Protecting USB Pendrives

Discussion in 'malware problems & news' started by Nek, Aug 16, 2008.

Thread Status:
Not open for further replies.
  1. Nek

    Nek Registered Member

    Joined:
    Apr 3, 2008
    Posts:
    25
    Hi guys, I've been having problems with USB infections lately at college.

    I've basically disabled autorun and usually run the USB pendrive sandboxed on my home PC, but that's only on the host side. Would MojoPac + any virtualization software (i.e Returnil) be successful in immunizing USB pendrives? I tried Ninja Pendisk and Flash Disinfector but didn't quite like them. Any suggestions?

    Getting tired of cleaning USB pendrives. Thanks in anticipation. :)
     
  2. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    One option you could try is drivesentry goanywhere which is installed on the pendrive and allows you to control access to the pendrive.
     
  3. khslocum

    khslocum Registered Member

    Joined:
    Aug 23, 2008
    Posts:
    1
    I have a suggestion for you.

    It depends on your particular threat, but I wrote a batch file that deletes any dll and the autorun.inf on your usb drive root and copies a backup of your autorun onto the root:

    shell/command=
    echo
    del /f/a:h ..\*.dll
    del /f/a:s ..\*.dll
    del /f/a:r ..\*.dll
    del /f/a:a ..\*.dll
    del /f/a:sh ..\*.dll
    del /f/a:rsh ..\*.dll
    del /f/a:h ..\autorun.inf
    del /f/a:s ..\autorun.inf
    del /f/a:r ..\autorun.inf
    del /f/a:a ..\autorun.inf
    del /f/a:sh ..\autorun.inf
    del /f/a:rsh ..\autorun.inf
    xcopy/h/r/y ..\data\autorun.inf ..\autorun.inf
    echo off

    I have this saved as bugkill.bat in a folder called "data" on my usb drive. Also in that folder I have the backed up autorun.inf and the .ico that I like to display.

    After I insert the drive and the virus puts the (random name).dll and new autorun.inf on my drive, I run the bat and put things back to the way they should be. You have to type "f" into the command window during execution to tell windows that autorun.inf is a file not a directory. Then it is done: No virus.

    I have two glitches that I would like help with from anyone who knows this stuff better than I:

    1) I cannot get autorun to run this batch automatically.
    2) I would like to force the copy without having to specify file or directory.

    I hope this helps and maybe somebody can help with refining it.

    BTW - I tried using DriveSentry on my usb drive and I got a failure message on manually starting it (It did not auto start) which told me I did not have admin privileges. So that kills DriveSentry as a usb prophylactic for me.
     
  4. DriveSentry

    DriveSentry Registered Member

    Joined:
    May 19, 2008
    Posts:
    198
    The GoAnywhere product should auto run from any pen drive, DriveSentry are beta testing Goanywhere 2.0 which is available from our forum and will also allow for drag and drop encryption to any usb device. Please note GoAnywhere does not run at the same time as DriveSentry Desktop and as it is beta please do not encrypt files that you have no other copy of.
     
Loading...
Thread Status:
Not open for further replies.