Isn’t Autorun.inf a worm. A studrnt in my language arts class was presenting a project on his U3 device and I saw Autorun.inf on there. It looked like a notepad document with the gear. I told him to use flash disinfector to see if it finds anything but the teacher said at the same time back up everything and format the U3. Is it possible to be legit?
The autorun.inf could be almost anything as it would entirely depend on what the payload is (what commands it tries to run) within the autorun.inf file.
A U3 drive normally uses something like launcher.exe and not the conventional autorun.inf, so it is at the very least suspicious. Formatting the U3 drive could effectively turn it into a bog standard usb stick and they would have to re-install the U3 software again. I can’t be any practical help as I don#'t use U3.
I see, I’m going to see him again soon so what should I tell him to do?
Use flash disinfector (FD) on the main computer without the U3 connected.
Before running FD with the U3 connected, open the autorun.inf using notepad (right click on the U3 autorun.inf file, select open with), check the commands as they would have references to run other files which are probably on the U3 drive.
Check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page.
Send a sample to avast if multiple detections at VT.
Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and undetected malware in the subject.
Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn’t already there) where it can do no harm and send it from there. A copy of the file/s will remain in the original location, so you will need to take further action and can remove/rename that.
Send it from the User Files section of the chest (select the file, right click, email to Alwil Software). It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done.
I dont know if he has Avast, this was on a school computer.