Author Topic: USB  (Read 12990 times)

0 Members and 1 Guest are viewing this topic.

Offline mkis

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1618
USB
« on: November 02, 2009, 01:18:02 PM »
USB and protection for computers

USB antivirus software
http://antivirus.about.com/od/antivirussoftwarereviews/a/usbantivirus.htm


Edit - this article appears very dated. Found while scouting about looking for articles about USB and computer protection. Any posts directing to more up to date info would be appreciated.
« Last Edit: November 02, 2009, 02:23:35 PM by mkis »
Avast7 Free, MBAM (on demand), MVPS Hosts

Intel DG41TY, Windows 7 Ultimate, IE9, Google Chrome, 4 GB ram, Secunia PSI, ccleaner, Foxit Reader, Faststone Image viewer, MWSnap.

YoKenny

  • Guest
Re: USB
« Reply #1 on: November 02, 2009, 02:50:41 PM »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67236
Re: USB
« Reply #2 on: November 02, 2009, 03:24:36 PM »
Let your USB drive plugged and run Autorun Eater or Flash Disinfector, allowing them to clean up all drives. They would create hidden folders named autorun.inf in each partition and every USB drive plugged in when you ran it. These folders protect your drives from future infection. After that, reboot your computer.

To prevent infections from USB drives, you can install USB Firewall before using any USB drive.

USBVirusScan will launch any program you provide as a command line parameter each time a USB stick is inserted. I use it to start a full virus scan on the inserted USB drive: http://blog.didierstevens.com/programs/usbvirusscan/ The command-line that worked for me is:
"<path>\USBVirusScan.exe" -c -i "<path>\avast4\ashQuick.exe" x:
Where you need to change the <paths> for the both correct ones and the x: for the letter of your USB drive.
The best things in life are free.

Sesame

  • Guest
Re: USB
« Reply #3 on: November 02, 2009, 03:43:10 PM »
If you are running XP system with administrator account, the autorun should be feared.  For 0-day type attacks, I think it would be good for us to think about taking more control in the autorun function.

Probably, this is the info for the most updated patch (optional) from Microsoft for USB security according to their security advisory.

For your peace of mind, you may want this tool introduced by polonus in the previous thread.  It is a GUI tool for the registry tweak specialized in allowing the users to have more detailed control on the autorun feature.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33667
  • malware fighter
Re: USB
« Reply #4 on: November 02, 2009, 10:22:56 PM »
Hi malware fighters,

This link should be here in this thread as well: http://www.uwe-sieber.de/drivetools_e.html#autorun

To protect your computer from viruses, Trojan or malware a good antivirus solution for your USB devices is a necessary. Mx One is such a free antivirus designed to protect you external storage devices like USB stick or pen drives , iPod., mp3, mp4, M2, SD, microSD. Download: http://jayaprakashkv.blogspot.com/2008/07/download-free-usb-sticks-antivirus-mx.html   home-site for this tool: http://mxone.net/en/

Features.
+ Protection against: Virus, Trojans, Worms, Spyware (Spyware), Hacking Tools (Hacktools), Software Risk (Riskware).
+ Compatible with any antivirus resident like for example: Nod32 ™., Kaspersky ™. BitDefender ™. AVG ™., Norton ™., Panda ™. AVG ™, ™ Avast, Avira Antivir ™, among others.
+ Protection in realtime with ..
- System "CHECK AND DESTROY" detects and removes all viruses that attempt to infect your device while connected to an infected PC, even unknown viruses.
- System Protection "Guardian" protects your PC from viruses that come in infected and USB devices to connect to your computer infected no matter what if the device has Mx One Antivirus installed or not, also detects even unknown viruses.
+ Protection against unknown viruses and new variants with "Heuristic ONE" AND "GENERIC ONE"
+ You only need very small 1Mb of space available on either the PC or on removable media.
+ Completely free,


polonus
« Last Edit: November 02, 2009, 10:28:33 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline mkis

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1618
Re: USB
« Reply #5 on: November 02, 2009, 11:14:54 PM »
Thanks for the input.
I'm still working my way through some of it. And covering some stuff in the previous thread that I overlooked.

I gather Autorun Eater is your preference, YoKenny? I downloaded a couple of times but never got around to running it. As I said in the previous post I have not had the problems that have been associated with Flash Disinfector. But that is up to this point in time.

I have Microsoft patches including the most updated patch KB971029 (26th Aug 2009).

The MX One might be what I am looking for at the moment. So I may give a run on a computer. Something along that line anyway, where the solution is amenable to use by people knowing little in depth about command line functions. Not so much for my own use at the moment.

At this point in time, I have kept a record of the info and will continue to take an interest in any new developments.
Avast7 Free, MBAM (on demand), MVPS Hosts

Intel DG41TY, Windows 7 Ultimate, IE9, Google Chrome, 4 GB ram, Secunia PSI, ccleaner, Foxit Reader, Faststone Image viewer, MWSnap.

Derelict_AZ

  • Guest
Re: USB
« Reply #6 on: November 03, 2009, 05:58:52 AM »
In addition to protecting my computer from USB infections, I also use this simple tool to protect my bootable USB recovery drives from infection from other computers I plug them into.
http://www.softpedia.com/get/Antivirus/NOD32-Dummy-File-Creator.shtml

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33667
  • malware fighter
Re: USB
« Reply #7 on: November 03, 2009, 07:21:18 PM »
Hi mkis,

There is another tool that is run in connection for instance with malware cleansing routines,
I think here in relation to removal of Trojan:Win32/Alureon.gen!

The tool is from a page on G2G so a reliable source

- download USBNoRisk from here: http://amf.mycity.co.yu/personal/bobby/USBNoRisk/usbnorisk.exe
   to your Desktop and run it by double-clicking the program's icon
- wait a couple of seconds for initial scan to be done
- connect all of the USB storage devices to the PC, one at a time, and keep each one connected
  at least  for 10 seconds
- if there are more USB storage devices to scan, please take a note
  about the order in which these were connected
- after all the devices are scanned, choose "Save log" option from right-click menu on Monitor tab.
   That will open the log in Notepad. Please copy/paste the log to forum

Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC, e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras, memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc,

Just wanted to post this here for making our thread more complete...

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline superhacker

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 979
  • superhacker != super mario
Re: USB
« Reply #8 on: November 03, 2009, 07:28:19 PM »
Try the panda tool"usb vaccine"
or write the next lines in a .txt file then rename it to :example.reg then add it to registry:



Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun"=dword:00000000
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveTypeAutoRun]
"NoDriveTypeAutoRun"=dword:000000b1
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:000000b1
Dreams don't die, they just fall asleep.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86803
  • No support PMs thanks
Re: USB
« Reply #9 on: November 03, 2009, 07:49:54 PM »
You shouldn't need to resort to this as there have been recent security updates that disable autorun as YoKenny mentioned in Reply #1.

So what you need to do is keep your OS up to date ;D
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.5.6015 (build 22.5.7263.730) UI 1.0.711/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline mkis

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1618
Re: USB
« Reply #10 on: November 04, 2009, 05:38:06 AM »
Hi pol

Here is reply to post   http://forum.avast.com/index.php?topic=50498.msg427974#msg427974

See txt file below
F: drive is the USB I use mostly now in daily imput / output to removable media.

UsbNoRisk does not pick up my VMClite modem or Mouse understandably
My Canon Powershot had been left connected so batteries were flat and no pick up there either.


I am certain Flash Disinfector was run at one stage, maybe not this USB on this computer.
I ran this USB with Flash Disinfector on another computer the day after it picked up an infection.
Since then it has been good as gold. MSE detected the intrusion.

I recently mislaid an 8GB San Cruzer, my main removable, which was probably the device that was run with Flash Disinfector on this computer. Can run Flash Disinfector again and come back.




« Last Edit: November 04, 2009, 05:42:09 AM by mkis »
Avast7 Free, MBAM (on demand), MVPS Hosts

Intel DG41TY, Windows 7 Ultimate, IE9, Google Chrome, 4 GB ram, Secunia PSI, ccleaner, Foxit Reader, Faststone Image viewer, MWSnap.

Offline mkis

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1618
Re: USB
« Reply #11 on: November 04, 2009, 05:40:36 AM »
I better copy and paste the text doc


USBNoRisk 2.5 (26 July 2009) by bobby

Started at 11/4/2009 5:21:09 PM

Searching for connected USB Mass storage...
----------------------------------------
F:  {70a4e5cc-d20a-11dd-b494-00115be720e7}
========================================

Searching for other storage...
----------------------------------------
C:  {7d81f538-d261-11dd-bd33-806d6172696f}
========================================

Scanning removable storage...
----------------------------------------

No blocked files found on F:
No Autorun.inf files found on F:
No mountpoint found for 70a4e5cc-d20a-11dd-b494-00115be720e7
No Desktop.ini files found on F:
No mimics found on drive F:
----------------------------------------


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 7d81f538-d261-11dd-bd33-806d6172696f
No Desktop.ini files found on C:
----------------------------------------
Avast7 Free, MBAM (on demand), MVPS Hosts

Intel DG41TY, Windows 7 Ultimate, IE9, Google Chrome, 4 GB ram, Secunia PSI, ccleaner, Foxit Reader, Faststone Image viewer, MWSnap.

Sesame

  • Guest
Re: USB
« Reply #12 on: November 04, 2009, 07:49:13 AM »
You shouldn't need to resort to this as there have been recent security updates that disable autorun as YoKenny mentioned in Reply #1.

So what you need to do is keep your OS up to date ;D
The patches introduced there are mere prerequisites to disable Autorun.
Quote
After the prerequisites are installed, follow these steps to disable Autorun.
After installing the patches corresponding to each OS, you could disable/tweak Autorun function by following the instruction given there as well.  Alternatively, you can use the tool introduced by polonus.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33667
  • malware fighter
Re: USB
« Reply #13 on: November 04, 2009, 08:57:22 PM »
Hi malware fighters,

I did install mxone Guardian with realtime usb protection. Updater works fine, scans swiftly, a real asset.
Report more here about this Mexican security solution for peripherals...

See it sitting there...
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline George Yves

  • Avast Überevangelist
  • Massive Poster
  • *****
  • Posts: 4102
  • Help you I can
Re: USB
« Reply #14 on: November 05, 2009, 07:36:57 PM »
I tried to install mxone Guardian too but failed.

First, Spywareterminator blocked installation of the Guardian's updater (it was detected as a trojan). I turned off ST's protection but it was the turn of ThreatFire to alarm me about the updater. I turned off the TF's protection too but my Vista refused to run the program - "Windows encountered a problem while running the program".
May the FOSS be with you!