External storage media and flash (usb, pen, thumb, jump) drives are prone to infections
which involve malware that modifies/loads an autorun.inf
(text-based configuration) file into the root folder of all drives
(internal, external, removable) along with a malicious executable. For flash drives and other USB storage, autorun.ini uses the Windows Explorer's right-click context menu so that the standard "Open" or "Explore" command starts the file. Malware modifies the context menu (adds a new default command) and redirects to executing the malicious file if the "Open" command is used or double-clicking on the drive icon. When a flash drive becomes infected, the Trojan will infect a system when the removable media is inserted if autorun has not been disabled. Keep in mind that autorun.inf can also be a legitimate file which other legitimate programs depend on so the presence of that file may not always be an indication of infection.
If you backed up files due to malware infection, make sure you scan them with an an anti-virus prior to
copying them back to your hard drive. The safest practice is not to restore
any executable files (*.exe), screensavers (*.scr), dynamic link library (*.dll), .ini, .bat, .com, .cmd, .msi, .pif, or script files (.php, .asp, .htm, .html, .xml) files because they may be infected by malware. Avoid restoring compressed files (.zip, .cab, .rar) that have executables inside them as some types of malware can penetrate compressed files and infect the .exe files within them. Other types of malware may even disguise itself by hiding a file extension
or by adding double file extensions and/or space(s) in the file's name to hide the real extension as shown here
(click Figure 1 to enlarge
) so be sure you look closely at the full file name. If you cannot see the file extension, you may need to reconfigure Windows to show file name extensions
If you have files backed up to a USB flash drive or external hard drive, they can be scanned with ClamWin Portable Antivirus
which can be placed directly on those types of drives. Another option is to install USBVirusScan
, a freeware tool by Didier Stevens
that triggers your antivirus to scan a USB drive each time it is inserted in your computer.USB Scanning Tools
- Malwarebytes' Anti-Malware. For usb flash drives and/or other removable drives, perform a Full scan. The option for a Flash Scan will analyze memory and autorun objects but that option is only available to licensed users in the paid version.
- Norman Malware Cleaner. For usb flash drives and/or other removable drives to scan, use the Add button to browse to the drives location, click on the drive to highlight and choose Ok.
- Dr.Web CureIt. Choose Custom Scan after the Express Scan has finished to add your usb or external drive to the scan.
- McAfee Avert Stinger Tool.
-- As an extra precaution, hold down the Shift key
when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present. Then perform your scans.USB Protection Tools