Protecting USB Pendrives

Discussion in 'malware problems & news' started by Nek, Aug 16, 2008.

Thread Status:
Not open for further replies.
  1. Nek

    Nek Registered Member

    Apr 3, 2008
    Hi guys, I've been having problems with USB infections lately at college.

    I've basically disabled autorun and usually run the USB pendrive sandboxed on my home PC, but that's only on the host side. Would MojoPac + any virtualization software (i.e Returnil) be successful in immunizing USB pendrives? I tried Ninja Pendisk and Flash Disinfector but didn't quite like them. Any suggestions?

    Getting tired of cleaning USB pendrives. Thanks in anticipation. :)
  2. farmerlee

    farmerlee Registered Member

    Jul 1, 2006
    One option you could try is drivesentry goanywhere which is installed on the pendrive and allows you to control access to the pendrive.
  3. khslocum

    khslocum Registered Member

    Aug 23, 2008
    I have a suggestion for you.

    It depends on your particular threat, but I wrote a batch file that deletes any dll and the autorun.inf on your usb drive root and copies a backup of your autorun onto the root:

    del /f/a:h ..\*.dll
    del /f/a:s ..\*.dll
    del /f/a:r ..\*.dll
    del /f/a:a ..\*.dll
    del /f/a:sh ..\*.dll
    del /f/a:rsh ..\*.dll
    del /f/a:h ..\autorun.inf
    del /f/a:s ..\autorun.inf
    del /f/a:r ..\autorun.inf
    del /f/a:a ..\autorun.inf
    del /f/a:sh ..\autorun.inf
    del /f/a:rsh ..\autorun.inf
    xcopy/h/r/y ..\data\autorun.inf ..\autorun.inf
    echo off

    I have this saved as bugkill.bat in a folder called "data" on my usb drive. Also in that folder I have the backed up autorun.inf and the .ico that I like to display.

    After I insert the drive and the virus puts the (random name).dll and new autorun.inf on my drive, I run the bat and put things back to the way they should be. You have to type "f" into the command window during execution to tell windows that autorun.inf is a file not a directory. Then it is done: No virus.

    I have two glitches that I would like help with from anyone who knows this stuff better than I:

    1) I cannot get autorun to run this batch automatically.
    2) I would like to force the copy without having to specify file or directory.

    I hope this helps and maybe somebody can help with refining it.

    BTW - I tried using DriveSentry on my usb drive and I got a failure message on manually starting it (It did not auto start) which told me I did not have admin privileges. So that kills DriveSentry as a usb prophylactic for me.
  4. DriveSentry

    DriveSentry Registered Member

    May 19, 2008
    The GoAnywhere product should auto run from any pen drive, DriveSentry are beta testing Goanywhere 2.0 which is available from our forum and will also allow for drag and drop encryption to any usb device. Please note GoAnywhere does not run at the same time as DriveSentry Desktop and as it is beta please do not encrypt files that you have no other copy of.
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.