Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Infected External HD


  • Please log in to reply
3 replies to this topic

#1 darkslash233

darkslash233

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 20 September 2010 - 02:10 AM

Hey all,

I recently got a trojan in my system. So I decided to reformat my whole computer and start anew. But I also have an external hard drive, that I plugged into my computer awhile back. I'm not sure when I got infected by the trojan, but I'm a bit scared that the trojan might of duplicated itself into the external hard drive when I used it. Is there a way to safely connect the possible infected external hard drive to the desktop to scan and check if it is infected?

Thanks in advance.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,945 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:44 PM

Posted 21 September 2010 - 01:27 PM

Many anti-virus and anti-malware programs include scanning options for removable drives. Depending on which tools you are using you may have to go into settings to select that drive or do a custom scan which usually allows selecting external drives.

Before inserting your external drive, ensure Autorun has been disable. Many security experts recommend you disable Autorun asap as a method of prevention. Microsoft recommends doing the same.

...Disabling Autorun functionality can help protect customers from attack vectors that involve the execution of arbitrary code by Autorun when inserting a CD-ROM device, USB device, network shares, or other media containing a file system with an Autorun.inf file...

Microsoft Security Advisory (967940): Update for Windows Autorun

You can download and use Autorun Eater or Autorun USB Virus Finder which will allow removal of any suspicious 'autorun.inf' files they find.

Panda USB Vaccine allows for computer and usb vaccination.
  • Computer Vaccination will prevent any AutoRun file from running, regardless of whether the removable device is infected or not.
  • USB Vaccination disables the autorun file so it cannot be read, modified or replaced and creates a hidden AUTORUN_.INF on the flash drive partition as protection against malevolent code by preventing a malicious autorun file from being installed. The Panda Resarch Blog advises that once USB drives have been vaccinated, they cannot be reversed except with a format. If you do this, be sure to back up your data files first or they will be lost during the formatting process.
As an extra precaution, hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present. Then perform your scans.

Windows 7 users, should read AutoRun changes in Windows 7

1. AutoPlay will no longer support the AutoRun functionality for non-optical removable media. In other words, AutoPlay will still work for CD/DVDs but it will no longer work for USB drives.

2. A dialog change was done to clarify that the program being executed is running from external media.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 darkslash233

darkslash233
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 02 October 2010 - 02:44 AM

Thanks, I will try those out. As for disabling autorun, how would I go about doing that on Windows 7? Thanks

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,945 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:44 PM

Posted 02 October 2010 - 07:26 AM

Did you read AutoRun changes in Windows 7?

That article explains the changes and provides a link to Improvements to AutoPlay

Windows 7 introduces key changes to AutoPlay that keep you from being exposed inadvertently to malware...In particular, Windows will no longer display the AutoRun task in the AutoPlay dialog for devices that are not removable optical media (CD/DVD.) because there is no way to identify the origin of these entries. Was it put there by the IHV, a person, or a piece of malware? Removing this AutoRun task will block the current propagation method abused by malware and help customers stay protected. People will still be able to access all of the other AutoPlay tasks that are installed on their computer. With these changes, if you insert a USB flash drive that has photos and has been infected by malware, you can be confident that the tasks displayed are all from software already on your computer...


Also see How to Disable Auto Play in Windows 7.

Edited by quietman7, 02 October 2010 - 07:34 AM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users