How can I prevent viruses/malware from infecting my flash drive?

Question

I've a pen drive that I carry to the college lab . It seems all the systems in lab is infected. I need to be able to write to the drive, so I can't simply write protect it.

Everytime I insert a pendrive , all the folders became an .exe file . Also several other issues . After I scan with avast , everything is cleaned and all my data is lost..

Instead of an Antivirus tool or utility that runs only on prompt , is there a program/software that will guard the pendrive by running as a background process automatically when inserted ?

( I should have the software in my pendrive )

Many suggest Clamwin portable, Panda Vaccinate etc....

suggestion- Make a gmail id and use its DRIVE to store all your files. You can access them from anywhere. No flash drive needed. — FirstName LastName, Mar 22 '13 at 01:12
If they are not skilled enough to clean them, 1st sad very sad indeed, second they need to reformat the computers and reload the OS. Infections are all gone. Then they need a strong AV/malware tool like malwarebytes. — cybernard, Jun 19 '16 at 15:03

score 13 · Accepted Answer · answered Mar 15 '11 at 21:05

13

I have a couple of questions here:

Are the files fine when in the lab? And only become 'infected' when you move them to your USB drive?
Are you certain the USB stick is clean?
Does the USB stick have software on it which is supposed to write files as exe's (some versions do this if encryption is enabled)

The reason I ask is that it could be an issue you are bringing to the lab.

If not, and the lab machines are infected, there is nothing you can realistically do with your USB drive to combat this problem. You would need to get the lab techs to sort out the issue at their end.

answered Mar 15 '11 at 21:05

Rory Alsop

61,367
12
115
320

Little clarification : Only my folderss which are in my pendrive are affected and get converted into .exe . I'm 100% sure my pendrive is clean . Not only mine . All my friends have this issue . – vettipayyan Mar 16 '11 at 15:28
1

Lab techs also can't do anything ..... They say "we tried , but couldn't get rid of that " – vettipayyan Mar 16 '11 at 15:29
2

@vettipayyan - all you can hope to do then is protect yourself (with strong virus checking on your computer), protect others (by not using this USB stick anywhere else) and mitigate the issue at university (by ensuring you do not use folders...just keep files in the root of the USB stick) - not an ideal scenario, as the Lab really should do better! – Rory Alsop Mar 16 '11 at 15:38
thank you . I'll try to report the issue again to department staffs... – vettipayyan Mar 17 '11 at 12:48

score 7 · Answer 2 · answered Mar 16 '11 at 06:06

If the lab's machines are infected, there's not really anything you can do to protect yourself. You can't protect the USB pendrive by installing software on it.

You can install antivirus software on your own computer, so that if you plug the USB pendrive into your own computer, your own computer won't be infected by the virus on the pendrive. Good antivirus software will typically scan the entire pendrive when you insert it onto your computer, or when you access files on the pendrive. However, understand that this is a crummy stopgap and not to be recommended, because it does nothing to prevent the files on your pendrive getting infected, and because it is still pretty dangerous to carry around an infected pendrive (you are potentially infecting anyone else's machine who you stick the pendrive into; and anti-virus is not perfect and may miss some viruses). So this is not a good solution.

The right solution is, as others have suggested, to contact the IT department who administers the lab machines and get them to remove the spyware/malware on their machines and install proper antivirus software on the lab machines.

score 5 · Answer 3 · answered Mar 15 '11 at 14:06

5

You could make the pendrive write protected to avoid a virus getting onto it. The drawback is that you won't be able to store anything on it from the college PC.

answered Mar 15 '11 at 14:06

Then no use of it. I always carry the files i created from the lab.... – Mar 15 '11 at 14:14
8

You should raise this issue with the computer services department at the college. It is their responsibility to ensure that the equipment you are provided with is fit for purpose, and if it's riddled with viruses and spyware then they're obviously not doing their job. – Mar 15 '11 at 14:55
1

Obviously , they never do their job . They'll say "why the hell you bring a pendrive to lab " . well , I think i asked for a software ...... – Mar 15 '11 at 17:53

score 5 · Answer 4 · answered Mar 18 '11 at 17:05

Some thoughts/steps for your situation.... if I was the one to deal with the problem....

Quick solution: backup your files, format everything and reinstall. Do a clean installation. Update everything to the latest patches/hotfixes. It will take less time than the other solution.

The other solution......

Prepare/Arm yourself with tools.

Antivirus Live CDs See here here and here
AntiRootkits
Antimalware
Panda USB Vaccine. It's not an AV. It can be used with ANY antivirus you have. See this MS article is you like the manual way better.

The free Panda USB Vaccine can be used on individual USB drives to disable its AUTORUN.INF file in order to prevent malware infections from spreading automatically. When applied on a USB drive, the vaccine permanently blocks an innocuous AUTORUN.INF file, preventing it from being read, created, deleted or modified. Once applied it effectivelly disables Windows from automatically executing any malicious file that might be stored in that particular USB drive. The drive can otherwise be used normally and files (even malware) copied to/from it, but they will be prevented from opening automatically. Panda USB Vaccine currently only works on FAT & FAT32 USB drives. Also keep in mind that USB drives that have been vaccinated cannot be reversed except with a format.

Scan-Clean the PC(s)

Remove ethernet cable, cut off connectivity (internet-or internal (to the lab)
Reboot the computer(s) from a GENUINE Antivirus Live CD. See here here and here, for info. Don't download and run them, unless you make sure they are valid/trusted/original/etc. Use common sense. Prepare your OWN from your AV, or contact your AV vendor/reseller. IF you can't get/pay a AV Live cd, do the following. Prepare (clean install) a laptop/pc with the AV,antirootkit, antimalware of your choice and put the "infected" hard drive as an external (with a sata-ide to usb cable) or as a slave harddrive. I would choose the sata/ide to usb cable. Its cheap and fast. Scan again and again.
Update the virus definitions (in memory or usb) and scan the whole system.
Clean any infections.
Scan again, the whole system. DON'T boot to normal OS yet. Check if you have still have infections.
Do the same with any Live CD you have with Antirootkit or Antimalware capabilities. Some really bad malware/rootkits hide in the MBR and survive reboots or even after a "good" clean.

Boot your pc into SAFE MODE (if it's Windows) if you can't boot from a cd and repeat previous steps. Still a safe bet but you might not be able to get rid of some really bad malware/rootkits. A dead system is allways easier to clean.

Reboot to your OS, only if you are pretty sure that u got no more infections. Don't connect to any network (internet or lab) yet

Stop USB infection

Use Panda USB Vaccine. Or see the MS article (5th link). Vaccinate your pc AND all your usb. You will disable your Windows Autorun/Autoplay features. And your usb will get a autorun.inf file (it's blank, a dummy one), and even if you put it on an infected PC, you might get the virus (hidden exe,bat,scr..etc) BUT your usb will not AUTOMATICALLY infect other pcs, unless you run the exe's on purpose. The USB drive will lose the vaccination ONLY if you format it. Remember that.
Make VISIBLE, your hidden files, AND your Protected/system files. Many viruses are marked as system files and get under the AV radar. Apply that to ALL folders.
Use an AV that auto scan ANY usb device, Kaspersky and free Avira do exactly that. Maybe others as well.
DON'T double click on the USB or CD-DVD icons from "My Computer". That way (the default Windows way), the OS see if the CD/DVD/USB has a autorun.inf file, and if they have it, it's executed and after that the contents are displayed. A more safe way is to Press winkey+E (Windows Explorer) and navigate to your drive from the left panel. That way you tell the OS to display just the contents. Even if your drive have an infected autorun.inf, it doesn't autorun.
Update, update, update. Not only your Operating System but also your programs !!!!!!

Getting your files back, after been infected and deleted by your AV - Use photorec or any other "Undelete" program you want/know/have. You will also recover viruses so be careful.

Additional ideas:

Get a USB with write protection. Cheap solution.
Use a Stand-alone laptop with 3 or more AV as a "Scan-USB machine". Use only one AV as a resident AV and the others as on-demand. Otherwise you might have problems. Connect it to the internet only to update the AV signatures. For nothing else. Anything that you want to put inside you lab will be scanned FIRST from that laptop with 3 AVs. Another cheap solution.
You might want to implement the previous idea to everything you download from the internet. Configure your lab so ANYTHING you download, goes to a temp folder, scanned from 3 AVs, one by one, and if it passes the check, then be available for you to get it. Our admin had it that way. I think it was configured from the ISA Server. I'm not sure.
Install and Endpoint protection system. GFI Endpoint Security and Symantec Endpoint Protection, provides protections from unauthorized usb drives.
Search for HBGary Inoculator. From their site: "It's an enterprise appliance designed to detect, remove and prevent Windows® host re-infection of known malware, without waiting for your antivirus vendor to provide a detection signature. With its breakthrough Digital Antibody technology , Inoculator provides a countermeasure against targeted cyber threats, without disruption to your enterprise." Haven't tried it.

I am curious to hear the progress/result from your lab.... :P

thank you for more detailed answer.... I never let my PC vulnerable to USB's . I always run scan and then only use them . While scanning , the infected documents got removed . Those documents were earlier infected by our lab system . Further , the docs that i carried to the lab also infected . So i just want to guard my flash drive . Not my PC. But thanks for ur ideas . — vettipayyan, Mar 18 '11 at 17:34
Ok, try this one and tell me if it works. Make a Truecrypt container inside your USB (from a clean pc). Move your docs, inside that container, and zip them (7zip) AND password protect them (7zip AES-256).Each one of them, even with same password. Run them from from usb by first mounting the truecrypt container and then entering the password. Don't unzip them. Run them from the zip. Entering the pass. Make changes if needed. Then unmount the truecrypt container. Tell me if your docs still gets infected. — labmice, Mar 18 '11 at 20:06
ya , thank you and i'll check that out . I'll post after the lab in monday :) — vettipayyan, Mar 19 '11 at 11:53

score 0 · Answer 5 · edited Oct 22 '15 at 08:01

0

Run CMD -> do this

cd X:  (X -> path of your USB)

run this -> attrib -s -h -r /s /d

The hidden files will be revealed.

Do delete the virus files though.

edited Oct 22 '15 at 08:01

Lighty

2,368
1
23
36

answered Oct 22 '15 at 07:39

KyleCrimson

1
3

score 0 · Answer 6 · edited Mar 17 '17 at 13:21

All antivirus software I have used handles scanning USB sticks.

I posted answer to a similar question in Detecting malware-infected USB drives

The sum and substance is using a different, secure computer without any autorun facility, create and lock an autorun.inf file in the root of the USB stick. If there is one there, examine it for malware clues and get rid of it.

I like using a Mac for this because they read and write FAT and ExFAT natively (which are common on USB drives), Mac formats (of course) and also NTFS if enabled through third party software. They also do not autorun and are immune to PC viruses. Macs also show all partitions, even hidden ones, on the desktop regardless if every partition is a different format, or empty. Macs are also pretty common.

score -1 · Answer 7 · answered Jun 04 '13 at 16:30

-1

I have had viruses infecting my computer through usb drives for a very long time. Then I found this. Hope this helps :) http://techwikasta.com/2012/10/how-to-secure-your-usb-drive/

answered Jun 04 '13 at 16:30

Arwal Dhar

1

1

This is more or less a link only answer. Please add a short description of what the page you're linking to suggests as a possible solution to OP's question. Link rot has to be considered also, and adding a description might help future reader in finding intended page, if the link becomes dead at a later date. Thanks! – TildalWave Jun 04 '13 at 16:58

How can I prevent viruses/malware from infecting my flash drive?

7 Answers7

Linked