  • Malwarebytes Anti-Malware. Be sure to print out the instructions provided on the same page. For usb flash drives and/or other removable drives to scan, perform a Full scan.
  • Norman Malware Cleaner. Be sure to print out the instructions provided on the same page. For usb flash drives and/or other removable drives to scan, use the Add button to browse to the drives location, click on the drive to highlight and choose Ok.
  • Dr.Web CureIt. Choose Custom Scan after the Express Scan has finished to add your usb drive to the scan.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 vladmir21

vladmir21
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 01 May 2010 - 09:15 AM

Thanks for all the informative replys guys, sorry for the delay in response.
I had a quick question about the Panda USB vaccine.
Its running smoothly side by side USB disk Security,
but it has replaced the dummy AUTORUN.INF folder with a dummy AUTORUN_.INF folder.

My question is, what difference does adding the _ make to the folder name?

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:12 AM

Posted 01 May 2010 - 10:40 PM

USB Vaccination disables the autorun file so it cannot be read, modified or replaced and creates a hidden AUTORUN_.INF on the flash drive partition as protection against malevolent code by preventing a malicious autorun file from being installed.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users