How do i make my USB pendrive more secure?

Discussion in 'other anti-malware software' started by Lebowsky, Apr 25, 2010.

Thread Status:
Not open for further replies.
  1. Lebowsky

    Lebowsky Registered Member

    Joined:
    Dec 3, 2004
    Posts:
    161
    I have 3 pendrives, all by Transcend. (2GB, 4GB and 8GB)
    I recently went to a cybercafe, inserted the pendrive to upload some documents as an attachment, mailed it and got back home.

    My laptop at home has DefenseWall 2.56 installed, with pendrives as untrusted.
    I also have a application caled USB disk security, which scans any inserted pendrive for autorun.inf viruses and other malware before it can automatically run itself on my system.
    It also creates a AUTORUN.INF folder in my pendrive, that cannot be deleted.

    So, i come home, insert the pendrive in my laptop.
    USB disk security goes crazy, tell me threats found, and its automatically moved them to quarantine.
    Oh god, the quarantined items were like a who's who of viruses and worms,
    regsvr.exe, autorun viruses, i saw files with .sys extensions, so they probably were rootkits etc. etc. probably 6 or 8 of them.
    I deleted all the quarantine items.

    There still was one 0kb malicious file, that was still recreating itself everytime i deleted it mahually.
    After the emptying of the quarantine items, usb disck security was telling me it was all clean, but i was still seeing this 0kb .exe file.
    And this file had taken the name of one of my folders!!

    What these viruses did was, they made all the folders that i had in the pendrive hidden!
    Then, they created what looked like folders (had the folder icons) but with an extension of EXE,lol!
    So, if someone went to open them, they would execute the virus!

    I had to do a format, and the drive was clean.
    The Laptop remained clean.

    How did the viruses get on the system automatically if i had an autorun.inf folder already in it?
    How do i block .sys files from getting onto my pendrive?
     
  2. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
  3. Lebowsky

    Lebowsky Registered Member

    Joined:
    Dec 3, 2004
    Posts:
    161
    I am familiar with this product.
    This application uses the same technique as USB disk security to 'vaccinate' pen drives and usb sticks, that is, disable the autorun feature.
    My question is, how did the pendrive get infected when it had simply been inserted in an infected PC? I thought having an autorun.inf folder in the pendrive would stop them from getting automatically on the system?
     
  4. Lebowsky

    Lebowsky Registered Member

    Joined:
    Dec 3, 2004
    Posts:
    161
    Am i getting so few replys because users genuinely dont know HOW the viruses are getting onto the pendrive when i do nothing but simply insert it in?
     
  5. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Apparently it doesn't. See, creating a folder called autorun.inf and setting it to +RAHS via attrib.exe is useless as a defense against malware, extremely easy to circumvent. What Panda does is creating an autorun.inf file which you cannot view or modify/delete by modifying the FAT directly, so unless you hexedit the drive you can't remove/undo it at all.

    Also, w/ Panda you have the option to disable autorun for all removable media on your computer, which is something I'd strongly suggest.

    Well, if your box is already infected then nothing prevents it from writing to the USB drive. The autorun.inf method only prevents the autorun part, not writing other malware stuff there.
     
  6. AvinashR

    AvinashR Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    2,060
    Location:
    New Delhi Metallo β-Lactamase 1
    See, i guess you have vaccinated your USB Drive. But keep in mind that merely vaccinating your USB drive won't protect your USB Drive from other threats. What i want to tell you that when you inserted your USB Drive at Internet Cafe, the virus get copied to your USB drive and infected your docs but it was not able to infect your autorun.inf file because it was already vaccinated...

    Vaccination of autorun.inf file will protect you from auto-execution of virus and other malicious threat.
     
  7. Lebowsky

    Lebowsky Registered Member

    Joined:
    Dec 3, 2004
    Posts:
    161
    Thanks for your post.
    That part about "+RAHS via attrib.exe" went over my head, so could you or someone explain that to be. Here's what happens when i try to delete the autorun.inf folder created by usb disk security.
    http://i42.tinypic.com/2evb5mr.png

    Also, i took your advice and was about to install the Panda vaccine, but i am thinking, just like running 2 antivirus applications at the same time isint a good idea, can the same logic apply here?
    http://i44.tinypic.com/1zb2n8.png

    Besides, my laptop is NOT infected.
    Will Panda be able to protect my pendrive from being infected by creating another autorun.inf folder that is better than the one currently on it?

    EDIT: i wonder why the tinypic images arent showing up as screenshots, the hyperlinks is inserted between .
     
  8. AvinashR

    AvinashR Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    2,060
    Location:
    New Delhi Metallo β-Lactamase 1
    NO, it won't protect your Pen-drive from being getting infected. Read my above post.
     
  9. Lebowsky

    Lebowsky Registered Member

    Joined:
    Dec 3, 2004
    Posts:
    161
    Oh i see, but then, what more should i do?
    I have learned a lot by the replys in here.
    I was thinking that all i need to do to protect my pendrives is to have an undeletable autorun.inf folder in them.
    And clearly i know better.
    So whats next?
    antivirus for pendrive in a pendrive?
    Dear god!!!
     
  10. AvinashR

    AvinashR Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    2,060
    Location:
    New Delhi Metallo β-Lactamase 1
    See you can only protect your system not others. And if you plug in your USB drive on an infected system then surely your documents will get infected. The only thing you can prevent is auto-execution of virus in your system...

    Disable Auto-Run feature in your system, Install Panda USB Vaccine and get your USB Drive Vaccinated with it...
     
  11. Lebowsky

    Lebowsky Registered Member

    Joined:
    Dec 3, 2004
    Posts:
    161
    Is there a way that i can make a dummy file with the extension of *.sys and *.exe so viruses cant automatically write to the pendrive?
     
  12. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Well, use something less lame to delete it, like Total Commander w/ show hidden files enabled, and you'll see for yourself.

    There's no need to run the Panda thing resident, simply uncheck that box, install, run, set your USB drives as needed and quit it, you can even uninstall it after that.

    Well, if something is writing malware onto your USB drives, then your laptop pretty sure is infected. That's the "that was still recreating itself everytime i deleted it mahually" part you've mentioned

    No, it will prevent computers that you stick the pendrive into from getting automagically infected via autorun. Other than that, to prevent your pendrive from getting infected you'd have to make it read-only. Some vendors supply such utility with the HW, I don't know if there's a generic one somewhere, never needed that.

    There's this attachment feature here, why don't you upload the files directly to your post?
     
  13. Lebowsky

    Lebowsky Registered Member

    Joined:
    Dec 3, 2004
    Posts:
    161
    Ok done, see screenshot below.
    http://i43.tinypic.com/2h5oaw8.png

    So now, if i go to the same internet cafe, to the same infected PC (i am in india too,lol) what are the chances that my pendrive will be infected again?
     

    Attached Files:

    • 3.png
      3.png
      File size:
      42 KB
      Views:
      866
  14. AvinashR

    AvinashR Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    2,060
    Location:
    New Delhi Metallo β-Lactamase 1
    I don't think that this will gonna help you out...Creating dummy .exe files of .inf files won't protect you.
     
  15. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Yes, it will pretty sure get infected unless you make it read-only, as I already said above.
     
  16. AvinashR

    AvinashR Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    2,060
    Location:
    New Delhi Metallo β-Lactamase 1
    100% Chances, see you have only protected your autorun.inf file not all the docs. which is in your pendrive. Protecting autorun.inf will disable any chances to modify autorun file, that's it.
     
  17. AvinashR

    AvinashR Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    2,060
    Location:
    New Delhi Metallo β-Lactamase 1
    Here Doktornotor want to tell you that it will infect your USB drive, but the virus won't able to modify your autorun.inf file, which will gonna protect you from auto execution of virus or other security threats.
     
  18. Lebowsky

    Lebowsky Registered Member

    Joined:
    Dec 3, 2004
    Posts:
    161
    lol, ok so you are saying that the virus might be re-executing itself, using a hidden file, that was not displayed, even when the option to 'show hidden files and folders' is selected in Xp Pro?
    This Total commander proggy will have a better shot at showing this hidden process?

    Thats where DefenseWall comes in, USB pendrives are selected as untrusted.
    The thing is, there was no process running from my PC that was causing this, it must be running from the pendrive itself, as it vanished when i did a format.


    I think there is a switch on some pendrives like the old floppy disks, to turn it on of off, but i am not sure. I really want to not have this headache of worrying if my pendrive is getting constantly infected.
    Isint there a simple 1 fix (or 2) solution ? Why does it have to be so damn complicated.



    ok
     
  19. Lebowsky

    Lebowsky Registered Member

    Joined:
    Dec 3, 2004
    Posts:
    161
    Well that just sucks. :ouch:
     
  20. AvinashR

    AvinashR Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    2,060
    Location:
    New Delhi Metallo β-Lactamase 1
    See there are some USB drives which have Read/Write Protection and if you want it, then you can buy them. Its all depend upon you and availability of that drive.

    Secondly, its not that too much complicated. Its simple. Don't plug in your USB drive on an infected system and if you can't resist yourself then better you protect your system thoroughly. Disable Auto-Run feature, Install Panda USB Vaccine and that's it.
     
  21. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
  22. AvinashR

    AvinashR Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    2,060
    Location:
    New Delhi Metallo β-Lactamase 1
    Last Updated:- September 7th, 2008, 21:28 GMT

    User Rating @ Softpedia:
    Rated by: Good (3.5/5); 36 user(s)

    No comments on the same...:p
     
  23. Lebowsky

    Lebowsky Registered Member

    Joined:
    Dec 3, 2004
    Posts:
    161
    Well i am unsure about the writeprotector application, because perhaps that will give me a problem if i want to format the drive? It might tell me you cant because its write protected.
    Plus, i want the ability to turn it off and on, toggle the write-protection.
    That is not a part of this programs ability.
     
  24. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Errr, what? Screenshot.
     
  25. Lebowsky

    Lebowsky Registered Member

    Joined:
    Dec 3, 2004
    Posts:
    161
Loading...
Thread Status:
Not open for further replies.