Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

are my files safe?


  • Please log in to reply
4 replies to this topic

#1 Curious Mew

Curious Mew

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:52 AM

Posted 10 September 2012 - 06:09 AM

I recently reinstalled my computer and it runs like a dream again :P Beforehand I was having mouse glitches, freezing, missing icons, and my antivirus wasn't updating itself properly--neither was Malwarebytes Pro. I scanned my system many times but neither could find anything wrong. I don't think I had a virus.. but I know I had something going on, possibly malware.

I currently have my files sitting on an external hard drive and Google Drive, and I'm concerned about reinfecting my system during the transfer & download of these files. Apparently, malicious things can still travel through the autorun.inf file of my external hard drive, and the .exe files sitting on my Google Drive. Are there any precautionary steps I can take to secure my system from any possible infection? Please help~

Edited by Curious Mew, 10 September 2012 - 06:32 AM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:52 PM

Posted 10 September 2012 - 06:52 AM

External storage media and flash (usb, pen, thumb, jump) drives are prone to infections which involve malware that modifies/loads an autorun.inf (text-based configuration) file into the root folder of all drives (internal, external, removable) along with a malicious executable. For flash drives and other USB storage, autorun.ini uses the Windows Explorer's right-click context menu so that the standard "Open" or "Explore" command starts the file. Malware modifies the context menu (adds a new default command) and redirects to executing the malicious file if the "Open" command is used or double-clicking on the drive icon. When a flash drive becomes infected, the Trojan will infect a system when the removable media is inserted if autorun has not been disabled. Keep in mind that autorun.inf can also be a legitimate file which other legitimate programs depend on so the presence of that file may not always be an indication of infection.

If you backed up files due to malware infection, make sure you scan them with an an anti-virus prior to copying them back to your hard drive. The safest practice is not to restore any executable files (*.exe), screensavers (*.scr), dynamic link library (*.dll), .ini, .bat, .com, .cmd, .msi, .pif, or script files (.php, .asp, .htm, .html, .xml) files because they may be infected by malware. Avoid restoring compressed files (.zip, .cab, .rar) that have executables inside them as some types of malware can penetrate compressed files and infect the .exe files within them. Other types of malware may even disguise itself by hiding a file extension or by adding double file extensions and/or space(s) in the file's name to hide the real extension as shown here (click Figure 1 to enlarge) so be sure you look closely at the full file name. If you cannot see the file extension, you may need to reconfigure Windows to show file name extensions.

If you have files backed up to a USB flash drive or external hard drive, they can be scanned with ClamWin Portable Antivirus which can be placed directly on those types of drives. Another option is to install USBVirusScan, a freeware tool by Didier Stevens that triggers your antivirus to scan a USB drive each time it is inserted in your computer.

USB Scanning Tools:
  • Malwarebytes' Anti-Malware. For usb flash drives and/or other removable drives, perform a Full scan. The option for a Flash Scan will analyze memory and autorun objects but that option is only available to licensed users in the paid version.
  • Norman Malware Cleaner. For usb flash drives and/or other removable drives to scan, use the Add button to browse to the drives location, click on the drive to highlight and choose Ok.
  • Dr.Web CureIt. Choose Custom Scan after the Express Scan has finished to add your usb or external drive to the scan.
  • McAfee Avert Stinger Tool.
-- As an extra precaution, hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present. Then perform your scans.

USB Protection Tools:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Curious Mew

Curious Mew
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:52 AM

Posted 11 September 2012 - 03:20 AM

External storage media and flash (usb, pen, thumb, jump) drives are prone to infections which involve malware that modifies/loads an autorun.inf (text-based configuration) file into the root folder of all drives (internal, external, removable) along with a malicious executable. For flash drives and other USB storage, autorun.ini uses the Windows Explorer's right-click context menu so that the standard "Open" or "Explore" command starts the file. Malware modifies the context menu (adds a new default command) and redirects to executing the malicious file if the "Open" command is used or double-clicking on the drive icon. When a flash drive becomes infected, the Trojan will infect a system when the removable media is inserted if autorun has not been disabled. Keep in mind that autorun.inf can also be a legitimate file which other legitimate programs depend on so the presence of that file may not always be an indication of infection.

If you backed up files due to malware infection, make sure you scan them with an an anti-virus prior to copying them back to your hard drive. The safest practice is not to restore any executable files (*.exe), screensavers (*.scr), dynamic link library (*.dll), .ini, .bat, .com, .cmd, .msi, .pif, or script files (.php, .asp, .htm, .html, .xml) files because they may be infected by malware. Avoid restoring compressed files (.zip, .cab, .rar) that have executables inside them as some types of malware can penetrate compressed files and infect the .exe files within them. Other types of malware may even disguise itself by hiding a file extension or by adding double file extensions and/or space(s) in the file's name to hide the real extension as shown here (click Figure 1 to enlarge) so be sure you look closely at the full file name. If you cannot see the file extension, you may need to reconfigure Windows to show file name extensions.

If you have files backed up to a USB flash drive or external hard drive, they can be scanned with ClamWin Portable Antivirus which can be placed directly on those types of drives. Another option is to install USBVirusScan, a freeware tool by Didier Stevens that triggers your antivirus to scan a USB drive each time it is inserted in your computer.

USB Scanning Tools:

  • Malwarebytes' Anti-Malware. For usb flash drives and/or other removable drives, perform a Full scan. The option for a Flash Scan will analyze memory and autorun objects but that option is only available to licensed users in the paid version.
  • Norman Malware Cleaner. For usb flash drives and/or other removable drives to scan, use the Add button to browse to the drives location, click on the drive to highlight and choose Ok.
  • Dr.Web CureIt. Choose Custom Scan after the Express Scan has finished to add your usb or external drive to the scan.
  • McAfee Avert Stinger Tool.
-- As an extra precaution, hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present. Then perform your scans.

USB Protection Tools:

quietman7, thanks so much for the valuable advice! I do have many questions though, about which program(s) I should use in my particular situation?

I plan on keeping the files on my external hard drive there for good, but the initial connection to my computer is where I'm most concerned. Would Panda USB do the job best in this situation? And if so, would it still be safe to transfer files back and forth between the two?

As for Google Drive, there is really no way for me to scan this drive until I've physically downloaded the files in there, so I'm not exactly sure what options I have on this one. I may need a program that will scan check incoming/download files in real-time. Will my antivirus or MBAM do this, or would I need something else??

...another thing I could do is log into my Google account and delete any possible infected files from there, but I really don't want to delete anything because I have a lot of purchased software in there.

#4 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,114 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:09:52 AM

Posted 11 September 2012 - 02:08 PM

"but I really don't want to delete anything because I have a lot of purchased software in there."

In those instances burn your purchases to DVD as soon as you can and store them. Make sure you have the corresponding authorization or validation codes to go with them. That way if anything fails you have copies of them and can reinstall.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#5 Curious Mew

Curious Mew
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:52 AM

Posted 12 September 2012 - 03:43 AM

"but I really don't want to delete anything because I have a lot of purchased software in there."

In those instances burn your purchases to DVD as soon as you can and store them. Make sure you have the corresponding authorization or validation codes to go with them. That way if anything fails you have copies of them and can reinstall.

Good suggestion, I will have to try this after downloading them from the cloud safely--I still haven't decided how I'm going to do this yet :(

I'm honestly beginning to wonder if my concerns are even worth concerning over. I mean.. if it were anyone else, they'd already be done downloading and using their files by now.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users