Flash Disinfector malware or not

Discussion in 'other anti-virus software' started by smage, Aug 8, 2009.

Thread Status:
Not open for further replies.
  1. smage

    smage Registered Member

    Joined:
    Sep 13, 2008
    Posts:
    377
    Hi,

    I downloaded and installed Flash Disinfector as I heard that it was supposed to protect from USB viruses. However a scan on VirusTotal revealed that it is being considered as malware by some companies.

    Can anyone confirm whether this is a safe application.

    hxxp://www.myantispyware.com/2009/01/08/flash-disinfector-free-autoruninf-trojans-removal-tool/

    Thanks.
     
    Last edited: Aug 8, 2009
  2. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,121
    Location:
    USA
    .
    Can't comment on Flash Disinfector, but there is also Panda USB and AutoRun Vaccine, which I've used and believe is safe.
     
  3. smage

    smage Registered Member

    Joined:
    Sep 13, 2008
    Posts:
    377
    Hi thanks for the reply.
    In fact I was using Avast and it did not give any warning and the site also seemed fine according to WOT.
    http://www.mywot.com/en/scorecard/myantispyware.com/comment#comment

    I think that I'll use the Panda USB from now on, at least it is from a reputable company.
     
  4. tesk

    tesk Registered Member

    Joined:
    Aug 9, 2007
    Posts:
    100
    I don't think it is malware. Considering it, as it is made by sUBs - The author of ComboFix - the official download link is from BleepingComputers.

    I just scanned the file on VT and the detections is because he has NirCMD in it. Comodo detects it as:

    So it is not an actual virus.
     
  5. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,907
    Location:
    U.S.A.
    smage, while I checked the Flash_Disinfector.exe with Jotti's Malware Scan (4 out of 21 reported malware) and VirScan.org (9 out of 37 found malware), Computer Fix and Resources has a download from bleepingcomputers.com, a reputable site, as tesk mentioned.

    ako, one of our members, has it listed in this thread: Probably the best free security list in the world, under USB-autorun cleaning.

    Although I have never used Flash Disinfector (my AVG scans an USB drive as soon as it's plugged in), I have to agree with tesk; don't believe it's malware.
     
  6. Zimzi

    Zimzi Registered Member

    Joined:
    Jul 10, 2005
    Posts:
    289
    Flash Disinfector (h**p://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe) is not malware. It is simple and very effective tool for protecting your USB flash memory. It is true that some antiviruses recognize it as a malware but it is false positive.

    What will Flash Disinfector Do
    - Clean up junks created by flash malwares
    - Deletes autorun.inf from every root folder
    - Fix back damages done to your system
    - Creates an autorun.inf folder in the root of your system drives

    How to remove "autorun.inf" folder created by Flash Disinfector tool

    For protect your computer, the program will create a hidden folder, named "autorun.inf" in each partition and every USB drive plugged in when you ran it. This autorun.inf folder contains hidden file "lpt3".This folder was created by Flash Disinfector tool. You cannot remove this file using standard remove function. Read below how to remove this file and autorun.inf folder and uninstall Flash Disinfector protection.

    Use the following instructions to remove Flash Disinfector protection ("autorun.inf" folder).

    * Click Start then hit Run.
    * Type notepad and press Enter.
    * Copy all the text below into Notepad.

    @echo off
    set drv=c:\
    attrib -A -H -S -R %drv%\autorun.inf
    del \\.\%drv%\autorun.inf\"lpt3.This folder was created by Flash_Disinfector"
    rd %drv%\autorun.inf

    * Save this as remove_fd.bat to your Desktop (remember to select Save as file type: All files in Notepad).
    * Double Click remove_fd.bat and wait for the dos window to close and file.txt will appear on the desktop.
    * Repeat previous steps to all drives, make replacing c with the appropriate drive letter.
     
  7. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
  8. smage

    smage Registered Member

    Joined:
    Sep 13, 2008
    Posts:
    377
    Ok thanks to everyone for giving their advice and sharing their experience.
    This is really a nice forum with many resourceful persons.
    I'll keep it then.
     
    Last edited: Aug 9, 2009
  9. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    innerpeace referred to another thread made a while back about Flash Disinfector (FD.) For the most part, the older thread is still accurate. The only thing that is significantly different in the latest version of FD is how the autorun.inf folder is hardened against overwriting or deletion. The newest version is protected much better than before. Now the only way to remove the autorun.inf folder is either by formatting the flash drive or as noted by Zimzi in post #6. Very cool!!! :)
     
  10. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    If anyone is interested in only creating the protected autorun.inf folder on their flash drive (and don't wish to run the Disinfector app), here are a couple of batch files to do it. Using the lpt3 command is a known "thing" (see Cause 5 http://support.microsoft.com/kb/320081 ) so AFAIK, there is no theft of anyone's design here. I do acknowledge Flash Disinfector (in the folder's creation) for the thought of using just the protection portion only.

    The photo file shows where to change the drive letter within the files, so you would connect to the flash drive you wish to protect (or remove protection from.) And it also notes that the files need to be renamed as BAT files.

    FYI... The Remove file is only used if you would need to delete the folder and you don't want to/can't format the drive.
     

    Attached Files:

  11. tipstir

    tipstir Registered Member

    Joined:
    Jun 9, 2008
    Posts:
    830
    Location:
    SFL, USA
    I've used this program a few months ago to fix the worm auto-run issue when I had tried to open my participation drives but couldn't so running this fix the issue allowing me to open them after attack. Still suppose to work on USB drives too. It's not malware but you would think it was after you run it though. You screen goes blank then returns and the problem is gone.
     
Loading...
Thread Status:
Not open for further replies.