Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

USB drive clean or not???


  • Please log in to reply
22 replies to this topic

#1 purplewarrior

purplewarrior

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 22 October 2012 - 02:46 AM

Hey,
I have a USB drive which I'm not sure if its clean or not. Recently did a quick format of it. But I've heard that a quick format doesn't wipe out a USB drive completely clean and there are chances of some malware yet staying intact.
So can the USB drive still remain infected after a quick format??
Please let me know.
(P.S BTW I do have a firewall and HIPS setup on my PC, will that stop the malware if any on the USB from infecting my PC when I plug it???)
Thank you.

Edited by hamluis, 22 October 2012 - 09:38 AM.
Moved from XP to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:02 PM

Posted 22 October 2012 - 03:15 AM

How to Clean a USB Flash Drive

#3 hamluis

hamluis

    Moderator


  • Moderator
  • 56,388 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:02:02 AM

Posted 23 October 2012 - 07:27 AM

FWIW: Questions re malware/possible infection...don't really belong in the O/S forum...just as questions re XP don't belong in the Am I infected forum. The knowledge/expertise in each of the respective forums...is designed to have the right personnel address the proper topics with some degree of knowledge/certainty.

Louis

#4 purplewarrior

purplewarrior
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 23 October 2012 - 07:42 PM

Ah...... Kay.
Hamluis , I'd love to get this topic moved to the Am I infected forum.
Thank you.

#5 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:02 AM

Posted 24 October 2012 - 11:51 AM

Hi purplewarrior, sorry for the delay!

What makes you think your flashdrive is infected in the first place?

About Panda, have a look here: http://hype-free.blogspot.com/2009/03/how-does-panda-usb-vaccination-work.html

And from within that link:

The “vaccination” of the USB drives: this is done by creating a folder named “autorun.inf” on the drive. Since folders and files are the same on most file systems, you can’t create a file and a directory with the same name. There is also some additional magic involved: the tool creates a file named lpt1 in the folder named autorun.inf (so you have the structure U:\autorun.inf\lpt1) in which it writes “caacaacaacaacaa” (don’t ask my why, I have no idea – it seems to be gene sequence).

This makes the folder undeletable by conventional tools.


Flash_Disinfector does pretty much the same thing if you're running WindowsXP:

Flash_Disinfector will create a hidden "dummy" autorun folder/file with special permissions in each partition and every external drive that was connected when the tool was run. This folder helps to keep the malicious autorun.ini file from being installed on the root drive and running other malicious files which will infect the computer.


==========

Your safest bet would be to vaccinate your PC first, then insert the USB device and vaccinate that as well. Then scan them for malware with a program like Malwarebytes Anti-Malware, in that order.

Does this answer your questions? :)

bloopie

#6 NematodeSWAG

NematodeSWAG

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:02 AM

Posted 24 October 2012 - 12:35 PM

Would someone be able to give me some tips on how to do this for Windows 7? I read the eHow page but since I believe that my system is infected I think the formatting function through Windows is disabled. I also understand that I might just ish out of luck for the time being until my system is sorted out. Any guidance would be much obliged.

Thank you, Jay

#7 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:02 AM

Posted 24 October 2012 - 01:15 PM

Hi NematodeSWAG,

What exactly would you like tips on? If you think your system is infected and want to clean it, create a new topic in this forum and I will help you.

For vaccinating your computer and removable drives, you can just install the Panda USB Vaccine from here, and follow the prompts.

bloopie

#8 NematodeSWAG

NematodeSWAG

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:02 AM

Posted 24 October 2012 - 01:23 PM

I actually already have an active infection topic right now. I'm having problems with ESET though and noknojon hasn't responded about my issue. Do you think you might be able to tell me what the matter is at least? I know it wouldn't be smart to intervene because you aren't the same person, but the matter is current and just some feedback would be helpful.

And as for tips I was hoping to see about programs that might be able to take the place of the system formatter, and how to make sure that a drive is completely clean even after running tools.

#9 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:02 AM

Posted 24 October 2012 - 02:28 PM

Hi again,

If you mean formatting a USB device, you could try the HP USB Disk Storage Format Tool.

Is that what you're looking for?

bloopie

P.S. ESET scans can take quite a long time. :thumbup2:

#10 NematodeSWAG

NematodeSWAG

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:02 AM

Posted 24 October 2012 - 02:43 PM

Ahh yeah, that's similar to what I'm looking for. I was wondering if there were any alternate program for formatting and wiping drives though. Is that tool a reliable one? I only ask because once I had gotten a massive quantity of compromised HP files, I don't even know if all are completely gone to be honest...any way to double check that myself? Or am I starting to get near the point of having to pay for IT support. If there's one thing I know for sure it's that I'm not going back to Geek Squad for a loooong while, I need time to cool down :P

#11 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:02 AM

Posted 24 October 2012 - 03:09 PM

Hi again,

I was wondering if there were any alternate program for formatting and wiping drives though.

You're not being specific about "what kind" of drives. Do you mean USB's? Or Hard Disk Drives?

Have a look at the GParted manual: http://gparted.sourceforge.net/display-doc.php?name=help-manual

You can download it from here if it fit's your bill: http://gparted.sourceforge.net/

bloopie

#12 NematodeSWAG

NematodeSWAG

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:02 AM

Posted 24 October 2012 - 03:28 PM

Oh lord I'm sorry, my b. I meant HDD, Externals, and USBs

#13 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:02 AM

Posted 24 October 2012 - 04:06 PM

Hi again,

I see. Well, we've covered options for USB devices.

Have a look here for HDD's and SSD's: http://www.sevenforums.com/tutorials/91339-ssd-hdd-optimize-windows-reinstallation.html?filter

And the aformentioned GParted will work fine as well.

=========

More for HDD's, you can use a bootable Nuke disk with the following instructions:

Download dban (Darik's Boot and Nuke):

"Darik's Boot and Nuke ("DBAN") is a self-contained boot disk that securely wipes the hard disks of most computers. DBAN will automatically and completely delete the contents of any hard disk that it can detect, which makes it an appropriate utility for bulk or emergency data destruction."

If you do not already have a suitable burning program for writing .ISO images to disc ...
  • Download and install ImgBurn.
    Ensure that you UN-check the box agreeing to install the Ask toolbar during the installation.
  • Place a new (blank) CD disc in the drive tray.
  • Choose Write image file to disc.
    • Under Source, click on the Browse button: Navigate to and select the .ISO file that you wish to burn.
    • Place a check-mark in the box beside Verify.
  • Click Posted Image

    When the CD has been burned and verified as successful, it will be bootable.

Boot from the CD, and with ONLY the one hard drive connected to the system ...
This will completely wipe ALL drives connected to the system!
Type autonuke at the prompt and press the <ENTER> key.
Allow to complete.
Be patient: It may take some considerable time, depending on the size of the HDD.

Hope that helps! :)

bloopie

#14 NematodeSWAG

NematodeSWAG

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:02 AM

Posted 24 October 2012 - 04:18 PM

PERFECT! You are the man bloopie! :thumbsup:

I just wanted to make sure I had a sure fire way to deal with my mess of a computer if I decided to wipe, format, and reinstall Windows.

#15 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:02 AM

Posted 24 October 2012 - 05:00 PM

:thumbup2:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users