Virus on my USBs

AutoRun.inf :o
it keeps on being detected even after it is moved to the chest and so far it has been detected 29 times in the same usb.
Object: G:\AutoRun.inf
Infection: INF:AutoRun-gen2 [Wrm]
Action: Moved to chest
Process: C:\Windows\system32\system.exe
What?

I suggest that you install Panda USB Vaccine for USB devices:http://research.pandasecurity.com/panda-usb-and-autorun-vaccine/ and it can be run on any drive on your machine for removable devices.

You are given the option to “vaccinate” your machine, which means to disable autorun.inf malware from infecting your machine again (or in your case preventing further damage), and you can enable it again (although I wouldn’t). Plus you can “vaccinate” any USB/flash or removable device so that it cannot infect your machine. This type of malware is easily transmittable because many people use USB’s.

How to format or cleanse your USB / flash drive:

  • Right click from Windows Explorer and do a full format to cleanse your USB flash drive.

You should also run the following:

  1. Avast Boot-time scan after making sure your virus definitions are up to date.
  2. MBAM (Malwarebytes)
    · Download free http://www.malwarebytes.org/ (the blue button) for an on-demand scanner.
    · Double Click mbam-setup.exe to install the application.
    · After install, click update so you have latest database before scanning.
    · Under Settings:
    o General: Automatically Save File After Scan Completes is checked off
    o Scanner Settings: Check all boxes
    o Updater: Download and install update if available is checked off
    · Once the program has loaded, select “Perform FULL Scan”, then click Scan.
    · The scan may take some time to finish, so please be patient.
    · When the disinfection scan is complete, a log will appear in Notepad and you may be prompted to Restart. (See Extra Note).
    · Click the “remove selected” button to quarantine anything found. You will find the infection details under the Quarantine tab.
    · The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    · Copy & Paste the entire report in your next reply.

Let us know if you have any questions, and we will review your log. Thank you.

Check for viruses on other computers where you have been plugging this usb, follow safesurf’s detailed post for cleaning up the computer.

Ok I’ll try the above steps, but I only got the virus when I plugged it into the school’s computers for the first time, they have Norton and it detects and removes it. I haven’t noticed anything from it the past year but when I installed Avast!, it starts spamming my log with it and I’m starting to get a little worried :S also when I bought this USB, the first thing I did with it is plug it into my brand new laptop, and it had something called “Pictures.exe” and “Romance.exe” no idea what that is about either. Do you guys know what any of these files do exactly?

When I do a full format, does that mean I lose all the files?
Dunno why, but everytime I try to vaccinate my usb, it says “Vaccination was not possible. Error writing volume” or
“Vaccination was not possible. Error writing the file AUTORUN.INF”

1/ Formatting will wipe the files, obviously.
2/ For the second thing - first, you need to be admin for this to work. Second, chances are high it won’t work when already infected (again, reformat first). Also can be permissions issue if you are using NTFS (generally not a good idea for those USB sticks).
3/ Then use the Panda thing - you can uninstall it once finished with all your USB drives.
4/ Turn autorun OFF on all your machines.

But I have really important files I want to keep, what should do with those? I assume it’d be bad to copy them since the usb is infected :S

The ones you want, you obviously need to copy elsewhere (documents, pictures etc.) Do not copy any EXE,DLL,COM etc. stuff.

Can I copy videos, music and .txt and .html files? (I made my own html documents)

Sure. Scan it by avast! manually once again once done.

When I format it, it gives me a bunch of options:
File System: FAT32(default)
Allocation unit size: 16kilobytes (this one I’m not sure about since it gives a lot of options)

http://img148.imageshack.us/img148/2435/formatsettings.png

Which one do I pick?

Leave it at default and uncheck Quick Format.

Ok, formatted, then I scanned it and it had the autorun.inf [wrm] thing again, deleted it, it came back on second scan, and then I took out my 2nd usb and scanned, removed it, scanned again and the usb is clean on each scan, I guess that means I have to format each one by itself?
Nevermind it came back but the Vaccine worked and now when it tries to scan the file it just says it was unable to scan it because the file is offline.

I recommended that you install this program. MCShield

It will prevent infection by computer via USB flash drive, mobile phone or any memory card.
And not only will prevent infection, but will immediately clean Memory card or external HDD

Panda USB & AntiVirus are Unable to deal complitly with infections that come with USB

Yes, each and every removable drive with infected autorun needs to be disinfected and reformatted.

Yeah, it works pretty well, modifies the FAT in a way that the created autorun.inf cannot be written nor deleted.

I have seen tons of similar “miracle” one-purpose things, none of them did what they claimed, mostly snake oil or false sense of security since the folks writing them did not really know what they are doing. Panda does a one time job for you removable drives, nothing more is needed afterwords, they won’t get infected. And once you have completely disabled the autorun nonsense on your computer, nothing will infect it as well this way.

On another note, there are things like SRP and Applocker, this way you can completely disable running anything from removable media (possible exclude your CD/DVD/Bluray).

Does this also mean, that if I use my usb on the school computers, I can’t get this virus again?

Well yes, that’s the main purpose of the Panda USB vaccine - to prevent infection. ;D

Hi @doktornotor

I have seen tons of similar "miracle" one-purpose things, none of them did what they claimed, mostly snake oil or false sense of security since the folks writing them did not really know what they are doing. Panda does a one time job for you removable drives, nothing more is needed afterwords, they won't get infected. And once you have completely disabled the autorun nonsense on your computer, nothing will infect it as well this way.
Before you continue Read [url=http://amf.mycity.rs/programs/mc/mcshield/AboutUs.html] abaut us [/url] This program was developed by members of Anti Malware Fighter Team from MyCity.rs (member of ASAP)
Does this also mean, that if I use my usb on the school computers, I can't get this virus again?
Yes.

Awesome… my second usb is gonna be difficult since it’s cluttered as hell and I have lots of .exe files in there too :S mainly the games I’ve developed. What should I do about this one?

@shadyone
Just install MCShield and allow him to remove any malware from USB flash Drive.
Then we shud check your system.

Download DDS and save it to your Desktop from here:
http://download.bleepingcomputer.com/sUBs/dds.scr

Double click dds.scr to run the tool.

* When done, DDS will open two (2) logs:
     1. DDS.txt
     2. Attach.txt

Save both reports to your desktop. Attach DDS.txt back to topic.

Should I really install it?