2 tools to stop spread of autorun worms and viruses via USB flash drives
Page 1 of 3 123 LastLast
Results 1 to 15 of 45

Thread: 2 tools to stop spread of autorun worms and viruses via USB flash drives

  1. #1
    HAN's Avatar
    HAN is offline Virtual PC Specialist!!!
    Join Date
    Feb 2002
    Location
    USA
    Posts
    4,319

    2 tools to stop spread of autorun worms and viruses via USB flash drives

    First off, both of these tools will stop autorun from functioning on any flash drives you "treat". So if you are using a U3 drive (or some other USB flash drive based suite of tools that boots up when you insert the drive into a PC) and want to keep the automatic loading of features you now have, don't run these tools. But be aware that you are at severe risk for infections like the recent Conflicker worms. (IMO, USB flash drives should never be allowed to autorun under ANY circumstances! Ever!)

    Both tools are effective. Carefully read about them and ask any questions you may have before running them! With this said, the tools are:

    Flash Disinfector - This one that has already been mentioned here. It treats USB flash drives to prevent them from spreading autorun viruses and worms. (It scans for a few of the more common malware worms/viruses and then creates a new, special autorun folder that helps to prevent future unwanted autorun-based startups.) This treatment can be manually undone if you want/need to do so by manually deleting the autorun folder. http://download.bleepingcomputer.com...isinfector.exe

    Panda USB Vaccine - This one is a fairly new program. It allows you to immunize both your PC and your (FAT/FAT32 only for now) USB flash drives against autorun issues. At this point ( March 28, version 1.0.0.19), it is a standalone executable. When you run it, it allows you 2 choices. Immunize the PC (which can be reversed (using the program) if you wish) or a flash drive. One critical item about the flash drive immunization in Panda USB Vaccine is that once you immunize a flash drive, with one exception, it is permanent. (It sets an autorun.inf that cannot be accessed, edited or deleted. And at this stage, Panda's not saying how they do this!)) If you later decide you don't want the autorun.inf file, the only way to remove it is to format the USB flash drive (which means you will erase everything on the drive and start over with a blank drive.)
    http://research.pandasecurity.com/ar...n-Vaccine.aspx

    **EDIT**
    One thing to keep in mind that these tools do not in any way impede the normal use of a flash drive. You can still copy or transfer files like always. It's just that the autorun feature is turned off. So, it is possible for a virus or worm to still be copied to the drive. What these tools do is prevent the worm or virus from automatically infecting the next computer it's inserted in.
    Last edited by HAN; March 28th, 2009 at 09:09 AM.

  2. #2
    Join Date
    Jul 1998
    Location
    Toronto
    Posts
    23,553
    Thanks HAN. I had created the "safe" read only inf file manually on my drive but this is faster.
    Don't believe everything you think.
    _____________________
    animal lovers click here
    and here

  3. #3
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,203

  4. #4
    Join Date
    Apr 2001
    Location
    Ogdensburg,NY USA
    Posts
    4,536
    Great find Han. Thanks.
    The true test of character is not how much we
    know how to do, but how we behave when we don't know what to do

  5. #5
    HAN's Avatar
    HAN is offline Virtual PC Specialist!!!
    Join Date
    Feb 2002
    Location
    USA
    Posts
    4,319
    A new version and some updated information on the Panda tool. http://research.pandasecurity.com/ar...S-Support.aspx

    After using both methods, I have switched all of my flash drives to the Panda method. But the other one is still effective and wouldn't require a format to remove (like the Panda method does.) I just feel the Panda version may be a little more bullet proof.
    Last edited by HAN; June 19th, 2009 at 02:21 PM.

  6. #6
    Join Date
    Jul 1998
    Location
    Toronto
    Posts
    23,553
    Thanks for the update. I used the Panda utility on my two thumb drives a couple of weeks ago and it worked perfectly.
    Don't believe everything you think.
    _____________________
    animal lovers click here
    and here

  7. #7
    Join Date
    Feb 2004
    Location
    Takoradi, Ghana
    Posts
    106

    Flash Disinfector

    I used Flash Disinfector to clean a colleague's pen drive and was able to open it.
    I asked him to format it after.

    The next time the pen drive was inserted in mt PC, the autorun virus was still there again.

    I think his PC is infected.What Do I do to help him?

  8. #8
    Join Date
    Apr 2005
    Location
    Maryland, USA
    Posts
    17,290
    1. Ask him to register on VirtualDr here:
      http://discussions.virtualdr.com/register.php

    2. Follow the instructions on this VirtualDr page:
      http://discussions.virtualdr.com/sho...d.php?t=167915

    3. Then post his log files in this VirtualDr forum:
      http://discussions.virtualdr.com/forumdisplay.php?f=71

  9. #9
    HAN's Avatar
    HAN is offline Virtual PC Specialist!!!
    Join Date
    Feb 2002
    Location
    USA
    Posts
    4,319
    Quote Originally Posted by artkaye View Post
    I used Flash Disinfector to clean a colleague's pen drive and was able to open it.
    I asked him to format it after.

    The next time the pen drive was inserted in mt PC, the autorun virus was still there again.

    I think his PC is infected.What Do I do to help him?
    What likely happened was that during the format, the autorun.inf folder that Flash Disinfector had created was deleted. As soon as the flash drive was blank, it was immediately infected again. For the protection to work, the autorun.inf that either Flash Disinfector or the Panda tool creates needs to stay in place.

    The root cause of all of this in an infected PC. So a cleanup like SpywareDr is advising is definitely the thing to do...

  10. #10
    buf's Avatar
    buf is offline Virtual PC Specialist!!!
    Join Date
    Oct 2001
    Location
    Florida USA
    Posts
    4,686
    What a find HAN and I appreciate your sharing it also.
    I haven't seen the question asked so maybe those who have already posted about this, know the answer. But I have accumulated several thumb drives and I ran each of them using the disinfector. Is this the thing to do and should I disinfect them again on my second computer? I was not, and still am not sure that it is the thumb drive being served the protection or the computer or both. TIA.

    EDIT: I just re-read fink's post and it appears that I did right in "doing" each of my thumb drives.
    Last edited by buf; June 23rd, 2009 at 02:18 PM.
    Compaq Presario CQ5210F Windows 7 Home Premium 64Bit Athlon II X2 215(2.7GHz) Nvidia GeForce 6150SE 22" Envision LCD Monitor Brother HL2040 Laser Printer 500GB SATA HDD 3GB DDR2 Ram and NVIDIA nForce MCP61 Chipset Motherboard

  11. #11
    HAN's Avatar
    HAN is offline Virtual PC Specialist!!!
    Join Date
    Feb 2002
    Location
    USA
    Posts
    4,319
    Quote Originally Posted by buf View Post
    What a find HAN and I appreciate your sharing it also.
    I haven't seen the question asked so maybe those who have already posted about this, know the answer. But I have accumulated several thumb drives and I ran each of them using the disinfector. Is this the thing to do and should I disinfect them again on my second computer? I was not, and still am not sure that it is the thumb drive being served the protection or the computer or both. TIA.

    EDIT: I just re-read fink's post and it appears that I did right in "doing" each of my thumb drives.
    Flash Disinfector only treats the flash drive. So once it's done, you shouldn't need to treat them again on a different PC. But to the other part of your question, yes, it's critical to treat each flash drive.

    Keep in mind that neither Flash Disinfector or the Panda USB Vaccination tool keeps a flash drive from being infected. They just prevent the virus/worm/trojan horse from automatically spreading itself to the next PC it's plugged into.

    The Panda USB Vaccination tool can treat both the PC and the USB flash drive. As I noted above, I feel that the Panda method may be the best overall protection at this stage. Once it writes the autorun.inf file to the flash drive, it cannot be removed except for formatting the flash drive. That's pretty iron clad. And the PC protection by the Panda tool bypasses the problems Microsoft has had stopping autorun on XP PCs. So all in all, the Panda tool covers both avenues very well...

  12. #12
    buf's Avatar
    buf is offline Virtual PC Specialist!!!
    Join Date
    Oct 2001
    Location
    Florida USA
    Posts
    4,686
    Quote Originally Posted by HAN View Post
    And the PC protection by the Panda tool bypasses the problems Microsoft has had stopping autorun on XP PCs. So all in all, the Panda tool covers both avenues very well...
    Thanks HAN for covering Panda so well. I will revert to using it if for no other reason as above spelled out.
    Compaq Presario CQ5210F Windows 7 Home Premium 64Bit Athlon II X2 215(2.7GHz) Nvidia GeForce 6150SE 22" Envision LCD Monitor Brother HL2040 Laser Printer 500GB SATA HDD 3GB DDR2 Ram and NVIDIA nForce MCP61 Chipset Motherboard

  13. #13
    HAN's Avatar
    HAN is offline Virtual PC Specialist!!!
    Join Date
    Feb 2002
    Location
    USA
    Posts
    4,319

    Update for Flash Disinfector

    The latest version of Flash Disinfector (download link noted in post 1 of this thread) has a notable change in how it prevents USB drives from spreading malware.

    Specifically, the autorun.inf folder created on the USB flash drive is now significantly hardened against deletion. Normal deletion within Windows is now blocked. The only way to delete the folder now is either a format or as outlined here http://www.myantispyware.com/2009/01...runinf-folder/

    So, this now means that either of these 2 methods can be recommended again. Both will do a good job of neutering a USB flash drive as the delivery method of spreading malware. (Keep in mind that only Panda can treat BOTH the PC and a flash drive. Flash Disinfector only treats flash drives.)

    (A nice page on Flash Disinfector http://www.myantispyware.com/2009/01...-removal-tool/ )

    If anyone has any questions, let me know...
    Last edited by HAN; August 8th, 2009 at 11:36 PM.

  14. #14
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,203
    Thanks

  15. #15
    Join Date
    Aug 2009
    Posts
    13
    I recently had this conflicker worm and my anti-virus could not seem to get rid of it. I eventually downloaded a tool from the microsoft site [kb890830] and "job done". Flash drive is like new again.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •