1

I plugged the USB drive on a public computer at my university and all the files became .exe

Is there a way to clean it without risking that it will copy the virus as soon as I insert the thing?

Santiago Quiroga
  • 113
  • 2
  • Are you looking to recover data from the drive or to disinfect it so you can continue to use it? – Neil Smithline Sep 18 '15 at 20:57
  • Recover the data would be ideally, but not mandatory. I have a couple .zip files that are pretty big so having to download them again would be a pain. – Santiago Quiroga Sep 18 '15 at 21:00
  • `I plugged the USB drive on a public computer at my university` Then go to the admin now and apologize before he comes to you. – deviantfan Sep 18 '15 at 21:32
  • 1
    @deviantfan Do you think it's necessary? All the computers have a program that reverts all changes made on the computer on restart. So I just restarted the PC. – Santiago Quiroga Sep 18 '15 at 21:52

1 Answers1

8

If the malware are just .exe files waiting to be clicked on, then not opening them should be enough (also beware of Autorun). You can further protect yourself by using an OS which won't be able to execute the files anyway (like Mac or Linux). Deleting the malicious files or formatting the drive is enough to clean it.

If the malware also modified the files or some filesystem data to be malicious and exploit a vulnerability, you should decide whether you're likely to be affected - if your system is up to date and it's unlikely someone would use a zero-day on you, then it's safe. Otherwise, it's not and you shouldn't be mounting the filesystem (Windows and Mac mount them by default so be careful). Reformatting the drive is again enough to clean it.

If the malware modified the firmware of the USB drive itself, then it's no longer an USB "drive" and will often pretend to be a keyboard and type in malicious commands. At this point, I suggest you just throw away the drive as it is now comparable to a compromised machine and you can no longer trust it.

Community
  • 1
André Borie
  • 12,706
  • 3
  • 39
  • 76
  • The probability of a malware being able to reflash an USB drive firmware, *plus* that of the OP's USB drive being the correct model to be reflashable, is (for now) vanishingly small. That said, +1 for a very clear and useful answer; you might want to add that Autorun can be disabled. – LSerni Sep 18 '15 at 21:47
  • Thanks for the answer. It covers all possible scenarios. I'm downloading a live CD to try and save those files. – Santiago Quiroga Sep 18 '15 at 21:54