Pen drive gets infected by other PCs from time to time

Discussion in 'malware problems & news' started by bonedriven, May 19, 2010.

Thread Status:
Not open for further replies.
  1. bonedriven

    bonedriven Registered Member

    Joined:
    Jan 14, 2007
    Posts:
    565
    Sadly,many of my friends PC are infected by malware through usb drives. Although they just don't bother to fix it,I need to use my pen drives on several of their PCs from time to time. Every time it gets infected,I google and find a solution,as in most cases my AV doesn't help in fixing problems malwares have caused to the pen drive.
    The ironic part I see is that USB malwares are the most common ones I'm having problems with everyday,but all those security programs(AV,HIPS) just can't help. e.g This time the malware hid all my files,attributes them with "system file". I found the solution here,folder hidden attribute greyed out.

    To the point,I think we need a tool that's dedicated to clean usb malwares,so there's no need to google a solution and manually fix it everytime.

    BTW,I have vaccinated my pen drive with Panda's tool. Seems it doesn't work.
     
  2. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    You apparently misunderstood the purpose of that tool. That tool is supposed to prevent YOU from getting infected by an infected USB stick. It's NOT supposed to protect the USB stick from getting infected in any other way than by disabling the autorun.inf part of the infection. Other than that, you can copy as much malware as you wish to the USB stick.
     
  3. philby

    philby Registered Member

    Joined:
    Jan 10, 2008
    Posts:
    940
    If I understand right, you want to be able to use your flash drive(s) on your friends PCs without the stick getting infected and then infecting your machine later...?

    If so, you can do this with permissions. I followed Pandlouk's instructions here and now nothing gets written to my flash drive except on my machine.

    I use the locked down stick to drop tools onto infected machines.

    HTH

    philby
     
  4. bonedriven

    bonedriven Registered Member

    Joined:
    Jan 14, 2007
    Posts:
    565
    I did not. I know what it is for and the pen drive was not infected by malware copying to it.
    I am not worried about my pc getting infected by it cause I think Windows 7's UAC and OA++ won't give it a chance.

    Pandlouk's instructions look very interesting. How come I didn't see it before. :blink: I'll try it. Thank you. :)
     
  5. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    Can you be more specific as to what you mean when you say that the Panda app didn't work? If it no longer provides protection for preventing unwanted autoruns, this is something that should be looked at more closely...
     
  6. bonedriven

    bonedriven Registered Member

    Joined:
    Jan 14, 2007
    Posts:
    565
    I'm not sure how this worm spreads itself in detail,but my pen drive got infected by it about a month ago. Since I don't think I have copied any suspicious file to it,how did it slip through? My knowledge about this kind of virus is that it infects your computer or usb devices by "Double-Click-Open". I did double click open my pen drive often when I felt lazy to right click open.

    Thus my conclusion is that it bypassed Panda usb vaccination tool,although in my pen drive's root directory there is still that autorun.inf file,which if you click on,says "access denied".
     
  7. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    Ok... If I am understanding things, you do have a bit of a misunderstanding on what the Panda tool can do.

    As doktornotor noted, the tool does not prevent a USB drive from becoming infected. It does not prevent a USB drive from having files deleted from or added to it.

    What it does do is prevent the automated spread of malware to any future computers that the USB drive is plugged into by using the Autorun feature. It accomplishes this by creating a locked, unusuable "autorun.inf" file.

    So, although your USB drive was infected, it would not have been able to automatically spread it to any subsequent PCs you plugged it into.

    Is there any way to totally protect a USB drive from infections for USB drives that are used on many PCs (including ones beyond your control?) Not that I've seen, although attempts to make such a thing is always under consideration (the Panda tool being a start toward something like that.) USB drives that have a physical on/off write protect switch work well but the downside is that if the write protect is on, you can't copy any files onto the drive.

    As for how the malware spread to your USB drive, some variants are written to be able to spread using USB drives as carriers. So, when you inserted your drive into the infected PC, the active virus copied itself over to your drive. I am sure it attempted to overwrite the Panda autorun.inf file. But it was not able to and that failure at least prevented the spread of the virus to other machines.
     
  8. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    If you buy a flash drive that is unbootable, then you can't automatically spread malware or have it automatically infect you :)

    Of course if malware was written to it and you ran it :D But who would do that :eek:
     
  9. bonedriven

    bonedriven Registered Member

    Joined:
    Jan 14, 2007
    Posts:
    565
    #HAN

    Thanks for making it clear. Seems I did have some misunderstanding there. The purpose of vaccinating my pen drive is to protect other computers...:ninja:
     
Loading...
Thread Status:
Not open for further replies.