Author Topic: Flash disk deleted  (Read 10671 times)

0 Members and 1 Guest are viewing this topic.

Archanaperth

  • Guest
Flash disk deleted
« on: June 15, 2013, 06:14:14 AM »
Hi everybody

I've just scan the forum hoping to find some help, but....

For the second time in two days, I put a flash disk (memory drive, pen drive, memory stick, however you call it...) in my computer e.. zot! deleted. Avast red (scary  ::)) adv: malware _WAPJO.nil (in today case) or WKIVZ.com (two days ago case) blocked. OK, thank you. But were are all my files? In the drain with the dirty water? Also the devices cannot be opened, piece of plastic and metal, now. They worked previously. They were full of works, yesterday and so.
What can I do? Seems a bit drastic, to me. Do not name the virus bin, please. Useless.

Thank you for your help, if anyone can  :'(

argus

  • Guest
Re: Flash disk deleted
« Reply #1 on: June 15, 2013, 11:49:21 AM »

Download MCShield from one of the following links:

MyCity -  Official download link
Softpedija - Mirror download link

  • Double click MCShield-Setup to install the application.
  • Wait a few seconds to MCShield finish initial scan.
Recommendation to under Scanner tab you click on "Always unhide items on flash drives"



  • Connect your USB storage devices to the computer one at a time. Scanning will be done automatically.
When all scanning is done, you need to attach a logreport that has made MCShield.

Start -> All Programs -> MCShield -> Logs

Attach here -> AllScans.txt

Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC,
e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras,
memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.




Step2


Download DDS and save it to your Desktop from here:
http://download.bleepingcomputer.com/sUBs/dds.scr

Double click dds to run the tool.

    * When done, DDS will open two (2) logs:
        1. DDS.txt
        2. Attach.txt

Save both reports to your desktop. DDS.txt and Attach.txt attach back to topic.
« Last Edit: June 15, 2013, 12:34:01 PM by argus »

argus

  • Guest
Re: Flash disk deleted
« Reply #2 on: June 15, 2013, 12:05:24 PM »
redirecting to viruses and worms

Aventador

  • Guest
Re: Flash disk deleted
« Reply #3 on: June 15, 2013, 01:05:36 PM »
No need for MC SHield. Every pc should have autoruns disabled. Secondly if you immunize your USB stick then it makes your USB stick immune to malware autoruns being put in it. here are a few simple steps.

http://labs.bitdefender.com/projects/usb-immunizer/overview/

http://www.sevenforums.com/tutorials/216706-autoplay-enable-disable.html

argus

  • Guest
Re: Flash disk deleted
« Reply #4 on: June 15, 2013, 01:15:22 PM »
Autorun is not the only way to transfer the worms with a flash drive, Immune of USB sticks is no protection.

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: Flash disk deleted
« Reply #5 on: June 15, 2013, 01:23:46 PM »
@Aventador

Quote
Every pc should have autoruns disabled.
Applys only for XP systems. On Vista and above, the rules are a little different

Quote
Secondly if you immunize your USB stick
Can you please explain "immunize" process? What it does?

Quote
...then it makes your USB stick immune to malware autoruns being put in it.
Is modified autorun.inf only known trigger for USB infection? Does the above mentioned tools covering other fields?


Please stay out of those things that you don't understand enough. Colleague has ~ five years of experience in the malware removal process.
Funny things is how untrained user says to malware removal expert "No need for" above mentioned program.


Aventador

  • Guest
Re: Flash disk deleted
« Reply #6 on: June 15, 2013, 01:25:00 PM »
Autorun is not the only way to transfer the worms with a flash drive, Immune of USB sticks is no protection.

I beg to differ. You do not need a resident program like MC Shield. All 4 of my USB sticks are immunized and I have stuck them in hundreds of infected pc's and never an issue. Disabling autoruns is a primary step in staying malware free. Just Google it.

No need to explain myself. Immunize explanation is on the Bitdefender link. Please read the links I posted before commenting. The disable autoruns is for 7 and Vista. Here is XP.

http://support.microsoft.com/kb/967715

FYI..................I have a masters in computer science and work as a systems engineer. I also run a home business repairing pc's. I make house calls a lot to remove malware. So do not doubt mt knowledge.
« Last Edit: June 15, 2013, 01:29:17 PM by Aventador »

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: Flash disk deleted
« Reply #7 on: June 15, 2013, 02:17:42 PM »
My comment for Immunize was rhetorical.

Quote
Immunize explanation is on the Bitdefender link. Please read the links I posted before commenting. The disable autoruns is for 7 and Vista. Here is XP.
I know these tools and they work very well.



- I'll try to explain to you some things:

Thouse tools like BD immunize, Panda USB protection, ...hey doesn't disable the autorun. They load his own autorun so called powerfull autorun or bulletproof autorun... impenetrable autorun.inf with its attributes.
Aim of this is that malware cann't use autorun.inf.

Tools like , USB AntiVirus ...etc.
They already operate on a signature which is an advantage and disadvantage:

advantage - Scans USB's and it kills to him known malware.
disadvantage -  it kills only to him known malware. Unknown malware will "leave alone".


-About USB malware:
Malware must have its own trigger and excellent file.
First malware writers have found a way to take advantage of legit Windows autorun.inf, to execute their malware into PC.

This the contents of autorun.inf as example:




In this example, autoran.inf saying that windows should start test.exe malware.

Then people started to develop tools that may manipulated with autorun.inf ( autorun.inf is legit Windows file, loading their own autorun.inf was a good as first solution, legitimate action too) and thus provide additional protection or some of them trying to earn money.

The aim of this tools is nothing other than prevent infection. This is very important to know. Malware still lives in USB!

Therefore your link from BD says:
Quote
Autorun-based malware


Malware writers have had to find another way to infect the machine because the autorun.inf has been too known action. They couldn't use that metod sufficiently...


Currently known methods of infection using this metods:

- Desktop.ini
- comment.htt
- ActiveX
- User (user thinks he launches legitimate folder and he actually launch executable malware, legit folder is super-hidden)
- Windows Shell
- ... etc

This was written only in brief, the story it is much wider

---   ---   ---   ---   

When Argus asked for running MCShield, you wrote this:
Quote
No need for MC SHield. Every pc should have autoruns disabled. Secondly if you immunize your USB stick then it makes your USB stick immune to malware autoruns being put in it. here are a few simple steps.

Having the above...  do you realize why this comment is wrong?

If the user took your advice, he would get just this:
-Autorun-based malware ( only prevent infection )


If user obeyed Argus, it get this:
Quote
AntiAutorun, AntiLNK, three AntiReplicator routines, AntiRimecud, two AntiMimics, known bad file/folder names, hashes, AntiEsfury (folder name heur.), general/blended file heuristics (files are checked in 6 ways)...




In summary:
- autorun is just one of the ways the infection can be started;
- this is not bulletproof;
- USB device is still infected, ready to use on another machine, launches its autorun.inf and interject malware where it can.


« Last Edit: June 15, 2013, 02:21:32 PM by magna86 »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37504
  • Not a avast user
Re: Flash disk deleted
« Reply #8 on: June 15, 2013, 02:58:47 PM »
Quote
FYI..................I have a masters in computer science and work as a systems engineer. I also run a home business repairing pc's. I make house calls a lot to remove malware. So do not doubt mt knowledge.
hmmm.....
@magna86 .....shouldn't someone with all this knowledge know this?


Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Flash disk deleted
« Reply #9 on: June 15, 2013, 03:13:34 PM »
Not if they look like this one, see image attached...

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Aventador

  • Guest
Re: Flash disk deleted
« Reply #10 on: June 15, 2013, 03:16:37 PM »
Quote
FYI..................I have a masters in computer science and work as a systems engineer. I also run a home business repairing pc's. I make house calls a lot to remove malware. So do not doubt mt knowledge.
hmmm.....
@magna86 .....shouldn't someone with all this knowledge know this?

No need my dear friend. Its called years of experience. You can read all you want and post articles. I have 4 USB sticks which I bring to work and house calls. 2 have malware removal tools on them. ALL 4 are Immunized using BitDefender USB immunize. All 4 have been inserted into infected pc's and into other pc's. Then back to my home pc's. That makes over 1,000+ computers. Guess what...................No malware has ever infected ANY of my USB sticks. One other stick is for installing Avast and other software. The other is my BitDefender Rescue Disk with the ISO on my USB stick.

FYI..............MC Shield only protects YOUR own pc. It does not protect your USB stick when being inserted into another pc.
« Last Edit: June 15, 2013, 03:23:07 PM by Aventador »

Aventador

  • Guest
Re: Flash disk deleted
« Reply #11 on: June 15, 2013, 03:17:50 PM »
Not if they look like this one, see image attached...

polonus

Very mature. Unless you have something intelligent to post instead of a dumb picture I suggest you stay away. Thanks.

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: Flash disk deleted
« Reply #12 on: June 15, 2013, 03:29:10 PM »
@Aventador
Quote
I have 4 USB sticks which I bring to work and house calls. 2 have malware removal tools on them. ALL 4 are Immunized using BitDefender USB immunize. All 4 have been inserted into infected pc's and into other pc's. Then back to my home pc's. That makes over 1,000+ computers. Guess what...................No malware has ever infected ANY of my USB sticks.

I understand you, but please understand me too.

The purpose of malware isn't that it's been detected by user. Its purpose is to keep undetected and that is what many don't realize.
User can be infected and they do not even know it.
Do you know that there were active malware in the government sector and undetected for several years while Kaspersky hasn't detected it ?

I do not want to convince you what is better, the choice is yours. It's on me just at least to try to explain a few thing, and if you are willing to listen, great.
If not, you can listen to yourself and live on yourself experience. But know this: " Two heads are better than one "


Quote
You can read all you want and post articles.

What I wrote above did not come from some articles.
This is the knowledge they have shared with me some people - with a lot more understanding of the malware subject matter than me.


Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: Flash disk deleted
« Reply #13 on: June 15, 2013, 03:34:00 PM »
Quote
MC Shield only protects YOUR own pc. It does not protect your USB stick when being inserted into another pc.
Yes, because for valid protection of this nature ( USB malware ) is not possible to make it portable and still to be high quality tool with all his detections routhins.


Offline SpeedyPC

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3398
  • Avast shall conquer the whole world
Re: Flash disk deleted
« Reply #14 on: June 15, 2013, 03:34:51 PM »
Maybe it time for Aventador to and let argus & magna86 do there job to help Archanaperth problem without hi-jacking this topic
« Last Edit: June 15, 2013, 03:38:09 PM by SpeedyPC »
Gigabyte 670 LGA1200 Full ATX MB | Intel Core i9-13900 CPU/LGA 1700 | GeForce Nvidia RTX-4070/12GB | 32GB DDR4 | 2 x 1TB Samsung SSD | W11 Home 64bit | Avast Premium v23.11.6090 | Avast SecureLine VPN | Avast Secure Browser | Avast Driver Updater | Avast BreachGuard | Firefox 64bit | MalwareBytes Premium | Adguard Premium | CCleaner Portable | Macrium Reflect | 7-Zip