loading

USB drive virus? Do I have it? What should I do?

So a time ago I got an worm on a laptop, when I looked up this worms spesifications on microsofts.com, it said that it automaticly copies itself to external drives connected with USB, through autorun. (I also got a couple of trojans etc). And I used an external harddrive, a memory card in a usb slot and an ipod 5g, before I discovered it. I freaked out of the viruses and reinstalled and formated the computer. Recently I have also scanned all three computers that could get infected, with MBAM and combofix (someone checked my logs) and all three computers were clean.
ps. MSE and MBAM didn't fing anything on the drives, when scanning through them.

my questions:
-how can the worm not have spread itself to them? (is that even possbile?)
-lets say that I have that worm on a drive, will it spread itself if I turn off autorun, plug in the drive and drag one file at the time over to for example dropbox and then format the drives?
-can I be completely sure it isn't a virus there, the AV's didn't find anyting.....

If you have any better ways to check it or something like that please let me know. because I cant reformat and all that jazz with the ipod 5g. 

ps. here (see pictures) is one way I tried to check if there was any viruses there, although I don't know if it works (?) 
(the drives in the pictues are an external harddrive and an ipod 5g)

Picture of USB drive virus? Do I have it? What should I do?
2.jpg
sort by: active | newest | oldest
Solution: Quit looking at porn, and free ipod adds are not real.
-how can the worm not have spread itself to them? (is that even possbile?)

Yes it's entirely possible your drives are compromised, and possible they are not. ;-)

-lets say that I have that worm on a drive, will it spread itself if I turn off autorun, plug in the drive and drag one file at the time over to for example dropbox and then format the drives?

That's probably, reasonably, safe, but not a guarantee.


-can I be completely sure it isn't a virus there, the AV's didn't find anyting.....

Nope, not on your life! During the summer I got a Mebroot Drive by infection while doing a google search for hummingbird flight mechanics (for a research paper). I clicked a link, looked like a bs page, clicked back and my computer rebooted. Well that is instantly suspicious.

I was running Avast at the time, computer is back up, avast never warns of anything, but now it's slow.

Okay, I keep a stack of boottime linux scanners handy since I am always fixing friends comps, none of them find anything.

Digging around the directory tree, suddenly there is a new user, hmmm

long story short, too late I know, I had rewrite the MBR and even then the computer was suspect until I could do a complete format and reinstall.


as for what you should do..

safest option, format and kiss your data goodbye.

otherwise scan with Gmer and Prevx.
kjelll (author)  Tool Using Animal6 years ago
Wow! thank you for that awesome response :D
but I've heard I can install linux on a cd/usb and run it in "live" and then just drag the data one for one (of what I need) onto the computer, reformat the drive and then drag my files back.. Is that safe?

As for scanning with Gmer and prevx, thank you for the suggestion, but I don't really think I need it... because I reinstalled and formatted the three computers in contact with the drives a time ago, then I checked it with MBABM and ComboFix (clean) and since then, I'm pretty sure haven't used it in any of the pc's. And the only one of the viruses I got before reinstalling that could spread itself to the drive (at least of what I know) was a worm MSE detected :)

I'll post the names of the viruses I got that time, in a different answer in this thread :)
Yeah if you do it through Linux you should be fine.
kjelll (author)  Tool Using Animal6 years ago
ok, I think I'll do that later tonight :) thank you for the responses.
kjelll (author) 6 years ago
This is the names of all the viruses I got:

Exploit:Java/CVE-2008-5353.KM
Exploit:Java/CVE-2009-3867.IG
Exploit:Java/CVE-2009-3867.EH
Exploit:Java/CVE-2008-5353.ND
Exploit:Java/CVE-2009-3867.JF
Exploit:Java/CVE-2009-3867.GC
Exploit:Java/CVE-2008-5353.QS

Worm:Win32/Rimecud!inf
---This program is dangerous and self-propagates over a network

TrojanDownloader:Win32/Bredolab.AA
---This program is dangerous and downloads other programs

Trojan:WinNT/Bubnix.gen!A
Trojan:WinNT/Bubnix.gen!A
Trojan:WinNT/Bubnix.gen!A
Trojan:WinNT/Bubnix.gen!A
Trojan:WinNT/Bubnix.gen!A
Trojan:WinNT/Bubnix.gen!A
Trojan:WinNT/Bubnix.gen!B
Trojan:WinNT/Bubnix.gen!B
Trojan:WinNT/Bubnix.gen!B
Trojan:WinNT/Bubnix.gen!B
Trojan:WinNT/Bubnix.gen!B
Trojan:WinNT/Bubnix.gen!B
Trojan:WinNT/Bubnix.gen!B
Trojan:WinNT/Bubnix.gen!B
Trojan:WinNT/Bubnix.gen!B
----This program is dangerous and executes commands from an attacker.

TrojanDownloader:Win32/Bredolab.AA
---This program is dangerous and downloads other programs.

PWS:Win32/Daurso.A
This program is dangerous and captures user passwords