Computer Problems, Troubleshooting, Advanced Level, Eljun Blog, Towncenter Online, Jagna Blog, Blogging World

Saturday, October 25, 2008

Removing Virus from USB or MASS Storage

Nowadays USB Drives is very popular in Cyber World because of its handy look and design to be more flexible and accurate comparing to those old Floppy drives we used before. Many people used it for transferring their files wherever they go. But do you know that USB drive is also one of the Carrier of Computer viruses and Worms?

According to some statement:

"It all boils down to a simple text file called: autorun.inf with a simple script like “[autorun] open=virus.exe icon=virus.ico”. “Open” is the command to execute the file upon having the drive detected by Windows while “icon” is optional and is merely to give an “icon” to the drive letter the USB drive resides on. It is quite easy for virus to infect an executable file especially the viruses which reside in the flash drives while being executed.

The situation is even worse when sometimes you are attacked by a new worm that can take advantage of this security flaw and copies itself to the root directory of the USB flash drive, thence automatically creates an autorun.inf file to further spread itself. Of course this threat does not only affect the USB flash drive but also other devices with a flash storage and a USB cable, e.g. mobile phone, PDA, etc."

Deleting virus from the USB drive is quit easy, however because of the different types of virus that resides on it, it will be hard to modify. You can simply follow some important tips on deleting the virus inside your USB.


Ok this procedures will guide you removing any Auto run virus on your computer:

Step 1:

Click on "MY COMPUTER" icon / Click on the Address BAR / Locate your USB assigned Drive e.g. D: / E: / F: & Etc.

NOTE: Don't click or double click the USB Drive because it will trigger the virus.

You will see different folders but you can't see the virus because it is "HIDDEN". In order to reveal it, you need to click on "TOOLS / FOLDER OPTION/ VIEW & Checked the SHOW HIDDEN FILES" click APPLY hidden files should be visible now.

Step 2:

Delete some files that ends with ".EXE" & ".BAT" & ".INF" file extension

ex: FunnyUST Scandal.exe, SilentSoftTech.exe, Command.Exe. Test.bat and so much more.

NOTE: If you can't delete the above files it means that its currently running on your system to end its process you need to hit CTRL+ALT+DELETE it should bring up the TASK MANAGER locate the file and click the END PROCESS.

NOTE2: Some virus & worms usually disable this options if its already scattered throughout your computer disabling the ff:

msconfig, taskmanager, regedit, and also cmd.exe

So you will need a secondary tools that usually works desame as above.

The software we called "Process Explorer" is the best bet to this kind of problem, you can download it from here or mirror1. Start the program and End the virus process.


Step 3:



Clearing the virus from running on startup, why?

Autorun virus will also start the process when your computer is ON, lets assumed it, ok clearing the virus from running on startup comes two different ways.

a. Click START/RUN/ type MSCONFIG hit enter & select STARTUP.
You can unchecked everything, if you are familiar with the running application during
startup just leave it check. NOTE: Removing some items will also boast your computer on
startup.

b. Click START/RUN/type REGEDIT ==== WARNING this is much complitaced part make
sure you don't changed anything except from the file that I'm going to mentioned.

Locate this "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

The Default for "Shell & Userinit" is:

Name Type Data

shell REG_SZ Explorer.exe
userinit REG_SZ C:\WINDOWS\system32\userinit.exe or Userinit.exe


Prob :Explorer.exe, Aikelyu.html

Sol : Remove the Aikelyu.html

Prob : Userinit.exe, Command.bat, FunnyUST Scandal.exe

Sol : Remove the other EXCLUDING the "userinit.exe"


Make sure to change to default function as written above.


If you are still having problem following the procedures written above you post your commends for further explanation.



Labels: , , ,

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

Links to this post:

Create a Link

<< Home