Author Topic: Is it ok to use infected pendrive with autorun disabled and doing quick format?  (Read 3765 times)

0 Members and 1 Guest are viewing this topic.

cimmind

  • Guest
I have set autorun disabled on all my removable drives. I have to use my pendrive on a known infected computer at office, and i use it to carry material from my home comp to office. What i do is to format it always before opening on my home comp. So far it works, but is there a theoretical chance of getting virus by merely inserting the pendrive? (The obvious disadvtg in my method is that the pendrive can only be used oneway, it cant be used to carry material from other comps to mine)

(This question has been moved here from an earlier unrelated thread. The next two comments are carried forward from that thread.)     

cimmind

  • Guest
One thing.. if i fiddle around with a possible false positive file, eg. in removing it from vault, posting it on the site you mentioned etc.; is there any chance of it causing infection or is it that only clicking on a file can lead to infection?
You shouldn't open or execute the file. The only safe option will be open www.virustotal.com in your browser and access the file from there.

If you could help me with a related matter, i have set autorun disabled on all my removable drives. I have to use my pendrive on a known infected computer at office, and i use it to carry material from my home comp to office. What i do is to format it always before opening on my home comp. So far it works, but is there a theoretical chance of getting virus by merely inserting the pendrive? (The obvious disadvtg in my method is that the pendrive can only be used oneway, it cant be used to carry material from other comps to mine)
Yes, you can get infected with the merely fact of inserting the pendrive.
Let your USB drive plugged and run Autorun Eater or Flash Disinfector, allowing them to clean up all drives. They would create hidden folders named autorun.inf in each partition and every USB drive plugged in when you ran it. These folders protect your drives from future infection. After that, reboot your computer.

cimmind

  • Guest
Yes, you can get infected with the merely fact of inserting the pendrive.
Let your USB drive plugged and run Autorun Eater or Flash Disinfector, allowing them to clean up all drives. They would create hidden folders named autorun.inf in each partition and every USB drive plugged in when you ran it. These folders protect your drives from future infection. After that, reboot your computer.

Tech, seeking your clarification on this point. What i infer from your post is that the danger is not from inserting the pendrive, but only if the autorun.inf file (or autorun.bat file that i have seen known infected drives to carry) gets activated.

As i stated, i have autorun disabled. Also, i have "Panda USBVaccine" (http://download.cnet.com/Panda-USB-Vaccine/3000-2239_4-10909938.html) which i think does the same job as the software you mentioned. The first thing i do after inserting the pendrive is to immediately format it. Still the risk is there?
   

hlecter

  • Guest
Quote from: hlecter

Can't see it posted in this thread, so here is the ultimate solution for autorun.inf problems:

http://nick.brown.free.fr/blog/2007/10/memory-stick-worms

If you follow Nick Browns simple registry mod in the beginning of his blog, autorun.inf
problems are history.

It can't disinfect your PC, but you are protected against all malware from misusing autorun.inf in the future.

Applied it to many PCs many months ago.


Regards
HL

Edit: For those interested in MUCH info:  http://www.us-cert.gov/cas/techalerts/TA09-020A.html

Why not include this one from the same thread?

HL

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 88161
  • No support PMs thanks
You have set autorun to disabled, there technically is nothing stopping other malware resetting those values, which is which is why I don't see software/registry hacks as a 100% protection solution, also disabling autorun would also be a pain in the rear for some who actually want it to work where it should, for CD and DVD, removable media, what it was originally designed for.

Which is why I have tended to suggest Flash Disenfector, which creates a physical folder (on all HDD partitions) of the same name autorun.inf and it is protected from deletion, etc. It is this which also limits its spread as these autorun.inf files on your HDD partitions would run on boot, starting its malware, also infecting clean USBs that you insert.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 23.9.6082 (build 23.9.8494.792) UI 1.0.781/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

hlecter

  • Guest
Read what Public Safety Canada has to say about this:

http://www.publicsafety.gc.ca/prg/em/ccirc/2008/tr08-004-eng.aspx

Nick Brown's solution is the only recommended.

HL

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 88161
  • No support PMs thanks
Disabling autorun completely is a) the nuclear option so your regular CD/DVDs won't start when you load them, b) easily reversible by malware, c) that article doesn't even look at other options like flash disenfector or autorun eater, etc.

Its advantages could just as easily be on the disadvantages column as mentioned above in points a & b.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 23.9.6082 (build 23.9.8494.792) UI 1.0.781/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security