Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

are there USB Viruses Other than Autorun.inf


  • Please log in to reply
9 replies to this topic

#1 ranget

ranget

  • Members
  • 250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 PM

Posted 06 December 2011 - 06:45 PM

Hi guys just got a question in mind Regarding Usb Stick viruses

Autorun.inf are easy to avoid Using usb immunizer technique and disabling autorun for win

but USB sticks

also Got drivers that may got infected and it will infect the system by installing it's driver

anyway is this a threat also if there is another Flash driver viruses i should worry about

thanks in advance

A big thanks to Dider Stevens

sorry for not being around

 


BC AdBot (Login to Remove)

 


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:47 AM

Posted 07 December 2011 - 06:45 AM

Yes, a very common infection method is to append malware to existing executables on the USB stick.

And every so often there is a new method when a WIndows vulnerability is discovered.

An example of this is .LNK files with .DLL files. It is possible to craft a .LNK file that will load a DLL into explorer.exe when the folder is viewed. Microsoft has issued a patch for this, but of course not everybody has applied this patch to their machines.

Edited by Didier Stevens, 07 December 2011 - 06:45 AM.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#3 ranget

ranget
  • Topic Starter

  • Members
  • 250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 PM

Posted 07 December 2011 - 11:48 AM

thanks Didier for the info

I think everything Possible these days and maybe the Best way to protect against Hacking is to never connect to
the internet xD

anyway i'm using your USB antivirus Program and thats really helpful thanks
for the awesome Product

A big thanks to Dider Stevens

sorry for not being around

 


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,600 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:47 PM

Posted 07 December 2011 - 02:06 PM

Malware writers are inventive. See here <- (click Figure 1 to enlarge)
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 ranget

ranget
  • Topic Starter

  • Members
  • 250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 PM

Posted 07 December 2011 - 03:33 PM

thanks quiteman7

as u said they are quite inventive so anything is possible :mellow:

A big thanks to Dider Stevens

sorry for not being around

 


#6 Sofiane Mekroussi

Sofiane Mekroussi

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:n/a
  • Local time:12:47 AM

Posted 07 December 2011 - 03:50 PM

Don't download untrusted files from untrusted sites ( *.exe,*.dll,*.zip.*.rar,*.xxx ).

they provide popular files but good to hide a danger.

Don't doubleclick a usb drive to open it.

create an undeletable autorun.inf\con folder.

don't run or install any free untrusted executable.

Free is not free.

Now I don't use any antivirus or spyware or else but my system is clean and stable.






#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,600 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:47 PM

Posted 07 December 2011 - 05:43 PM

Why should you use Antivirus software?Using unprotected computers on the Internet is a security risk to everyone as they are prone to attack from hackers, Botnets, zombie computers and malware infection. Using anti-virus software will help minimize the risk and help to prevent the computer from being used to pass on infections to other machines. When infected and compromised, malware spreads faster and more extensively, distributed denial-of-service attacks are easier to launch, spammers have more platforms from which to send e-mail and more zombies are created to perpetuate the cycle.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:47 PM

Posted 10 December 2011 - 11:19 AM

what about deadly RAMINIT

It is spread through flash drives

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,600 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:47 PM

Posted 10 December 2011 - 03:06 PM

Yes, file infectors like Win32/Ramnit and Virut spread via removable media like flash drives. When working with some Virut cases in the past, I noted it was making use of RUNDLL32.EXE on the flash drive. Conficker/Downadup Worm is another example but there are many others as malware writers have found removable media to be an effective way of spreading infections.

Keep in mind that the severity of infection will vary from system to system, some causing more damage than others, and each case should be treated on an individual basis. Severity of system infection will also determine how the disinfection process goes.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 Sofiane Mekroussi

Sofiane Mekroussi

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:n/a
  • Local time:12:47 AM

Posted 15 December 2011 - 03:05 AM

An antivirus won't detect an autorun spyware
I've tested : Kaspersky ( V 2005>2010 ),Avast,Bitdefender,Norton,Avg,..and more ( illegal copies )
and none ever could detect the plenty of the autorun infections on my pc
I had to remove them manually by tracking there activity ( reg ,sysDir ,sysFiles ,process ,superHidden ,... )
unfortunately I didn't had any internet connection to get information ( my first home connection was on 01/10/2011 )
and these forums helped me to get rid of the ( server.exe ) infection by providing enough tracking info.
Thanks to ' am I infected forum ' and thanks to ALL !! :gathering:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users