Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Are Rootkits able to jump to external drives or removable drives?


  • Please log in to reply
3 replies to this topic

#1 ClearFocus

ClearFocus

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 18 January 2012 - 10:47 AM

I was cleaning a PC that was infected with a tough rootkit and eventually rebuilt w/ OS to ensure all was well. During the attempted cleaning, I had a external hard drive and a flash drive connected to the PC. My question is ... can rootkits and their similar counterparts spread to attached drives such as these [and eventually infect the next PC they are attached to]?

I have since used the flash drive in a new Dell PC w/ Win7 and it is acting a bit strange all of a sudden after sitting overnight.

Thanks much!
Brian

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:22 AM

Posted 18 January 2012 - 10:30 PM

Yes,that is quite easy,especially with .exe files.

You ned to clean the drive and scan what ever iy connected to.
Were they both Win7?

EDIT:
You can download and use Autorun Eater or Autorun USB Virus Finder which will allow removal of any suspicious 'autorun.inf' files they find. Panda USB Vaccine. Computer Vaccination will prevent any AutoRun file from running, regardless of whether the removable device is infected or not. USB Vaccination disables the autorun file so it cannot be read, modified or replaced and creates an AUTORUN_.INF as protection against malicious code. The Panda Resarch Blog advises that once USB drives have been vaccinated, they cannot be reversed except with a format. If you do this, be sure to back up your data files first or they will be lost during the formatting process.


Another option for XP users is Flash_Disinfector by sUBs. Please read About Flash Disinfector by Papakid and USB/Flash Drive Safety by TheJoker.

Finally, always scan USB flash drives and any external storage media after they have been used in other computer systems, even your own. An easy way to do this is to download "ClamWin Portable Antivirus", put it on your USB Flash Drive, update its definition files and perform a scan.
{borrowed from our quietman7}

Edited by boopme, 18 January 2012 - 10:39 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 ClearFocus

ClearFocus
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 18 January 2012 - 10:34 PM

I have scanned both the flash drive and external drive with both MBAM and SAS and both came back as clean. The infected system was a WinXP box. The new box was Win7. But, I eventually learned that it is infected, but not due to my drives ... rather, the user downloaded ilivid from tvlinks.com and thus, has searchqu and a few other odds and ends of malware now. I've posted a hijackthis log to get it cleaned in the other forum here.

I've read up on how to disable the autorun/play for all OS's ... and will begin employing this as a habit.

If you feel I should scan my two drives with another scanner (eset, etc.) please let me know.

Thanks boopme

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:22 AM

Posted 18 January 2012 - 10:49 PM

I would yse the Flash Disinfector mentioned above on the XP and Flash Drive anyway.

There is a difference between Autorun and Autoplay
See quietman7's post 14 L@@K
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users