An infected pendrive?

[LunarWolf]

I recently plug my pendrive into an infected computer that I was helping my friend to clean using the latest Kaspersky Rescue CD. It remove majority of the viruses. I then install the AVP tool to check to see any more iis left behind. I svaed the installed file on my pendrive. It detected some trojans.

The weird thing is when I plug back my pendrive into my house computer to be disinfected, all my house 3 computers all show clean (they are avast! free v5, Avira free v10, KIS 2010)

So is my pendrive clean?

If yes, then why? I thought trojans all infect pendrives?

PS All the house computers and my pendrive are vaccinated with Panda USB Vaccine.

[sujay]

Well as I don't use Panda's Vaccination I am not aware of it. I guess vaccination feature simply delete the autorun.inf file.
I use immunization feature by USB Virus Scan, after inserting my pendrive even in infected PC, it doesn't get infected. This is because immunization generates a folder called autorun.inf whose path is somewhere hidden making it's deletion impossible. So, autorun.inf file can't be generated.
I guess same is happening for Panda's too.

[hellnoire]

Panda USB Vaccine stopped it Lunar.... that's why it's clean.

A Vaccine, if you don't know what that is, means it gives a shot to someone of a weakened form of virus, and lets your antibodies fight that. If you get infected with the actual disease, they will make sure to attack the virus the same way. That's what the USB Vaccine did, in effect. It locked down your autorun.inf and autorun features, meaning you don't get infected via pen drives anymore.

I believe the saying RTFM might be in order here.

[Alboguy]

I believe your pendrive it's clean since Kaspersky Recue CD and AVP tool deleted the active viral processes from your frinds PC. Even if your friends PC might be still infected the active processes are deleted and no virus would be able to copy itself to the pendrive. So use your pendrive with no fear.

[LunarWolf]

Panda USB Vaccine stopped it Lunar.... that's why it's clean.

A Vaccine, if you don't know what that is, means it gives a shot to someone of a weakened form of virus, and lets your antibodies fight that. If you get infected with the actual disease, they will make sure to attack the virus the same way. That's what the USB Vaccine did, in effect. It locked down your autorun.inf and autorun features, meaning you don't get infected via pen drives anymore.

I believe the saying RTFM might be in order here.

That is not really true. Once I plug in my pendrive (vaccinated) into the school computer, I came back with a Kido. Kaspersky deal with it. I believe a virus still can copy itself into my pendrive but will remain unactive.

I know what a vaccine is.

[sujay]

Some virus skips vaccination/immunization, not all...

[alpha1]

I use Autorun Virus Remover, it is like a Removable Device Firewall, when you plug in you removable device, immediately it removes any autorun.inf file automatically, and it has also vaccination features (you can vaccinate any drive you want).

[safeguy]

There's really NO NEED to use a 3rd-party program to disable auto-run. A lot of the articles on the web gets things messed up and it makes it worse with the plethora of apps that eventually do the same thing.

I've mentioned this before on my Securing Windows Guide, but I might as well copy and paste it over here. Here it is for you guys:

5. Protect your PC from infected USB drives and other removable media (disable autorun.inf)

We all have heard of the term "disable Autorun" and that's what we need to do exactly, not disable Autoplay. It's a widely spread terminology mistake....even among many techies. And to make it worse, there's a "correct" way and a "wrong" way to do it - bet you didn't know that...

Difference between Autorun and Autoplay:
Autorun and Autoplay: screwed by terminology

The "correct" way to disable it:
The best way to disable Autorun for protection from infected USB flash drives

Even better, read this: (OK READ THIS!!!)
Why Disabling Autorun Only Helps The Viruses, and
What You Should Actually Do to Protect Yourself.

Hope this helps.

[sujay]

Hi LunarWolf,
Lets see if your Pen-Drive contains any virus.
1. Copy all the files in your PC.
2. Delete temp files in the Pen Drive with USBDriveFresher.
3. Now go to the properties of the USB Drive and see how much space is occupied?
4. Format the Drive and compare the now occupied space with the previous one. If that varies, then it contained Virus else not...

[Ceyfer √]

Windows Autoplaysecurity/updates: here & here

Any decent AV can cure/disinfect any infected usb flash device. Sometimes it is good just to format it.