Could somebody please advise how to ascertain whether I have a virus or installed legitimate software?
Is it usual for new USB memory sticks, once plugged in, to install software to be able to read them?
I had a lapse in judgement and after plugging a new USB memory stick into my laptop a grey box appeared. It stated something like ‘This USB stick requires the installation of additional software to be used’.
To be honest I was extremely tired and stressed and clicked yes. I don’t remember exactly the process but it installed (no boxes appeared or anything). Can’t remember if it needed a reboot but I was able to read the stick afterwards.
My computer appears to be functioning completely normal. No slow down in speed, strange messages or crashes. I checked C:\ and there was no autorun.inf file there. I even changed the setting to ‘show system files’ and ‘don’t blend hidden files out’ in Window$ Explorer.
In hindsight it was stupid of me. I am now worried that I have installed malware, spyware or something else bad.
I run Avast Pro, MBAM resident, ZA Pro, SAS on demand, Window$ XP SP3.
There were no warnings from Avast. My regular scans of Avast, MBAM and SAS have detected nothing. A HJT log posted to the www.hijackthis.de website didn’t show any malicious items.
I would be really grateful for you comments, thoughts and suggestions.
Is it usual for new USB memory sticks, once plugged in, to install software to be able to read them?
Speaking from experience with my own USB stick, Yes. Every Computer I plug it in (supposing it wasn’t pluged in that computer before) does the same routine automatically without any input from me. I see it in on the right side of the Taskbar where I get a notification that new hardware is being installed. I’ve only noticed this in Windows Vista and XP. I used the same stick in Linux and got no notification (maybe it’s a difference of OS, who knows)
Firstly, thanks for your response. I too am used to the automatic Window$ response to a new USB stick. Specifically, the yellow bubbles that pop up from the taskbar saying ‘USB XX found’ which end with ‘USB stick ready to use’.
The case I mentioned in my first post didn’t follow the same procedure. Instead of the yellow bubbles from the task bar a regular grey box (window) appeared. The text stated something to the effect ‘the usb stick needs to install additional software for use’.
This is why I am worried. Have you ever had the grey box appear rather than the yellow bubbles?
I am using Window$ XP SP3.
Thanks for your help. I keenly await your (and others) answer.
Well that is strange. I have used the stick on a XP SP3 with no such outcome. But as Bob pointed out it depends on the product. If you used Avast, MBAM and SAS and they haven`t detected anything then your OK. No reason to panic.
Since you use ZA Pro than any unknown attempt to send out info would have been picked up. So again no worries. Just a standard install.
Many thanks again for the ongoing support. Confused Computer User’s reassurance with the security products is also welcome news. So thanks for that.
Unfortunately the flash drive belonged to a friend so I don’t know which brand or model it was. However, I can remember what it looked like and it looked a lot like the one in RNfromTN’s link! Specifically, the silver bit that plugs into the computer retracted into the plastic part of the USB stick.
RnfromTN: When you bought the ScanDisc drive you mentioned, did you get a grey box pop up when you plugged it in advising that additional new software needed to be installed to use the USB stick?
Has anybody else had a similar experience with the grey box I describe (ie. a normal installation window) rather than the usual ‘yellow bubbles’ in the taskbar?
You don’t say what type of USB stick this is as other than U3 as mentioned, you shouldn’t need to install anything as Windows should have all the needed USB drivers, especially if this is a later version of windows.
USB2 flash drives are pretty bog standard and windows XP/Vista should be able to cope with those without having to download anything. It may well say new hardware detected for the new USB but it should still be able to use a pre-installed USB driver.
Many thanks for your contribution as well! In hindsight I also found it a little strange that the installer window appeared. As mentioned, I stupidly clicked ok due to stress and fatigue. But that’s my problem
I assume it is a U3. I am not really across the different USB types. My experience up until now was when plugging a ‘new’ UBS stick in, the yellow bubbles would appear on the taskbar. For example, ‘USB X detected’ followed by ‘USB now ready to use’.
Further perusal of this forum finds the PREVX mentioned frequently. I downloaded the free scan directly from their website. It came up with nothing. Tomorrow I will run a boot-time scan with Avast Pro, a full MBAM scan and a SAS scan. Moreover I will repost a HJT log to www.hijackthis.de for analysis.
Can you recommend any other steps I could take to check whether I have accidentally installed some malware or spyware piece of scheiße?
I already looked for an autorun.inf file on my hard disk. There were none in C:\ and I therefore think it was not an autorun virus.
Would really appreciate any expert help on this I could receive. I’m very open to suggestions and always read, and hold, the advice provided on this forum with very high regard.
You are worried about something that isn’t there.
It’s normal when you first plugt a new USB drive into your system that you get a message that
it’s been detected and that the driver has been installed.
This is only information for you to know that the new USB drive is ready to be used.
Thanks for the reassurance I agree it is normal for the driver to be installed for a new USB stick.
The only thing I found a little odd was the method (ie. a grey install box/window) instead of the usual ‘yellow bubbles’ which appear on the taskbar for Windows XP.
If you don’t know what type of devise it is I would suggest it isn’t U3, more likely to be USB2 as U3 flash drives, a) generally costs more money, b) they make a big deal about it marketing, packaging, etc. They also normally come pre loaded with some U3 programs.
What is on the flash drive ?
U3 normally has some sort of launcher program, not generally autorun.inf.
When connected if you right click on the properties it should give some general info, see images.
Whilst it is usual to get messages (new hardware detected, etc.) when you first connect a USB device (memory stick), I have ‘never’ been asked to install anything. So I don’t agree that when you load a new usb stick it is normal to install a driver, especially if you have a recent OS and you haven’t confirmed what yours is.
I am running Windows XP SP3. I don’t actually know what was on the USB stick. I believe it was empty however I can’t be sure. Worse yet - my friend is now overseas so I have no chance to re-examine the USB stick
Perhaps you are correct and it is a USB 2. Not a USB 3. I just thought it might have been as it looked like the one in the link above which one lad kindly provided.
Can anybody therefore provide any tips to lessen my fears that I inadvertently installed something bad?
I will schedule an Avast boot-time scan, run a full MBAM scan, an SAS scan, Blacklight, Spybot, ZA-antispyware scan, post a HJT log to www.hijackthis.de, I’ve already run PREVX which came up with nothing.
Thanks for you help and please keep the suggestions coming!!!
Does anybody have any other suggestions for tests, scans or other measures I can take?
Thanks!
Avastfan1
PS: Here is my setup:
Operating System: Windows XP SP3 (fully updated and patched)
User Account: Restricted Account (ie. a non-admin account)
Web Browser: Firefox 3.0.7 (Noscript 1.9.0…8 and AdblockPlus ver 1.0.1)
Firewall: ZA Pro 8.0.298.000 (fully updated)
Virusscaner: Avast Pro 4.8.1335 (all modules active and rootkit scan on startup enabled)
Resident Anti-Malware: Malwarebytes 1.34 (fully updated and resident module activated)
On-Demand Spyware/Malware: (note: none of the following are resident or active, rather on-demand)
Spybot (version 1.6.2 updated but Tea-timer not active)
No single AV will detect everything and we don’t know if Panda’s detection was good either. That is why we suggest the likes of virustotal to confirm one way one another.
So this go to show the installation wasn’t a normal occurrence for plugging in a USB (still don’t know if this is a U3 stick) and you should be alert to this in the future a lesson learnt, hopefully without too much pain.
Whatever this setup.exe was responsible for attempting/installing doesn’t appear to have been too successful or is very cleaver to have avoided detection from a whole slew of anti-malware products. Given that panda says this is adware I wouldn’t have thought that it was the latter option, a very cleaver piece of malware that has defeated all scanning attempts.
Remember the other applications never scanned the USB only your HDD, so we only have one detection that needs confirmation. So further analysis needs to be done on this file at virus total and or Anubis: Analyzing Unknown Binaries, is another scanning tool that is useful, Anubis: Analyzing Unknown Binaries.
I am loathe to download and ‘trial’ the Panda Antivirus Pro 2009 as I already have Avast Pro installed.
I shall try and contact my friend and obtain the ‘setup.exe’ file from the USB stick. However if Panda has already disinfected it, will virustotal’s results still be relevant to my machine?
I will also upload it to the Anubis link you provided.
Meantime - are there any other suggestions to examine my machine?
Now you have done a panda scan don’t be surprised when avast alerts on panda files it dumps in the system folders as it doesn’t encrypt its signature files.
Personally I would be surprised if it disinfected it as like a trojan much of the content would be malicious rendering the file useless or the better option would have been removal/quarantine as any file that is suspect wouldn’t get a second chance to make a first impression on my system.
This is even more relevant when you have no idea what the setup.exe does or what program it is associated with.
