Edit - this article appears very dated. Found while scouting about looking for articles about USB and computer protection. Any posts directing to more up to date info would be appreciated.
Let your USB drive plugged and run Autorun Eater or Flash Disinfector, allowing them to clean up all drives. They would create hidden folders named autorun.inf in each partition and every USB drive plugged in when you ran it. These folders protect your drives from future infection. After that, reboot your computer.
To prevent infections from USB drives, you can install USB Firewall before using any USB drive.
USBVirusScan will launch any program you provide as a command line parameter each time a USB stick is inserted. I use it to start a full virus scan on the inserted USB drive: http://blog.didierstevens.com/programs/usbvirusscan/ The command-line that worked for me is:
“\USBVirusScan.exe” -c -i “\avast4\ashQuick.exe” x:
Where you need to change the for the both correct ones and the x: for the letter of your USB drive.
If you are running XP system with administrator account, the autorun should be feared. For 0-day type attacks, I think it would be good for us to think about taking more control in the autorun function.
Probably, this is the info for the most updated patch (optional) from Microsoft for USB security according to their security advisory.
For your peace of mind, you may want this tool introduced by polonus in the previous thread. It is a GUI tool for the registry tweak specialized in allowing the users to have more detailed control on the autorun feature.
Compatible with any antivirus resident like for example: Nod32 ™., Kaspersky ™. BitDefender ™. AVG ™., Norton ™., Panda ™. AVG ™, ™ Avast, Avira Antivir ™, among others.
Protection in realtime with …
System “CHECK AND DESTROY” detects and removes all viruses that attempt to infect your device while connected to an infected PC, even unknown viruses.
System Protection “Guardian” protects your PC from viruses that come in infected and USB devices to connect to your computer infected no matter what if the device has Mx One Antivirus installed or not, also detects even unknown viruses.
Protection against unknown viruses and new variants with “Heuristic ONE” AND “GENERIC ONE”
You only need very small 1Mb of space available on either the PC or on removable media.
Thanks for the input.
I’m still working my way through some of it. And covering some stuff in the previous thread that I overlooked.
I gather Autorun Eater is your preference, YoKenny? I downloaded a couple of times but never got around to running it. As I said in the previous post I have not had the problems that have been associated with Flash Disinfector. But that is up to this point in time.
I have Microsoft patches including the most updated patch KB971029 (26th Aug 2009).
The MX One might be what I am looking for at the moment. So I may give a run on a computer. Something along that line anyway, where the solution is amenable to use by people knowing little in depth about command line functions. Not so much for my own use at the moment.
At this point in time, I have kept a record of the info and will continue to take an interest in any new developments.
There is another tool that is run in connection for instance with malware cleansing routines,
I think here in relation to removal of Trojan:Win32/Alureon.gen!
The tool is from a page on G2G so a reliable source
wait a couple of seconds for initial scan to be done
connect all of the USB storage devices to the PC, one at a time, and keep each one connected
at least for 10 seconds
if there are more USB storage devices to scan, please take a note
about the order in which these were connected
after all the devices are scanned, choose “Save log” option from right-click menu on Monitor tab.
That will open the log in Notepad. Please copy/paste the log to forum
Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC, e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras, memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc,
Just wanted to post this here for making our thread more complete…
See txt file below
F: drive is the USB I use mostly now in daily imput / output to removable media.
UsbNoRisk does not pick up my VMClite modem or Mouse understandably
My Canon Powershot had been left connected so batteries were flat and no pick up there either.
I am certain Flash Disinfector was run at one stage, maybe not this USB on this computer.
I ran this USB with Flash Disinfector on another computer the day after it picked up an infection.
Since then it has been good as gold. MSE detected the intrusion.
I recently mislaid an 8GB San Cruzer, my main removable, which was probably the device that was run with Flash Disinfector on this computer. Can run Flash Disinfector again and come back.
No blocked files found on F:
No Autorun.inf files found on F:
No mountpoint found for 70a4e5cc-d20a-11dd-b494-00115be720e7
No Desktop.ini files found on F:
No mimics found on drive F:
Scanning fixed storage…
No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 7d81f538-d261-11dd-bd33-806d6172696f
No Desktop.ini files found on C:
The patches introduced there are mere prerequisites to disable Autorun.
After the prerequisites are installed, follow these steps to disable Autorun.
After installing the patches corresponding to each OS, you could disable/tweak Autorun function by following the instruction given [url=http://support.microsoft.com/kb/967715]there[/url] as well. Alternatively, you can use [url=http://www.uwe-sieber.de/drivetools_e.html#autorun]the tool[/url] introduced by polonus.
I did install mxone Guardian with realtime usb protection. Updater works fine, scans swiftly, a real asset.
Report more here about this Mexican security solution for peripherals…
First, Spywareterminator blocked installation of the Guardian’s updater (it was detected as a trojan). I turned off ST’s protection but it was the turn of ThreatFire to alarm me about the updater. I turned off the TF’s protection too but my Vista refused to run the program - “Windows encountered a problem while running the program”.
I do not know whether it will function on Vista, but on XP SP3 runs like a charm,
Threatfire alerted but I allowed it, Immunet Protect did not alert a thing on installing and downlaoding, nor did a scan with MBAM, SAS, and RUBotted, ThreatExpert Memory Scan, ESET Sys Inspector, a-squared-free did not flag it, scans are fast, pendrives with their own logo’s now sit protected.
I will test it a bit longer, seems to run fine next to avast and Immunet Protect and ThreatFire (no further alerts), and for the updater I get 2 heuristic flags: http://www.virustotal.com/nl/analisis/ccb02889d246641a68435019229bc97d771ce3b0dab91e92963fd43b4f5c04cd-1257455211
cross posted with Pol but I have posted anyway - program must be okay if Immunet Protect passes it.
I now have mxone installed on my computer and giving it a test run because I am looking for a program like this with a simple, clear, straightforward user interface that is easy for the average user to work with.
I had problems with download and install and have also ended up with Mex or spanish version, which may be only one available to me even though url was definitely reading /en on route to download page (/en indicates english, thats right isn’t it). I had to edit my hosts file to prevent the download being blocked (just checked now, still edited but will prob return deleted entry with next auto update of hosts file - so see how mxone updates run then).
Haven’t had time to translate spanish UI as yet so first run through I was going a bit blind but looks at moment like I’m only with ‘on demand’ setting (or version). I’m a bit too busy to do much right now but look to translate UI tonight. Had intended to have someone test this for me but under circumstances will have to do this myself, so program now on my most used PC. That okay - have USB in and out of here all time.
The interface is also in English, you can install various languages, I like this program, let us test if it can be recommended to be used next to your resident av solution of choice. This is how it sits there on the pendrive,
see picture,