Spyware Warrior

datababe · Posted: Mon Jan 05, 2009 5:12 pm Post subject: USB Virus, lovely!

Well, not specifically USB as it appears to target the root of any writable media, but I had a nasty bug on an infected laptop try to whack one of my thumb drives today. A few things I found looking it up....

http://www.techsupportforum.com/microsoft-support/windows-xp-support/315657-recycled-boot-com-not-valid-win32-application.html

http://answers.yahoo.com/question/index?qid=20080927041605AAG9pH0

http://www.techspot.com/vb/topic118473.html
(looks like this has been around for a while)

Anyone have opinions on this recommendation?

http://www.precisesecurity.com/tools-resources/adware-tools/flash-disinfector/

Okay, I'm off to shop for an Ironkey... Wink

_________________
- Datababe
Until you spread your wings, you'll have no idea how far you can walk.
http://redoakranch.x10hosting.com
http://datababe007.blogspot.com

wyrmrider · Posted: Mon Jan 05, 2009 6:41 pm Post subject:

been around awhile

http://sparksspace.blogspot.com/2008/08/how-to-clean-virus-infected-flash-drive.html

http://www.bleepingcomputer.com/forums/topic128514.html

suzi · Posted: Mon Jan 05, 2009 9:08 pm Post subject:

I've been looking at the Ironkey also. Do you know if any retail stores sell them? I looked some time ago and could not find any.

If anyone wants to check it out...

https://www.ironkey.com/
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile

datababe · Posted: Tue Jan 06, 2009 6:11 am Post subject:

I haven't found it retail yet. I'll probably go with Thinkgeek:

http://www.thinkgeek.com/gadgets/security/99f1/

Their price for the basic 4GB beats this:

https://store.ironkey.com/basic

Thinkgeek doesn't offer the 8GB flavor, but $200+ makes me cringe, and I don't plan to load the thing up with MP4s anyway. Besides I want the geekpoints. Very Happy

_________________
- Datababe
Until you spread your wings, you'll have no idea how far you can walk.
http://redoakranch.x10hosting.com
http://datababe007.blogspot.com

Proactive Services · Posted: Thu Jan 08, 2009 3:16 am Post subject:

I've come across such malware twice in the last few months. One came from an iPod which NOD32 nabbed, thankfully. Other one was at a 20+ PC installation...what a mess that was!
_________________
Adam Piggott, Proprietor, Proactive Services (Computing)

Professional, friendly computer support in Hampshire, UK.

datababe · Posted: Fri Jan 16, 2009 11:18 am Post subject:

They may be after more than just $49.99 per victim...

http://www.darkreading.com/security/attacks/showArticle.jhtml;jsessionid=TRX1XWCD5MAYGQSNDLOSKH0CJUNN2JVN?articleID=212900793

suzi · Posted: Fri Jan 16, 2009 9:41 pm Post subject:

Conficker / Downadup are really nasty beasts. Some detailed info here:

http://blog.trendmicro.com/security-policy-for-dummies-how-to-avoid-worm_downad-infection/

http://www.trendmicro.com/vinfo/secadvisories/default6.asp?VNAME=WORM%5FDOWNAD%2EAD+URLs&Page=

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FDOWNAD%2EAD&VSect=T
check out the list of passwords used in the dictionary attack

Advice from Microsoft on dealing with this:
http://support.microsoft.com/kb/962007

Instructions for disabling autorun for usb devices:
http://msdn.microsoft.com/en-us/library/cc144204.aspx
http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/regentry/93502.mspx?mfr=true
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile

Writer · Posted: Mon Feb 23, 2009 6:22 pm Post subject:

I have a question about USB viruses, though not specifically this one. Obviously the best way to protect yourself from a USB virus would be to only use USB drives that don't have viruses on them, but is having autorun disabled and scanning the USB drive before you open it a way to make sure you don't get infected? Or can a USB virus still get on your computer even if you have autorun disabled and do a virus scan?

Proactive Services · Posted: Tue Feb 24, 2009 2:58 am Post subject:

If autoplay is *properly* disabled then I do not believe that infection can occur automatically, unless it leverages an exploit in Windows in the future.
_________________
Adam Piggott, Proprietor, Proactive Services (Computing)

Professional, friendly computer support in Hampshire, UK.

datababe · Posted: Tue Feb 24, 2009 9:36 pm Post subject:

The key there is properly (and thoroughly).

The flip side of the coin is to make sure your thumb drives aren't at risk of getting compromised by an infected pc. I've been busy shoring up my defenses on that front - I don't need my critical toolkit rendered useless by a computer that I'm trying to rescue! Confused

_________________
- Datababe
Until you spread your wings, you'll have no idea how far you can walk.
http://redoakranch.x10hosting.com
http://datababe007.blogspot.com

Nightmaretony · Posted: Sun Mar 08, 2009 4:02 pm Post subject:

My habit is to throw me saver toolkit on a CD Rom. Viruses have a HELL of a time trying to infect one!
_________________
For this is the place
where dreams
and nightmares
are birthed
and bred

Nightmare Park

datababe · Posted: Mon Mar 09, 2009 7:28 am Post subject:

Yep, me too. My newest plaything is a Puppy Linux bootable CD. That un' is a tough nut to crack. The downside is I have a hell of a time updating tools on a CD. Wink

I can't just burn new CDs every other week or so - my budget's so tight these days it squeaks going into a turn... Rolling Eyes

_________________
- Datababe
Until you spread your wings, you'll have no idea how far you can walk.
http://redoakranch.x10hosting.com
http://datababe007.blogspot.com

mikey · Posted: Mon Mar 09, 2009 9:13 am Post subject:

If you handle a lot of media that may contain unknown auto-runs and you don't have 'auto-run' disabled, you might be interested in the USB Firewall.

Since NOTHING can initiate on our sys without prior admin approval, I don't need this or any other kinds of anti-malware wares. However, I understand this tool works great and with a lightweight footprint.

Ref; http://www.net-studio.org/application/usb_firewall.php

Direct DL; http://www.net-studio.org/software/USB_FW.rar

HTH
_________________
-
W2K/2K3/XP/2K8/Vista/W7/RHE/DEBIAN/SUSE

Spyware/Adware is NOT freeware, it costs all of us dearly.

Mikey's Stuff

Fiddler and friends...essential web diagnostic, forensic, & development tools.
-

datababe · Posted: Tue Mar 10, 2009 5:43 am Post subject:

I'll check that out, thanks. I do have autorun disabled six ways from Sunday, but I know a lot of people who don't. My potential problem is rather the opposite; we handle a lot of pcs that contain unknowns, and a lot of our tools are on thumb drives. I think I've got us covered on that front - for now.

I suspect though it's only a matter of time before we get a call for help from someone with an infected thumb drive. We know for sure of one that's loose in the locality, but the user is in denial. He's brought down one network we've seen (and repaired) first hand, but it belonged to a church so they forgave him and opted not to pursue the matter.

So I guess we just wait until he blows up something that belongs to a less forgiving group and we get a call from them. Rolling Eyes

_________________
- Datababe
Until you spread your wings, you'll have no idea how far you can walk.
http://redoakranch.x10hosting.com
http://datababe007.blogspot.com