Jump to content











Photo

Protecting your Flash Drive from Viruses


  • Please log in to reply
13 replies to this topic

#1 DarkPhoeniX

DarkPhoeniX

    Frequent Member

  • Team Reboot
  • 452 posts
  • Location:In the middle of nowhere
  • Interests:Interesting Things
  •  
    South Africa

Posted 26 February 2013 - 09:53 PM

How to Protect your Flash Drive from Viruses/ trojans/ worms ect...

 

I have been working on computers for a wile now,and i found that a flash drive can hide some real bad things for the un-savvy computer user.So here is the scenario, Bob has some real rocking tunes on this PC,his friend Jack thinks so too.Jack gives Bob his Flash Drive to copy over the sweet Mp3's.Unknown to both of them Bob's PC has a real bad Virus on it. Bob dose not have a Antivirus on his PC and Bob, got a virus from clicking where he was not suppose to on a girly website.The second that Jack's Flash drive is inserted,the virus jumps onto it,Creating a Autorun.ini file connected to a newly created mysterious.exe, all the folders on the Flash drive gets hidden and shortcuts to the mysterious.exe is created with The hidden folder's names.

Jack goes home and plug his flash drive in and opens what he thinks is a folder with some MELOdies in,since Jack never updated his Antivirus his Antivirus cant identify the threat, and he gets Infected.

Kinda reminds me of a STD of some sort,and shows me the irony of Bob that could not keep it in his pants

The Point is If Bob and Jack had a up-to-date Antivirus this could not happen so easily.

Protection is Key in every computerized device these days from PCs to Cellphones but if you did not know this you wont be reading this thread.

As a PC technician/advanced user you may have found that ever so often you had to clean your flash drive from a Bob's stupidity,even if you just needed to copy some files to his PC

 

Thankfully There is several ways to keep the nastys off our flash drive:

 

1.Get a Flash drive with a hardware Read-Only switch

In the olden days we use to have floppys and stiffys (no innuendo intended)with a little switch to keep unwanted writing to occur,this continued to be the case for the first Flash drives.But rite around 512MB flash drives the swish started to mysteriously vanish,Inciting a new era of Electronic terrorny,

Flash drives with a hardware Read-Only switch is as scarce as chicken teeth these days but you may be able to find one for a arm and a leg,Note that SD cards have a "Soft-Switsh" that tells the software to not write information Here is some info on software Read-Only;

http://blog.ashfame....humb-pen-drive/

 

2.Get a AV for your FD

ESET is working on a program that will be run on a Bob's computer from a flash drive to protect only the flash drive ,its called ClevX DriveSecurity, and costs about the same amount as a  antivirus per flash drive. find it here: http://go.eset.com/us/partners/clevx/

The problem with this is that it has to be run from the flash drive by the user,and by that time its too late

here is others too:

http://www.hongkiat....ted-usb-drives/

 

3.Hardware encripting

This new fad is just to keep documents save from prying eyes, as soon as the password is inserted the flash drive is free gain too Viruses,and it costs more than a pretty penny

And since its encrypted from the get go its useless as a boot-able Flash drive

See here fore more info

http://www.clevx.com/

http://www.transcend...=100&axn=Detail

 

4.Software encryption

There is plenty ways to do this here is some:

 

Archive encryption (7z)--->pretty good but you need to have 7z installed in some form to read the archive, Exposing your 7z installer to corruption and dose not exactly protect the flash drive just the files in the archive

 

Bitlocker--->The creator only comes with some versions of windows,reading is only backward compatible to windows XP-SP2,it dose protect the entire flash drive because it makes a Archive like filing system that spans the flash drive,but on any windows newer than XP, you are plagued with the same problems as hardware encryption  

 

5.Dummying up free space

Their is plenty of ways to do this too

The basic idea is to write information onto the flash drive till their is no space left for anything

When a virus attacks it cannot add anything to the existing executable,or add new executable or even add a autorun.inf(be sure that your flash drive dose never contain a autorun.inf becuse a virus will delete it to add its own code)

This is not a 100% grantee as some viruses may delete files to gain assess to a flash drive

Here is the best project i could find:

http://code.google.c...sbdummyprotect/

Here is others too:

http://www.chillgeek...om-viruses.html

http://nod32-dummy-f....softpedia.com/

 

 

ThanX for reading and if you have other ways to protect your "precious" post them here

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 



#2 MedEvil

MedEvil

    Platinum Member

  • .script developer
  • 7771 posts

Posted 27 February 2013 - 12:03 AM

What a pointless post!

Topic: How to Protect your Flash Drive from Viruses/ trojans/ worms ect...
Digest: No idea, nothing works.

Sorry DarkPhoeniX, but a 'How to' should tell people, how to do something, not list things that don't work.

And last but not least something that does work.
Have a PE on you Flash Drive and boot the 'enemy' computer from it, before copying anything onto that drive.

:cheers:

#3 dog

dog

    Frequent Member

  • Expert
  • 236 posts

Posted 27 February 2013 - 02:10 PM

Use two partitions - windows will only see the first one on a flash drive, but grub4dos can boot from others.

Use ext3 or other non-windows filesystem, although you then need mounting software preinstalled.

Keep checksums and test them after contact with suspect systems.

Or get u3 drives (scarce, but not as rare as write switches) and load them with an iso using u3-tool.



#4 Nuno Brito

Nuno Brito

    Platinum Member

  • Team Reboot
  • 10452 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 27 February 2013 - 02:46 PM

Hi,

 

I created Ninja Pendisk some years ago to keep USB drives away from virulent autorun.inf files at my workplace. You find it here: http://www.ninjapendisk.com/

 

You're welcome to review the tool yourself and let me know if it is worth to be listed. :cheers:



#5 DarkPhoeniX

DarkPhoeniX

    Frequent Member

  • Team Reboot
  • 452 posts
  • Location:In the middle of nowhere
  • Interests:Interesting Things
  •  
    South Africa

Posted 28 February 2013 - 06:22 AM

Hi,

 

I created Ninja Pendisk some years ago to keep USB drives away from virulent autorun.inf files at my workplace. You find it here: http://www.ninjapendisk.com/

 

You're welcome to review the tool yourself and let me know if it is worth to be listed. :cheers:

Your Project listed under Point 2

Here is others too: http://www.hongkiat....ted-usb-drives/

but i did not test it....

 

@Medevil

Sorry you feel my post is pointless

Let me just remind you that its not a infomercial ,and i don't point out the good features in the post

But perhaps i did not get my point across so here it is

the best option would be to have a FD with write-protect switsh

The method im using is The USBdummyproject

I was thinking of using something like the Partitioning example dog sited

but i have to try it out(you need something like the easeus software to partition the FD )

 

Ps: i did look into the u3 dev too but the ISO partition can only load a small file


  • Nuno Brito likes this

#6 RoyM

RoyM

    Frequent Member

  • .script developer
  • 415 posts
  • Interests:"Booting and Owning".
  •  
    United States

Posted 28 February 2013 - 07:19 AM

I appreciate the perspective's presented in this topic.
my preference is to have the option of a read-only USB via switch. (Getting very rare)
or as MedEvil says, Boot from PE which is my usual method via grub from .ISO
 
About the U3, I do have a few of these and just recently 
installed XP SP3 nlited, which was nearly 700Mb of files.
 
Using Universal_Customizer_1.4.0.2 to setup the U3,
I converted the files to ISO using edited ISOCreate.cmd which uses ISOIMAGE.EXE.
There are switches for ISOIMAGE.EXE that will allow you to build larger ISO's. 
 
example: ISOIMAGE -lU3 -nt -h -m -o..\U3CUSTOM U3CUSTOM.ISO 
-m  ignore maximum image size of 681,984,000 bytes  
 
However keeping the ISO's below the above limit seems to be more reliable on most PC's.
 
This particular U3 XP SP3 nlited build/install results in a U3 CDFS of 665MB
and a removeable disk with 1.25G Fat32. (Not exactly desireable on an infected PC)
 
I wonder if Colin Ramsdens Write Protect Application Here
could somehow be adapted to provide the write protect security we desire.
 
I do beleive some experiments are in order for me this weekend. 
 
Regards
RoyM
 


#7 dog

dog

    Frequent Member

  • Expert
  • 236 posts

Posted 28 February 2013 - 02:09 PM

I use mkisofs to build iso files, and u3-tool can load almost 8GB iso files on to 16GB u3 sandisk cruzers.

I've found u3-tool is more reliable under linux than windows though. http://u3-tool.sourceforge.net/



#8 MedEvil

MedEvil

    Platinum Member

  • .script developer
  • 7771 posts

Posted 28 February 2013 - 03:21 PM

If we go down to the nitty gritty, here's what i do.

I used to use mostly Sticks with WP switch. The annoying bit is, if there is data to transfer from another computer, you'll need to hane a second Stick, preferably an empty one.

Since a few years i use U3 Sticks. The tools / PE safely tuged away on the ISO (Which can at least take a 1,4GB ISO.) And a free partition to transfer data.

To protect my computer from malware on the stick, i don't use any AV software.
It's too unreliable these days. With so much false positives, they're not any better than guessing.
I use a sandbox to open files in. If something does not behave like a trojan, virus or worm, it isn't one.
100% reliable!

:cheers:

#9 RoyM

RoyM

    Frequent Member

  • .script developer
  • 415 posts
  • Interests:"Booting and Owning".
  •  
    United States

Posted 02 March 2013 - 02:04 AM

Thanks dog, nice addition to my U3 toolbox.
 
Hey MedEvil, can you elaborate a little more on which Sandboxie you are using,
and how your using it. (Sorry for silly questions, complete newbie with Sandboxie!!)
 
(i.e) portable or installed SB.
SB from PE, etc.
 
Please educate this poor fellow Rebooter.
 
Regards
RoyM


#10 MedEvil

MedEvil

    Platinum Member

  • .script developer
  • 7771 posts

Posted 02 March 2013 - 12:53 PM

I use Sandboxie installed on my system.
A Sandbox on a PE seems pretty pointless to me, since a PE can not be infected beyond a reboot and is therefore something of a sandbox itself.

btw. A PE with a write protected %SystemRoot% is also pretty resiliant against malware.
The old XP PE used to be this way!

:cheers:

#11 eye0

eye0

    Newbie

  • Developer
  • 13 posts
  • Location:Rostov-on-Don
  •  
    Russian Federation

Posted 26 September 2013 - 11:22 PM

  Hello people!
With viruses that run through the Autorun.inf I struggle in the following ways:
 1. On the Flash drive I create an empty folder "Autorun.inf". ;Then I open the properties of the folder and install check box is read-only.
You can also assign attributes to "hidden". ;This is so curious friend, who is suspected in the spread of the virus have guessed.
 2. Always press the left shift and stick media is inserted. Hold for about 5 - 10 seconds.
 3. Copy the desired content is not a Explorer. You can use the A43, Total Commander or someone like that.
  This was the case when I went to visit with my removable media.
If the visitor came to your a removable media , press and hold the Shift necessary.
If the shift to keep the lazy, you can completely disable autorun in the system through the registry.
But there are side effects:
Autoplay completely gone from the system and will not appear in Windows Explorer volume labels removable media.
Next, create two new files: "NoAutorun01.reg" and "NoAutorun02.reg".
The NoAutorun01.reg run one time as an administrator. After that, be sure to restart your computer.
File NoAutorun02.reg need to run on behalf of each user of the system.
Including an administrator. After each reboot.
  And now the contents of the files.

NoAutorun01.reg:
(Copy from next line)
Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\CancelAutoplay\Files]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\CancelAutoplay\Files]
"*.*"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=dword:000000ff
"NoDriveAutoRun"=dword:000000ff

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
 ="@SYS:DoesNotExist"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun"=dword:00000000

(End of copy)
  Note: at the end of the file must be an empty line.

NoAutorun02.reg:
(Copy from next line)
Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2]

(End of copy)

  Note: at the end of the file must also be the empty string.
  Autorun.inf - that more Not the most terrible.
I met with the animals, which are distributed through a "RECYCLER" or "System Volume Information" folders.
In some cases, Kaspersky after the infection is completely removed explorer and part of the system files.
  The idea of a Reg-files I found through Yandex.
Unfortunately the author I not remember.
Good luck to all!
Sorry for my English.

 



#12 Centaur

Centaur

    Newbie

  • Members
  • 22 posts
  •  
    United States

Posted 27 September 2013 - 12:48 AM

I was doing some link following (IE click a link here and then a link on that page and so on) and ran across this. write protect the USB through the registry.

 

http://www.raymond.c...torage-devices/

 

however this is pointless if your trying to copy those awesome MP3's like like the dummy file, point is you want to copy files TO the FD. write protecting is useless. now if your  a tech or IT i could see adding this reg trick(if you can get to regedit) to block writing to USB.

 

Constructive criticism from a newbie:

dark you started by pointing out how jack wanted Bob's rocking MP3, this requires writing to the thumb/flash drive, having any or all of the above will just get you infected with bob's unwanted programs, the dummy file fills your drive so you cant get the mp3 due to full drive or you have to delete the dummy file and you get infected anyway.

 

i don't use a sand box, i have an old dell 610 notebook that boots to a VHD on the internal HD. vhd gets infected i replace the vhd from a bootable thumb drive



#13 eyuri

eyuri
  • Members
  • 2 posts
  •  
    Greece

Posted 27 September 2013 - 10:24 AM

FLASH DISINFECTOR,i think it called...

writes an autorun file that only a specific way can be altered or removed.

Tested with some autoruns virus. it is working...

but... the rest of the files can still get infected.



#14 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 13750 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 27 September 2013 - 11:22 AM

There are a few tricks.

Some are implemented in Ninja PenDisk, a project originated by our good Nuno.

http://www.ninjapendisk.com/

 

Cannot say if applicable :dubbio:, but on a NTFS formatted USB stick I would try to use the nice newish thingy written by Joakim:

http://reboot.pro/to...ndprotect-ntfs/

 

:cheers:

Wonko






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users