Page 1 of 2 12 LastLast
Results 1 to 15 of 21
  1. #1
    Lounger
    Join Date
    Aug 2012
    Posts
    40
    Thanks
    20
    Thanked 2 Times in 2 Posts

    Thumbdrive got virus/trojan on it: want to make sure I'm ok

    Hi folks,

    I took my thumb drive to the local UPS store for them to print out something for me, and they were nice enough to put a virus/trojan from their computer on it! Ugh. I came home, put the thumb drive in my computer and did a routine scan on it with Microsoft Security Essentials (as I always do after using it at a place like that). And this is what I got back from the scan:

    TrojanSpy:MSIL/Hakey.A

    Category: Trojan Monitoring Software

    Description: This program is dangerous and records user activity.

    Recommended action: Remove this software immediately.

    Items:
    file:G:\E Video and other stuff.exe
    file:G:\Trader Joe's.exe
    file:G:\Uke Club.exe
    file:G:\VF.exe
    These are names of folders on the thumbdrive, and it looks like .exe files were created with the same names. Is that how this sort of thing works? I never actually opened the thumbdrive to see these files on it, just saw that they were detected by MSSE. I chose to remove the files and it did so from the thumbdrive. I updated MS Security Essentials and Malwarebytes Anti-Malware (free) to the newest definitions and scanned the thumbdrive again and it showed clean. I searched for one of the files on my hard drive and nothing came up, but I'm running full scans with MS Security Essentials, Malwarebytes Anti-Malware (free), and the old Spybot right now to be sure.

    If those all come up clean, do I have anything to worry about?

    Would I have to of run one of those .exe files that were created in order for the trojan monitoring software to take effect?

    Could something bad have "jumped" to my laptop from the thumbdrive without my opening the thumbdrive?

    I have autoplay/autorun turned off on my laptop, as far as I know (running Windows 7 Home Premium 64-bit). (Note: I do not have this month's Windows Updates applied as of yet, per Woody's alert notice.)

    Any help is appreciated -- thanks!

  2. #2
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    If they were detected by MSE I think it's pretty safe to conclude they were not executed, or MSE would have detected the execution as well.
    With thumb drives, just as with optical disks, the problem may be your autorun settings. It is possible, via autorun, that malware set to execute will be executed.

    In your situation, as I said, it's safe to conclude the malware was not executed. I would take a look to see if there are more files that were not there before the visit to the UPS store, just to make sure there is nothing that could have escaped MSE's and Malwarebytes detection.

  3. The Following User Says Thank You to ruirib For This Useful Post:

    WindowsWasher (2013-03-07)

  4. #3
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    6,121
    Thanks
    160
    Thanked 609 Times in 557 Posts
    Have MSE remove the Trojan, then run MBAM to confirm you are free of it.
    DRIVE IMAGING
    Invest a little time and energy in a well thought out BACKUP regimen and you will have minimal down time, and headache.

    Build your own system; get everything you want and nothing you don't.
    Latest Build:
    ASUS X99 Deluxe, Core i7-5960X, Corsair Hydro H100i, Plextor M6e 256GB M.2 SSD, Corsair DOMINATOR Platinum 32GB DDR4@2666, W8.1 64 bit,
    EVGA GTX980, Seasonic PLATINUM-1000W PSU, MountainMods U2-UFO Case, and 7 other internal drives.

  5. The Following User Says Thank You to CLiNT For This Useful Post:

    WindowsWasher (2013-03-07)

  6. #4
    Super Moderator jwitalka's Avatar
    Join Date
    Dec 2009
    Location
    Minnesota
    Posts
    6,792
    Thanks
    117
    Thanked 798 Times in 719 Posts
    If you have copies of what's on the thumb drive, you might want to reformat it before you use it again.

    Jerry

  7. The Following User Says Thank You to jwitalka For This Useful Post:

    WindowsWasher (2013-03-07)

  8. #5
    Lounger
    Join Date
    Aug 2012
    Posts
    40
    Thanks
    20
    Thanked 2 Times in 2 Posts
    Thanks, everyone. Done and done! Everything looks good, from the various scans.

    How can I check my autorun/autoplay settings? What do I set to make sure a thumbdrive isn't run automatically? (I'm pretty sure I have it set now not to, but want to double-check.)

    Also, how necessary is it to reformat the thumbdrive at this point?

    Thanks again!

  9. #6
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    A very detailed explanation on various methods and downloaded registry files that can be used can be found here:

    http://www.sevenforums.com/tutorials...e-disable.html

    No, I don't think you need to reformat the drive, per the reasons stated before, but you can always do it for extra assurance, if you feel so inclined.

  10. The Following User Says Thank You to ruirib For This Useful Post:

    WindowsWasher (2013-03-07)

  11. #7
    Super Moderator jwitalka's Avatar
    Join Date
    Dec 2009
    Location
    Minnesota
    Posts
    6,792
    Thanks
    117
    Thanked 798 Times in 719 Posts
    I agree with Rui about reformatting. I only suggested it if you have other copies of the data and wanted an extra level of assurance. It's purely optional. I've successfully cleaned several hard drives of heavy virus infections (hits in the hundreds with Malwarebytes and having to resort to other methods of cleanup) without reformatting and have never had a callback.

    Jerry

  12. The Following User Says Thank You to jwitalka For This Useful Post:

    WindowsWasher (2013-03-07)

  13. #8
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,631
    Thanks
    161
    Thanked 936 Times in 856 Posts
    Just a suggestion, but you might want to let UPS know what happened so they can attempt to prevent this on someone else's PC that is not so vigilant.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  14. The Following User Says Thank You to Medico For This Useful Post:

    WindowsWasher (2013-03-07)

  15. #9
    Lounger
    Join Date
    Aug 2012
    Posts
    40
    Thanks
    20
    Thanked 2 Times in 2 Posts
    I actually immediately called UPS and let them know.

    Thanks again, everyone!

  16. #10
    New Lounger
    Join Date
    Mar 2013
    Posts
    7
    Thanks
    0
    Thanked 1 Time in 1 Post
    There is a program that provides a means of securing USB drives, and is designed to prevent infections transmitted via removable drives. It is called MCShield.
    This program has no association with McAfee.


    Download site for MCShield:
    http://amf.mycity.rs/mcshield/downloads.html
    Save to the Desktop.

    Double-click the MCShield-Setup to install the program.
    Follow the prompts.

    Once at the program console, click Run for MCShield to finish its initial scan.

    Under the General and Scanner tabs, use the defaults items already checked.

    Click: OK

    Plug in your USB storage device to the computer (only one at a time).
    Scanning is done automatically. (Uses a heuristic engine to detect and neutralize threats in real-time.)

    When all done, a report is created.

    The report can be found when you go to: Start > All Programs > MCShield > Logs

    If any malware is found, please post the McShield report in your reply.
    Last edited by cottonball; 2013-03-14 at 12:02.

  17. #11
    New Lounger
    Join Date
    Dec 2009
    Location
    Baltimore, MD
    Posts
    10
    Thanks
    0
    Thanked 10 Times in 5 Posts
    Another useful product would be Panda's USB Vaccine, available at:
    http://research.pandasecurity.com/Pa...toRun-Vaccine/

    From their site:

    The free Panda USB Vaccine can be used on individual USB drives to disable its AUTORUN.INF file in order to prevent malware infections from spreading automatically. When applied on a USB drive, the vaccine permanently blocks an innocuous AUTORUN.INF file, preventing it from being read, created, deleted or modified. Once applied it effectivelly disables Windows from automatically executing any malicious file that might be stored in that particular USB drive.

  18. The Following User Says Thank You to griesner For This Useful Post:

    HealingHands33 (2013-03-16)

  19. #12
    New Lounger
    Join Date
    Jul 2012
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Had the same problem. I renamed the .exe back to folder, then opened the folder and copied my files.
    Good luck.

  20. #13
    2 Star Lounger bmeacham's Avatar
    Join Date
    Jan 2001
    Location
    Austin, Texas, USA
    Posts
    191
    Thanks
    4
    Thanked 4 Times in 4 Posts
    I use a free program called Protect My Disk, available at http://secusimple.com/protectmydisk.html. It creates a hidden directory named Autorun.inf on a USB drive, which prevents any malicious software on another computer from putting its own autorun.inf file on it. It is seems to be similar to Panda USB Vaccine. Works quite well, so far as I can tell.
    Bill Meacham
    bmeacham98 AT yahoo.com

  21. The Following User Says Thank You to bmeacham For This Useful Post:

    HealingHands33 (2013-03-16)

  22. #14
    2 Star Lounger
    Join Date
    Dec 2009
    Location
    near Boulder, Colorado, USA
    Posts
    112
    Thanks
    22
    Thanked 4 Times in 4 Posts
    If you can find a thumb drive with a hardware write-protection switch, it should be immune to such shenanigans.

    SD Cards, while they have a write-protect switch, are actually no good for this purpose because it’s not actually hardware write protection – at best the card reader sends a signal to the operating system that the drive should be treated as read-only. The write-protect switch on the cards is read by a sensor that’s part of the card reader, and the card reader then passes along to the operating system whether the card is read-only. (From http://www.fencepost.net/2010/03/usb...te-protection/)

    That same URL also discusses issues with software-based and OS-based write-protection.
    HTH.

  23. #15
    Star Lounger JCitizen's Avatar
    Join Date
    Apr 2012
    Posts
    72
    Thanks
    61
    Thanked 7 Times in 6 Posts

    Mse?

    Good post cosmlou;

    I would also suggest a scan by Super-Anti-Spyware in normal mode; it can catch things MBAM leaves behind. The other good thing about it, is you don't usually have to boot to safe-mode to make sure everything that is possible to detect is removed. I make a pretty good living cleaning up trashed machines that relied on MSE - I can't see what people like about it, other than maybe it is light on resources. It is hardly a thorough solution.
    Last edited by JCitizen; 2013-03-14 at 22:57. Reason: spelling

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •