Flash Disinfector malware or not

Hi,

I downloaded and installed Flash Disinfector as I heard that it was supposed to protect from USB viruses. However a scan on VirusTotal revealed that it is being considered as malware by some companies.

Can anyone confirm whether this is a safe application.

hxxp://www.myantispyware.com/2009/01/08/flash-disinfector-free-autoruninf-trojans-removal-tool/

Thanks.

 

.
Can't comment on Flash Disinfector, but there is also Panda USB and AutoRun Vaccine, which I've used and believe is safe.

 

Hi thanks for the reply.
In fact I was using Avast and it did not give any warning and the site also seemed fine according to WOT.
http://www.mywot.com/en/scorecard/myantispyware.com/comment#comment

I think that I'll use the Panda USB from now on, at least it is from a reputable company.

 

I don't think it is malware. Considering it, as it is made by sUBs - The author of ComboFix - the official download link is from BleepingComputers.

I just scanned the file on VT and the detections is because he has NirCMD in it. Comodo detects it as:

So it is not an actual virus.

 

Flash Disinfector (h**p://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe) is not malware. It is simple and very effective tool for protecting your USB flash memory. It is true that some antiviruses recognize it as a malware but it is false positive.

What will Flash Disinfector Do
- Clean up junks created by flash malwares
- Deletes autorun.inf from every root folder
- Fix back damages done to your system
- Creates an autorun.inf folder in the root of your system drives

How to remove "autorun.inf" folder created by Flash Disinfector tool

For protect your computer, the program will create a hidden folder, named "autorun.inf" in each partition and every USB drive plugged in when you ran it. This autorun.inf folder contains hidden file "lpt3".This folder was created by Flash Disinfector tool. You cannot remove this file using standard remove function. Read below how to remove this file and autorun.inf folder and uninstall Flash Disinfector protection.

Use the following instructions to remove Flash Disinfector protection ("autorun.inf" folder).

* Click Start then hit Run.
* Type notepad and press Enter.
* Copy all the text below into Notepad.

@echo off
set drv=c:\
attrib -A -H -S -R %drv%\autorun.inf
del \\.\%drv%\autorun.inf\"lpt3.This folder was created by Flash_Disinfector"
rd %drv%\autorun.inf

* Save this as remove_fd.bat to your Desktop (remember to select Save as file type: All files in Notepad).
* Double Click remove_fd.bat and wait for the dos window to close and file.txt will appear on the desktop.
* Repeat previous steps to all drives, make replacing c with the appropriate drive letter.

 

Yep, not malware. I was concerned also but member HAN helped reassure me. If you want to know more about what it does start reading the last paragraph in post #7.

https://www.wilderssecurity.com/showthread.php?t=227180

 

Ok thanks to everyone for giving their advice and sharing their experience.
This is really a nice forum with many resourceful persons.
I'll keep it then.

 

innerpeace referred to another thread made a while back about Flash Disinfector (FD.) For the most part, the older thread is still accurate. The only thing that is significantly different in the latest version of FD is how the autorun.inf folder is hardened against overwriting or deletion. The newest version is protected much better than before. Now the only way to remove the autorun.inf folder is either by formatting the flash drive or as noted by Zimzi in post #6. Very cool!!!

 

If anyone is interested in only creating the protected autorun.inf folder on their flash drive (and don't wish to run the Disinfector app), here are a couple of batch files to do it. Using the lpt3 command is a known "thing" (see Cause 5 http://support.microsoft.com/kb/320081 ) so AFAIK, there is no theft of anyone's design here. I do acknowledge Flash Disinfector (in the folder's creation) for the thought of using just the protection portion only.

The photo file shows where to change the drive letter within the files, so you would connect to the flash drive you wish to protect (or remove protection from.) And it also notes that the files need to be renamed as BAT files.

FYI... The Remove file is only used if you would need to delete the folder and you don't want to/can't format the drive.

 

I've used this program a few months ago to fix the worm auto-run issue when I had tried to open my participation drives but couldn't so running this fix the issue allowing me to open them after attack. Still suppose to work on USB drives too. It's not malware but you would think it was after you run it though. You screen goes blank then returns and the problem is gone.