Page 1 of 3 123 LastLast
Results 1 to 15 of 31
  1. #1
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    6,171
    Thanks
    200
    Thanked 781 Times in 715 Posts

    Do you know where your USB devices have been?

    Hey Y'all,

    Seems there is always another threat vector!

    Read all about it here.

    HTH
    May the Forces of good computing be with you!

    RG

    VBA Rules!

    My Systems: Desktop Specs
    Laptop Specs


  2. Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 7, Windows 8, Windows XP, Firefox, Internet Explorer, Google, etc. Join our 480,000 subscribers!

    Excel 2013: The Missing Manual

    + Get this BONUS — free!

    Get the most of Excel! Learn about new features, basics of creating a new spreadsheet and using the infamous Ribbon in the first chapter of Excel 2013: The Missing Manual - Subscribe and download Chapter 1 for free!

  3. #2
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    5,435
    Thanks
    128
    Thanked 495 Times in 455 Posts
    Currently I have two USB sticks that are sitting in my vacuum's bag.
    They got sucked up a couple of weeks ago by accident and I haven't been in the mood to break them out just yet.

    ...but at least I know where they are.
    DRIVE IMAGING
    Invest a little time and energy in a well thought out BACKUP regimen and you will have minimal down time, and headache.

    Windows 8.1, 64 bit
    Motherboard: DX58SO2*Chipset: X58 Express/Intel ICH10*BIOS: SOX5820J.86A.0888.2012.0129.2203*Processor: Intel Core i7 CPU X 990
    GPU: Nvidia GTX 580*Memory: Corsair 12 GB, 4x3@1600*PSU: Corsair HX1000*Hard drives: REVO X2 160GB*OCZ VERT X3 120GB*5 mechanical storage drives (12 TB) total.

  4. #3
    4 Star Lounger access-mdb's Avatar
    Join Date
    Dec 2009
    Location
    Oxfordshire, UK
    Posts
    521
    Thanks
    50
    Thanked 39 Times in 36 Posts
    Just as long as you can trust Dust Puppy

  5. #4
    Silver Lounger
    Join Date
    Aug 2012
    Location
    UK
    Posts
    1,839
    Thanks
    30
    Thanked 250 Times in 244 Posts
    If they can infect a system just by being plugged in - how would you safely run a malware scan on them ?

  6. #5
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    6,171
    Thanks
    200
    Thanked 781 Times in 715 Posts
    Sudo,

    A good reason to turn off AutoRun.
    HTH
    May the Forces of good computing be with you!

    RG

    VBA Rules!

    My Systems: Desktop Specs
    Laptop Specs


  7. The Following User Says Thank You to RetiredGeek For This Useful Post:

    mrjimphelps (2014-08-01)

  8. #6
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    2,751
    Thanks
    80
    Thanked 339 Times in 306 Posts
    Quote Originally Posted by Sudo15 View Post
    If they can infect a system just by being plugged in - how would you safely run a malware scan on them ?
    Antivirus wouldn't reach the USB firmware anyway:

    We demonstrate a full system compromise from USB and a self-replicating USB virus not detectable with current defenses

  9. The Following User Says Thank You to BruceR For This Useful Post:

    Sudo15 (2014-08-01)

  10. #7
    Silver Lounger
    Join Date
    Aug 2012
    Location
    UK
    Posts
    1,839
    Thanks
    30
    Thanked 250 Times in 244 Posts
    Quote Originally Posted by BruceR View Post
    Antivirus wouldn't reach the USB firmware anyway:

    We demonstrate a full system compromise from USB and a self-replicating USB virus not detectable with current defenses
    Must have missed that bit.

    For RG - N/A for Win 7 https://support.microsoft.com/kb/967715 - at a guess (XP, Vista and the rest before my time) AutoRun must be Win 7's equivalent of PnP ?

    I ran a MBAM scan on a brand new Cruzer Edge 16GB stick today and while it reported it had found two Shell items, its log report reported everything clean - hope it still works
    Last edited by Sudo15; 2014-08-01 at 15:01.

  11. #8
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    6,171
    Thanks
    200
    Thanked 781 Times in 715 Posts
    Sudo,

    OOPS! It's now called Auto Play but it's the same concept. Here's how to disable.

    That's the problem with getting old...you have to knock one thing out of the grey matter to have room for something new. headbang.gif

    HTH
    May the Forces of good computing be with you!

    RG

    VBA Rules!

    My Systems: Desktop Specs
    Laptop Specs


  12. #9
    Silver Lounger
    Join Date
    Aug 2012
    Location
    UK
    Posts
    1,839
    Thanks
    30
    Thanked 250 Times in 244 Posts
    I knew what you meant as regards AutoRuns/Auto Play (courtesy of Wiki ) but not really sure how that applies to USB flash drives.

    I plugged in a stick and it didn't register in the listed devices at the bottom and USBs aren't listed in the main column ?

  13. #10
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    6,171
    Thanks
    200
    Thanked 781 Times in 715 Posts
    Sudo,

    USBs are classified as a Removable drives.
    USBKey.JPG
    HTH
    May the Forces of good computing be with you!

    RG

    VBA Rules!

    My Systems: Desktop Specs
    Laptop Specs


  14. #11
    Lounger lostwages's Avatar
    Join Date
    Jun 2010
    Location
    In a Box under a Bridge
    Posts
    35
    Thanks
    13
    Thanked 2 Times in 2 Posts
    Quote Originally Posted by RetiredGeek View Post
    Hey Y'all,

    Seems there is always another threat vector!

    Read all about it here
    I'm not surprised to know of the potential for infections on removable USB drives.

    Many of you who have been computing since the early 80's may remember this old joke...
    Q: What's the first thing you do with a floppy disc you receive from your dear, sweet Mother?
    A: SCAN IT, of course!
    Last edited by lostwages; 2014-08-07 at 17:14.
    Happy Computing,

    Rich

  15. #12
    3 Star Lounger KritzX's Avatar
    Join Date
    Jun 2014
    Posts
    380
    Thanks
    15
    Thanked 42 Times in 42 Posts
    Disabling AutoPlay on my Win7 system didn't help at all. A few months ago, I had to plug my flash drive into my friend's system, and copy over a few documents. After the transfer, as soon as I plugged the flash drive back into my laptop, Avast went bonkers! It kept beeping incessantly and exclaiming "THREAT DETECTED". And, the most importantly, Avast kept blocking viruses EVEN AFTER I UNPLUGGED THE FLASH DRIVE.

    I let the computer sit for some time (after turning off the speakers, of course ), Avast stopped showing warnings. I then proceeded to dig into the Virus Chest. This is the number of items I found there:

    10739

    I would have posted a screenshot of that Virus chest, had I not obliterated it ASAP.
    Fact of Life:

    “Real stupidity beats artificial intelligence every time.”
    Terry Pratchett

  16. #13
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,270
    Thanks
    130
    Thanked 1,153 Times in 1,062 Posts
    Flash drives were already not much advisable due to their unreliability. I've seen it too often - you need the drive and it simply fails. Now you have this serious threat, against which there are no defenses.

    Flash drives need to be treated like your toothbrush - for personal use, exclusively. If you need to transfer files elsewhere, use the network.
    Rui
    -------
    R4

  17. #14
    2 Star Lounger
    Join Date
    Jun 2014
    Location
    Queensland, Australia
    Posts
    176
    Thanks
    0
    Thanked 7 Times in 7 Posts
    Quote Originally Posted by RetiredGeek View Post
    Hey Y'all,

    Seems there is always another threat vector!

    Read all about it here.

    HTH
    I have been using USB Thumbdrives since they first became available. I soon discovered that there is considerable variation in both quality and efficiency. Kingston and Transcend brands stand apart from the crowd.

    About ten years ago I began using the portable version of Total Commander (http://www.ghisler.com/) on my Thumbdrives, because it displays all files present on the Thumbdrive.

    Two or three years ago there were several prevalent viruses targeting USB drives, most often associated with educational institutions and travel agencies. These viruses would place files on any USB drive immediately after it was connected including an "autorun.inf" file. If the USB drive was subsequently connected to another computer which had Autorun/Autoplay enabled the virus would then infect that computer as well.

    Because I was using Total Commander I would know immediately if an "autorun.inf" etc. and/or other unexpected files were present on the USB drive, so could immediately take corrective action.

    As a technician I am repeatedly connecting my thumbdrives to customers' computers each day, so I have to be particularly careful about these kinds of infections/exploits. I carry two thumbdrives on a lanyard; the main one is a 32GB Kingston, the second is a 16GB Kingston for backup. The 32GB Kingston thumbdrive has a little more than 20GB of software on it that I need for working on customers' systems.

    I have looked at the article you linked to. As I understand it the big worry is to do with USB Hard Disk Drives rather than USB Thumbdrives ("Flash Disks"). AFAIK thumbdrives do not have any firmware, but USB HDDs definitely do have firmware so are susceptible to the exploit detailed in the article.

    If you have a thumbdrive or even a USB HDD that you suspect might be infected, then you could use an AV/AS boot CD to run a scan on it. See: http://www.avg.com/au-en/avg-rescue-cd or http://windows.microsoft.com/en-AU/w...fender-offline for example. You would need to have the suspect device connected to the computer then boot from the CD then run a scan on the suspect drive.
    Computer Consultant/Technician 15+ years experience.
    Most common computing error is EBKACB: Error Between Keyboard And Chair Back
    AMD FX8120 (8-core @ 3.1GHz) CPU, Gigabyte GA-990FXA-D3 motherboard, 8GB (2x4GB) DDR3 1866MHz RAM, ATI-AMD Radeon HD6770 PCI-E VGA, 480GB Kingston SSD, 2TB Seagate SATA3.0 HDD, ASUS DVD/RW.

  18. #15
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    2,751
    Thanks
    80
    Thanked 339 Times in 306 Posts
    Quote Originally Posted by Coochin View Post
    I have looked at the article you linked to. As I understand it the big worry is to do with USB Hard Disk Drives rather than USB Thumbdrives ("Flash Disks"). AFAIK thumbdrives do not have any firmware, but USB HDDs definitely do have firmware so are susceptible to the exploit detailed in the article.
    USB thumb drives are mentioned in the article at least eight times; USB hard disk drives aren't specifically mentioned once.

    USB flash drives do apparently have firmware: 'Chip' exploited: USB 'critically flawed' after bug discovery, researchers say

    Bruce

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •