Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Scanning USB drives for malware

This is a discussion on Scanning USB drives for malware within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi people. Recently my brother downloaded some nasty software with even nastier bundled crap (yeah, I know, it's always the


 
 
Thread Tools Search this Thread
Old 02-11-2016, 02:34 AM   #1
Registered Member
 
Romanov77's Avatar
 
Join Date: Feb 2005
Posts: 300
OS: Windows 8.1 64 bit



Hi people.

Recently my brother downloaded some nasty software with even nastier bundled crap (yeah, I know, it's always the "brother", I know, clichè ).

Windows Defender stopped some trojans and a subsequent scan found 4 of them.
I also manually removed some crap from the windows uninstaller app (some creepy chinese stuff) and made further scans with Defender and Malwarebytes. Also checked with Hijack This.

So far, it appears all clean, boot included.


However I had a USB stick and a hard drive connected while this happened and I would like to be reasonably sure that there's no crap on it.
I have sensible stuff and various software backup on it and I cannot simply format them.

The drives work fine and have no odd behaviour or files, however my suspicion was raised by the fact that on both of them there were hidden files put on "show" setting. It was nothing harmful, just USB drive software but since I could not remember if it was I that had set hidden files on "Show", it raised my suspicions. It could have been me while going on "crap hunt" before, but cannot really remember.

Could you suggest me a malware scanner (preferably free) specifically made to sanitize usb drives?
Romanov77 is offline  
Sponsored Links
Advertisement
 
Old 02-14-2016, 06:29 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'Run ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan. Here's how
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Once the components have downloaded, tick the option Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked:
    • Scan Archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change... button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 02-16-2016, 09:38 AM   #3
Registered Member
 
Romanov77's Avatar
 
Join Date: Feb 2005
Posts: 300
OS: Windows 8.1 64 bit



Thanks, I did everything you said, here's the final result (I just edited my name for privacy):

C:\Windows.old\Users\myname\AppData\Local\Temp\mslog.dll a variant of Win32/WuJi.K potentially unwanted application
C:\Windows.old\Users\myname\AppData\Local\Temp\task.vbs VBS/TrojanDownloader.Agent.NSW trojan
C:\Windows.old\Users\myname\AppData\Local\Temp\Tinyxml2.dll a variant of Win32/WuJi.M potentially unwanted application
C:\Windows.old\Users\myname\AppData\Local\Temp\Low\mslog.dll a variant of Win32/WuJi.K potentially unwanted application
C:\Windows.old\Users\myname\AppData\Local\Temp\Low\Tinyxml2.dll a variant of Win32/WuJi.M potentially unwanted application

I suppose I could just flush the whole temp folder and get way with it, right?
Romanov77 is offline  
Sponsored Links
Advertisement
 
Old 02-16-2016, 06:32 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



It appears your external drives weren't harmed. Yes, just flush that temp folder. It's in an old version anyway. You must have upgraded or re-installed at one time?
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 02-17-2016, 12:33 AM   #5
Registered Member
 
Romanov77's Avatar
 
Join Date: Feb 2005
Posts: 300
OS: Windows 8.1 64 bit



Quote:
Originally Posted by chemist View Post
It appears your external drives weren't harmed. Yes, just flush that temp folder. It's in an old version anyway. You must have upgraded or re-installed at one time?
No, the computer is a new laptop.

There were some massive windows updates some days ago, perhaps that was the reason?
Romanov77 is offline  
Old 02-17-2016, 08:18 AM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Not sure why that folder would be on a new machine. Anyway, any remaining problems?
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 02-17-2016, 01:09 PM   #7
Registered Member
 
Romanov77's Avatar
 
Join Date: Feb 2005
Posts: 300
OS: Windows 8.1 64 bit



Quote:
Originally Posted by chemist View Post
Not sure why that folder would be on a new machine. Anyway, any remaining problems?
No, everything is ok.
Thanks for the help

I believe the "old" folder appeared after a massive Windows update, it took almost an hour and several reboots.
Romanov77 is offline  
Old 02-18-2016, 08:05 AM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're very welcome, Romanov77! Glad to have helped.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Saying no audio device, drivers are working properly?
I have Winxp, all service packs, and Sound Blaster Audigy. I have tried what I am assuming is every solution I have found in short of reinstalling XP. Making sure the right devices are started in services, un-installing/re-installing/updating drivers, and so on. One thing it probably could be is...
lsdeimos Windows XP Support 9 01-19-2014 10:46 AM
Cradle of Rome
I installed Cradle of Rome and I clicked on the icon and it back back wit a message: "Runtime error! Program C:/Program files (x86)\GSP\Cradle of Rome\CradleofRome.exe This application has requested the Runtime to terminate in an unusual way. Please contact the application's support team for...
dianegapes PC Gaming Support 8 03-22-2013 09:01 AM
Removed xp security 2012 & sys32 -still having issues want to make sure it's all gone
Hi and thanks in advance for the help Dell dimension e520 Win XP media edition SP2 Have a Dell Win xp media edition reinstallation CD Malwarebytes and Avira antivir for security latest updates and scans show no infections Had an xp security 2012 infection and a sys32 virus after digging...
Zappafrank Virus/Trojan/Spyware Help 214 01-09-2012 10:35 AM
Second-hand USB drives riddled with malware, Sophos finds
Two thirds of a random assortment of USB flash drives bought second-hand at an Australian rail company lost property auction turned out to be infected with malware, security company Sophos has reported. Despite being light-hearted and not particularly scientific, the survey offers an alarming...
Glaswegian Computer Security News 0 12-07-2011 12:02 PM
What version USB do I have?
So the problem started when my first flash drive began transfering data at unusually slow speeds. I would always transfer 700MB or so films from my computer to the flash drive to watch onmy Xbox 360 later but it had recently began copying at slow speeds, under 1MB/sec, which was not what it used to...
Solidify Other Hardware Support 19 05-16-2011 01:34 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 07:54 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts