View Full Version : USB cleaning on Windows 7
therydan
2010-05-25, 03:24
A while ago i cleaned up a infection on my system and the only thing that remains is to disinfect the source now. My USB-flash drive. My helper suggested flash disinfector from Bleeping Computer but it didnt help. I'm guessing because I use Win7. Every time i pop it in my computer, it goes yelling, complaining about its autorun trying to infect it. Any other suggestion? ^^
Thanks guys!
Do you still need help with the problem?
therydan
2010-06-02, 22:39
Yes. The last reply from my helper in the previous thread was to run flash disinfector found at Bleeping Computer and i was gonna be ok. I read the last reply from a computer not having my usb available and after that i simply forgot about it. Just now i popped it into my friends computer running Vista 32 and his AV also started screaming. I now scanned it with Avira and it showed TR/Dropper.Gen while my friends computer (NIS) said it was W32.IRC Brute. So i would think i still need help.. How do i run flash disinfector on windows 7 or if that wont work, what can i do instead?
Hi
I haven't forgotten you.
I'm sorry that there will be a delay before I post a solution for your problem.
Please continue to reply to my posts in this thread until it's archived.
Please right click the file autorun.inf on the root of your USB-stick and choose Edit. Please post the content in your next reply. If any problems, STOP following these instructions and post back description of the problem. Please include information about the filesystem of your usb-stick and the drive letter Windows assigns to it.
If your USB-stick is formatted with the NTFS-file system: STOP following these instructions and post back with this information. If you are unsure, stop and ask for advise.
Download, install and run Panda USB Vaccine
The usb vaccination performed by this program will permanently disable any autorun.inf functionality of your usb stick. After the vaccination you will be able to use the usb stick normally and files (even malware) can be copied to/from it, however they will be prevented from executing automatically. This vaccination can only be reversed with a reformat of the usb stick.
Download and save Panda USB Vaccine from >>>here (http://download.cnet.com/Panda-USB-Vaccine/3000-2239_4-10909938.html)<<<.
Double click the file USBVaccineSetup.exe to start the installation.
During setup uncheck the option to Run Panda USB Vaccine automatically when computer boots.
Start Panda USB Vaccine.
Insert your usb-stick, choose the correct drive letter (i.e "F:\") and click Vaccinate USB.
When it's finished, close the program.
You can delete the downloaded USBVaccineSetup.exe.
Scan your usb-stick with Avira
Right click the Avira AntiVir tray icon and choose Start AntiVir.
A window will open.
Click Configuration, another window will open.
Check Expert Mode
Click General in the menu to the left.
Check Select all in the Extended Threat Categories
Click OK
Click Start update and wait for the update to finish.
Click Local Protection in the menu to the left.
A menu will appear under it. Click Scanner.
Right click Removable Drives and select Start scan.
If/When Avira detects a threat, choose Move to quarantine and check Apply selection to all following detections, then click Ok.
When the scan is finished, click the Report button.
The scan log will open. Copy and paste it in your next reply.
Please post back the following in the order asked for:
Did you run into any problems?
The contents of autorun.inf
Include the Avira log (if not requested to stop)
Dakeyras
2010-06-09, 13:56
Due to the lack of feedback this Topic is closed.
If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than three days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.