Jump drive with a virus

If I have a flash drive that I think may have a virus on it, but also has some important tax stuff on it, is there a way I can get at the files without endangering my computer?

Vaccano

Posted 2010-02-14T21:38:35.873

Reputation: 5 977

Answers

Try Panda USB Vaccine, which automates turning off autorun (Meaning no usb device can infect your PC just from being plugged in), and features a function to attempt to protect any the device from being infected (Though don't rely on that, it might not work when you need it most).

Once autorun is off, you can safely plug it in - just make sure not to execute -anything- on the drive. Yes, that includes your important tax stuff. Run everything through a virus scan.

Phoshi

Posted 2010-02-14T21:38:35.873

Reputation: 22 001

It there a similar encryption capacity in J-Zip? – Xavierjazz – 2010-02-14T22:47:33.180

Use a Live-CD to read out the data. Copy them into an folder (only the files you need) on your harddisk, and do a scan of that folder right after boot, before even looking into it. You should be save with that.

Edit: Oh, and of course do not plug the drive in while in Windows! Wipe it clean (and I mean reformatting) using the Live-CD after you're done.

Bobby

Posted 2010-02-14T21:38:35.873

Reputation: 8 534

1And don't use Windows Live CD's for this. – Basilevs – 2010-02-15T14:13:30.993

@Basilevs: Such things exist? oO' – Bobby – 2010-02-15T14:18:50.297

I''ve seen two or three versions of windows livecd and I'm sure there are much more. – Basilevs – 2010-02-16T08:22:40.723

@Basilevs: Cool, I thought that wouldn't be possible, but seems like somebody managed it. Nice to know, thank you. – Bobby – 2010-02-16T08:37:40.763

If you don't want to install any 3rd party programs, here are some methods to disable autorun on cdrom or usb drives.

Disable Autorun with TweakUI.

The most convenient way is to install TweakUI a PowerToy from Microsoft we can download for free . Download TwealUI and install it. This PowerToy gives you access to system settings that are not exposed in the Windows XP default user interface, including mouse settings, Explorer settings, taskbar settings, and more.

Run TweakUI
Navigate to My Computer -> AutoPlay -> Drives
Uncheck the drive you wish to disable the AutoPlay function.
Navigate to My Computer -> AutoPlay -> Types
Uncheck Enable Autoplay for CD and DVD drives
Uncheck Enable Autoplay for removable drives
Click Apply button
Click OK button

Disable Autorun with Group Policy Editor

If you are a geek type and want to do it the hard way we could use the GPEDIT.MSC tool to disable Autorun. GPEDIT.MSC does not work on Windows Home Edition, only on Windows XP.

Navigate to Start -> Run
type GPEDIT.MSC
Click OK
Navigate to Local Computer Policy -> Computer Configuration -> Administrative Template -> System
Double click Turn Off Autoplay
Select Enabled from the radio buttons
On the Turn off autoplay dropdown box select All drives
Click OK button, Close Group Policy Editor

Disable Autorun with the Registry Editor

If you are using Windows Home, you can disable autorun using the registry editor.

Navigate to Start -> Run
type REGEDIT, click OK button
Navigate to HKEY_LOCAL_MACHINE -> SYSTEM -> CurrentControlSet -> Services -> CDROM
Double Click on Autorun
Change from 1 to 0. The default value 1 means autorun is enabled on CDROM
Navigate to HKEY_CURRENT_USER -> Software -> Microsoft -> Windows -> CurrentVersion -> Policies -> Explorer
Double click on NoDriveTypeAutoRun
Change the current valut to B5 in Hex. This disables CDROMs and USB drives

Source

Now you can safely connect the usb drive without endangering your computer. scan the drive and remove infections. for good measure you may backup your files and format the drive.

Molly7244

Posted 2010-02-14T21:38:35.873

Reputation:

1One might consider TweakUI to be a third party program even though it does come from Microsoft. It's just not included with Windows. – Nathaniel – 2010-02-14T23:27:35.593

@Nathaniel - BECAUSE it is from Microsoft it isn't 3rd party software. However, "B5" your NoDriveTypeAutoRun and be done with it, works for ALL versions of Windows. – None – 2010-02-14T23:50:18.223

1Not really safe, but hold down shift key before you insert the USB drive until is fully recognize do the trick too – fluxtendu – 2010-02-15T00:16:48.970

@fluxtendu - you just said it: Not really safe. :) – None – 2010-02-15T00:18:39.090

@Molly Right. BTW, am I correct in assuming that flash drives can't actually automatically run anything even if AutoRun is enabled for them? I thought there was just an item in the popup box offering to run an app if it's so set in autorun.inf. – Nathaniel – 2010-02-15T00:43:13.820

@Nathaniel - in theory, yes. but the moment you double click an autorun.infected drive in my computer, the poo will hit the paddles, so, right click and explore is the safe option ... or use Total Commander to open your drives :) – None – 2010-02-15T02:42:30.733

At least state your source, you didn't write this. I have seen this posted in at least 3 different places. – John T – 2010-02-15T07:15:17.733

@John T Maybe it's public domain ;) – Nathaniel – 2010-02-15T19:57:43.210

The safest way to access your files without getting your machine infected is to read them using a different operating system. As "foxhop" suggested, download ubuntu and burn it to a disk. This will work only if you have an application in ubuntu which can read the files you want. This works because 99.99999% of viruses only infect windows computers :)

Alternatively, just update your antivirus for windows and plug the flash disk in. I have done this with someone else's hard disk to eradicate all viruses. Unfortunately infected files are not ALWAYS readable after being "cleaned".