Usb Kingston Thumb Drive Infected

[vagabond48]

While traveling, my kingston thumb drive got infected with 3 viruses. First, I got 2, new folder.exe and regsrv.exe then after formatting my thumb drive, I got a third, recycle.exe. I didn't see any autorun files and this PC did not allow me to change the folder option to view hidden or system files so who knows what else is lurking inside my drive. I also downloaded and installed malwarebytes on theinfected PC but when I run it, it alter the malwarebytes exe so that it was not useable.

I will be returning in about a week but I don't want to use the drive until I can figure out how to safely get rid of them. I know the easy way would be to thrash the drive.

Anyone had any experience with these nasty germs? I have searched google and found software that supposedly will clean these bugs but at a hefty price.

I still don't know why standard flash drives still don't have a hardware write protect feature like its cousin the SD cards?

[BB1950]

I have searched google and found software that supposedly will clean these bugs but at a hefty price.

Warning! Many of these malware removal products that claim they can remove difficult malware are just a scam and will most like be malware. Don't spend the money!

What OS are you using?

Try running the PC in safe mode to install and run malwarebytes or boot the computer from a LiveCD to remove suborn malware.

Note: You should make a backup of your system and thumbdrive before attempting any malware removal.

Edited March 23, 2012 by BB1950

[lifemagic]

The recycle virus is the only virus that ever really screwed with me, mainly because it renames folders recycler.exe or something, making folders look like programs, which you (i) naturally delete, but it had all my work in.

The way I dealt with it was using my Linux netbook, simply plugged it in and deleted anything I didn't recognise from the command line.

Another time I was in Bangkok and I went to a cybercafe called Terravision, horrible place but they have really good installed virus software. I just let it do it's thing and it cleared it up for me.

Another option is if you look at the portable apps, there's an anti virus included there with supposedly up to date definitions, though I had less luck with that myself.

The main thing is, try and get any important individual documents in the cloud if you haven't already done so, google docs, picasa etc.

[vagabond48]

I have searched google and found software that supposedly will clean these bugs but at a hefty price.

Warning! Many of these malware removal products that claim they can remove difficult malware are just a scam and will most like be malware. Don't spend the money!

What OS are you using?

Try running the PC in safe mode to install and run malwarebytes or boot the computer from a LiveCD to remove suborn malware.

Note: You should make a backup of your system and thumbdrive before attempting any malware removal.

I wouldn't buy them for 2 reasons. You named the 1st and the 2nd is because one software would charge more than the thumb drive is worth. I am using XP Pro but as I wrote my PC isn't infected since I don't plan to plug in my thumbdrive until I feel I can remove the viruses.

[vagabond48]

I do know a shop that re-installs their OS with some form of ghost. I might take it there.

[roban]

I do know a shop that re-installs their OS with some form of ghost. I might take it there.

You have to save all you personal data to a second/external drive first.

"Imageing" with ghost / acronis or similar software will destroy all data on your system partition!

And second, are you 100% sure, that the image, the shop will copy on to your pc, is clean and virus-free?

Edited March 24, 2012 by roban

[pattayadingo]

http://housecall.trendmicro.com/

i had some spare time on my hands and there are some sites that say trend Micro can remove those infections. The URL above is the free scan from them.

Before using or logging on to get the scan, you need to boot in safe mode and turn off system restore. (those infections will continue to reinfect via system restore).

Several variants of AutoIt worm reported in the wild. It is also known as Trojan.Win32.Autoit.ci, W32/Sohana-AZ, W32/YahLover.worm, W32.Imaut, TR/Autoit.CI.14 W32/Autorun-GG, WORM_DELF.FKZ

The above variants of [ new folder.exe AKA regsrv.exe ] may be helpful for future searches.

[vagabond48]

I do know a shop that re-installs their OS with some form of ghost. I might take it there.

You have to save all you personal data to a second/external drive first.

"Imageing" with ghost / acronis or similar software will destroy all data on your system partition!

And second, are you 100% sure, that the image, the shop will copy on to your pc, is clean and virus-free?

I was not clear enough. I meant, taking my thumb drive there and have their AV software clean my thumbdrive. I have already written twice that my laptop IS NOT infected.

[bendejo]

I agree with post #2: boot up your system using a Linux LiveCD. Insert the USB drive. A virus/malware written for Windows will not run on Linux, so you should be safe there. Copy whatever it is you want to salvage from the pen drive onto computer's hard drive.

DO NOT COPY EVERYTHING, because it can include the crud that caused this problem in the first place.

When done, reformat the pendrive.

If you have doubts about what to keep, after copying the stuff put it in a zip file, password-protected. Then boot into Windows and run your antivirus/malware detector on the zip file.

Situations like this are when the junky, outdated computer you keep in the closet can come into play as a quarantine system.

Let us know how it goes.

[vagabond48]

I agree with post #2: boot up your system using a Linux LiveCD. Insert the USB drive. A virus/malware written for Windows will not run on Linux, so you should be safe there. Copy whatever it is you want to salvage from the pen drive onto computer's hard drive.

DO NOT COPY EVERYTHING, because it can include the crud that caused this problem in the first place.

When done, reformat the pendrive.

If you have doubts about what to keep, after copying the stuff put it in a zip file, password-protected. Then boot into Windows and run your antivirus/malware detector on the zip file.

Situations like this are when the junky, outdated computer you keep in the closet can come into play as a quarantine system.

Let us know how it goes.

There is nothing of value on the drive now as I previously wrote, I reformatted it on the infected PC and of course, it did not fix the problem. I just want to salvage the drive as opposed to thrashing it.

Sounds like Linux LiveCD is a good option. I did some google search but I am a little confused as to which LiveCD I should use. Any suggestions?

[bendejo]

Looks like the crud messed up the boot sector or partition table of your pen drive.

Here's something that may help.

Download this; http://sourceforge.n...ad?source=files

In this package is a utility called grubinst_gui

Run it and a window pops up

With your pen drive attached, select 'Disk' then Refresh (the various Refresh-ing in this tool may require a few clicks, be patient). In the selection click your pendrive

CAREFUL HERE! If you accidentally pick your hard drive you'll be SOL

Down in the "Part List" selector hit it's Refresh, then select "Whole Disk (MBR)"

Under Options select "Don't Search Floppy"

By now it should look like the image I attached, but my hd1 is my 8Gb pen drive

Go to the bottom and click the Install button

This should clear things out. If all is now well, you should be able to do a simple re-format in Windows.

I'm sure there are a dozen other partitioning tools as well to deal with this.

If you want to check out the LiveCD just go to the Ubuntu website and download the latest. Within that, you can reformat the pendrive using the partitioning tool.

Let us know how it goes. If you know the name of the virus, tell us.

Edited March 26, 2012 by bendejo