Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How do I avoid cross-contamination between computers?


  • Please log in to reply
8 replies to this topic

#1 Sandy_S

Sandy_S

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 10 September 2010 - 04:20 PM

How to prevent cross-contamination?

Oh My! This is so stressful. Thanks for being here to help out. X0

I have read through your Preparation Guide (re: running programs and submitting results). That all seems straightforward enough. However, here is my dilemma: I believe both of my computers (desktop and laptop) are infected as different results have been coming up in SpyBot, Malwarebytes, etc. I didn't save the results but the programs say that the viruses had been removed.I think not. I can still get online with my laptop and the only indication that 'something' just isn't quite right is that it is 'suddenty' working much slower and the (Vista) cursor icon turns into the spinning circle every minute or so for no reason. My Desktop is failing miserably. It is running soooo slow and after experiencing the 'Fake Microsoft Security Essentials Alert' virus/popup a few days ago ... I am now experiencing 1)browser redirects to fake sites and 2) Windows will not shut down (I get as far as Windows is shutting down ...) but that's the way the screen stays even if I leave it for hours.

Anyway, I'll get to sending you my results (in the appropriate forum) shortly, however, in the meantime I feel I must ask this question before starting anything:

Since my desktop computer has been re-directing me I am super paranoid and have disconnected it from the internet. So that leaves the question of how to get my log files uploaded to you here at the forum. I doubt my desktop would even allow me to connect to Bleeping anyway. I have a number of USB flash drives that I can save the results to (from the desktop) but this is where my concern comes in to play. How can I be sure that any virus/trojan/worm/ etc. doesn't infect my USB flash drive and then when I put the flash drive into my laptop it doesn't also infect my laptop?

Is there a special procedure I should go through to safeguard against cross-contaminating my computers via an infected USB flash drive?

Thank you so much for any and all assistance you can provide and thanks again for all of the good work you do.

Best wishes,
Sandy

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:02 PM

Posted 10 September 2010 - 07:29 PM

Hello Sandy
Before tranferring files to the USB run this...
Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Sandy_S

Sandy_S
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 12 September 2010 - 06:46 PM

Thank you for your suggestion, however, I tried downloading/installing it on a laptop that I'm thinking/hoping is clean, BUT it will not install. I downloaded it three different times, each time double-clicked to install and each time the screen just flashed for a second and then nothing happened .. that was it ... it's like the file just terminates .. no additional windows or messages, or anything. Any other suggestions please?
Thanks so much for your time and patience.
Sandy

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:02 PM

Posted 12 September 2010 - 08:01 PM

Are you runnning Win 7? FD works on Windows 2000/XP/Vista

If Vista you may need to Right click on the Desktop icon and select Run As ADministrator.

Some alternatives.
You can download and use Autorun Eater or Autorun USB Virus Finder which will allow removal of any suspicious 'autorun.inf' files they find. Panda USB Vaccine. Computer Vaccination will prevent any AutoRun file from running, regardless of whether the removable device is infected or not. USB Vaccination disables the autorun file so it cannot be read, modified or replaced and creates an AUTORUN_.INF as protection against malicious code. The Panda Resarch Blog advises that once USB drives have been vaccinated, they cannot be reversed except with a format. If you do this, be sure to back up your data files first or they will be lost during the formatting process.

Another option for XP users is Flash_Disinfector by sUBs. Please read About Flash Disinfector by Papakid and USB/Flash Drive Safety by TheJoker.

Finally, always scan USB flash drives and any external storage media after they have been used in other computer systems, even your own. An easy way to do this is to download "ClamWin Portable Antivirus", put it on your USB Flash Drive, update its definition files and perform a scan.
{borrowed from our quietman7}

Edited by boopme, 12 September 2010 - 08:11 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Sandy_S

Sandy_S
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 12 September 2010 - 08:57 PM

Thanks ... this time I moved the .exe to the desktop (from the download folder), right-click and chose: Run as Administrator ... however, this time my Norton Internet Security popped up with a window that said something like Norton prevented this program from running. Auto Protect blocked this Trojan Horse. (tmp00000075d3720a7988d133f6 Trojan Horse detected by Auto Protect).

I'm wondering if others who have NIS also experience this? What do you suggest I do now?

Thanks,
Sandy

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:02 PM

Posted 12 September 2010 - 09:04 PM

Can you tell Norton to ignore/allow, as it is a safe program.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Sandy_S

Sandy_S
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 12 September 2010 - 11:34 PM

Thanks, Boopme. Instead I decided to try Panda USB Vaccine. I hope it is just as good. Do you have any opinion on this one way or another? It installed just fine and Norton didn't make a fuss. I am in the process of vaccinating all 5 of my tiny flash drives. I also have a 500 GB (passport) external hard drive that connects via a USB port. Should I vaccinate that as well, or would you recommend something different for that.?? Also, I have a pretty strong feeling that it is probably already infected because that is what I used to back up all of my documents from my infected machine. I hate to be a pain, but any wisdom or advice on how to proceed from here would be greatly appreciated. So far my plan is to:
1) use Partition Master to wipe out 6gb of unallocated space
2) merge the partitions so that I only have one partition
3) format the hard drive using DBAN
4) reinstall Windows (update service packs / NIS / SpyBot / Malwarebyes / etc.)

... then hopefully be able to do a safe scan on the external drive that has My Docs backed up and then reinstall them.

If you can think of anything important that I should be doing ... please let me know. I will be sooo very grateful for any and all advise you can offer.

Take care and have a great week.

Sandy

Edited by Sandy_S, 12 September 2010 - 11:38 PM.


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:02 PM

Posted 13 September 2010 - 08:39 PM

The Panda is fine. You still didn't tel me if you have XP,Vista or Win 7.


2 guidelines/rules when backing up

1) Backup all your important data files, pictures, music, work etc... and save it onto an external hard-drive. These files usually include .doc, .txt, .mp3, .jpg etc...
2) Do not backup any executables files or any window files. These include .exe/.scr/.htm/.html/.xml/.zip/.rar files as they may contain traces of malware. Also, .html or .htm files that are webpages should also be avoided.

You can connect your External and scan it with these
MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware (v1.46) and save it to your desktop.
Before you save it rename it to say zztoy.exe


alternate download link 1
alternate download link 2
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "FULL" option is selected. This enables that it will scann all Hard drives
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.Superantisypware :
Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive... The drive letter for the External drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

Edited by boopme, 13 September 2010 - 08:42 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Sandy_S

Sandy_S
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 14 September 2010 - 12:36 PM

Thank you so much again, boopme, for taking so much time with me. I'm sorry I kept forgetting to let you know that I am running: Windows XP

I can't tell you how much I appreciate your continued follow-ups. I am a nervous wreck; I haven't eaten or slept for over a week and I've lost 7 lbs. over this whole mess. I can't even tell you 'what' is making me so upset .... perhaps it's the thought that someone has gained backdoor access and has been using my computer for something illegal. My paranoia has me so freaked out that I wonder if 'the hacker' has gained access to all of my computers (even this laptop that I am using right now), and that I'm not even REALLY on bleepingcomputer.com but a fake site with fake downloads that have me downloading even more backdoor software. I feel like I'm going crazy. Anyway, I will try to put my fears aside and just push on to get this resolved.

So, boopme, this is what I have done so far:
1) backed up everything from My Documents on to an external hard drive (more questions about this later)
2) used EASEUS Partition Master to delete the 7GB of unallocated disk space and merged that with C:
3) used DBAN to (3X) wipe the hard drive (used autonuke)
4) reinstalled my OS from discs
5) installed Norton Internet Security
6) installed Windows sp2 sp3 (which I previously had saved to discs a year ago)
7) disconnected my modem and router (for a few minutes to reset)
8) stuck a paper-clip in the back of the router to reset to factory defaults
(connect computer and set a good password for the modem)
9) re: Windows XP - set strong passwords for admin and user account
10) upgraded the BIOS with an .exe file that I downloaded from my computer manufacturers website

11) Connect to internet and download and install:
* Microsoft PowerToy: Tweak UI - and disable ALL drives from autostarting
* SpyBot Search & Destroy (w/ latest updates)
* Malwarebytes ( w/ updates) renamed to zztoy.exe
* SUPERantispyware (w/ updates)

*** Should I download Ad-Aware?

Also, I feel sooo let down by Norton and all of the other protection software that I had on my computer that I just don't even trust it 100% to catch anything malicious on my backup hard drive. So I'm thinking that I might take it to BestBuy or Staples to have them do a thorough scan because I will be just SICK if I re-infect my system and have to go through all of this again. ***What do you think of that, boopme? Or do you have a better suggestion? BB and Staples both want over $100.00 for this service, but I have 10 years worth of pictures / documents / etc. that I wll just die if they are corrupted.

Also, in reference to your instructions above, re: 2) Do not backup any executables files or any window files. These include .exe/.scr/.htm/.html/.xml/.zip/.rar files as they may contain traces of malware. Also, .html or .htm files that are webpages should also be avoided. Well, this scares the he!! out of me because I already backed up a ton of .exe files (because I purchased lots of software online like: SnagIt / Jing / Folder Match / etc., etc. and I saved them to a folder in My Documents, so I have lots of .exe files on my backup. Also, I do lots of web page design so I have a ton of .htm and .html templates and pages I've created. I also have lots of .rar and .zip files that I've downloaded from legitimate sites like: exercise files from Lynda.com, etc. So I'm sure there are hundreds (if not thousands) of files with the extensions you've mentioned.

Boopme, I know it might sound like I kind of know what I'm doing, but I am in super-freaked-out-panic-mode right now and I really appreciate any confirmation and/or additional instructions or information you can provide, just to assure me that I am on the right track.


Thank you! Thank you! Thank you again! It is comforting to know you are on the other side listening. XO

Sandy








0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users