Author Options:

USB drive virus, scan through, restart with external harddrive in Answered

So last night I started scanning through my computers, scanned the whole computer with MSE, MBAM, PANDA ONLINE and superantispyware and it was clean. Then I plugged in my external harddrive to scan, I scanned that one with MSE and then with superantispuyware and then MBAM. It didn't find anything. Then I scanned the whole computer AND the external harddrive. First with MSE, it came up clean. Then with superantispyware, it was also clean, but it found som tracking cookies on the pc, and I had to restart the pc. But heres the problem, I forgot to take the external harddrive out of the pc while restarting...

Can this (if there is a virus) have made it boot into the computer, so AV's can't find it anymore? (I had autoplay turned off through "control panel" - "hardware and sound" and "autoplay")

Lets say that there is a virus and it did do this, will reinstalling and formatting get rid of it anyways?

Is this tool to be trusted? Does it work? :

please say if you know of any better ways to detect this.

*More backround info in my last topic here (including list of viruses that could have something to do with it.

6 Replies

jimc4567 (author)2010-11-13

If you've run MSE, MBAM, Panda and superantivirus with the latest updates, and they found nothing, you're probably okay. If you have a virus on your machine, it won't matter whether you have autorun on or off. Many viruses simply detect that a new hard drive (regardless of whether is an external, flash, or any other kind) has just come online and will identify the .exe's or whatever it attaches itself to and attach itself to the files. Usually CD and DVD drives are protected because they show up as read-only, or have no room left to add anything.

Tracking cookies are cookies that many web sites load. I don't believe they can contain viruses themselves.

Select as Best AnswerUndo Best Answer

kjelll (author)jimc45672010-11-15

I know the pc is clean, but not if the drivers is. you see a time ago i got a worm on another pc, which i didn't detect before after using the drives on it...

So do you think that if
-MSE and MBAM didn't find anything while scanning only the drives
-MSE, MBAM, superantispyware or Panda online scanner didn't find anything when I plugged all the drives in and took a full scan

I can be sure there isn't a virus there?

btw, Is this tool to be trusted? Does it work? :

Select as Best AnswerUndo Best Answer

jimc4567 (author)kjelll2010-11-15

If you've downloaded the latest signature file for the different virus programs, then yes, I believe you should not have the virus. Can you be sure? never. But based on what you've stated you should be 99% sure.

Here's the problem. There are viruses being generated all the time. There is a time lag between a virus appearing in public and a new signature or virus definition file being generated is 48hours to 2weeks. The fact you haven't seen the virus again, is a pretty good indication that the virus probably isn't around. You can never say I'm 100% sure there is no virus. Different anti-virus programs detect differently. Some miss viruses, some give false positives.

That autorun-eater only removes autorun.inf. It is not a virus preventer. None of your hard drives, and many flash drives do not have autorun.inf files to begin with. I tried to download it and install it, but couldn't find the proper links. I can't answer the question.

Select as Best AnswerUndo Best Answer

kjelll (author)jimc45672010-11-16

So If I now scan through my pc with MSE, MBAM, PANDA Online scanner, SuperAntispyware and http://www.filehippo.com/download_spywareblaster/ (Can I use that with the previous mentioned?)

-and then each drive one at the time (with MSE and MBAM)

-and then the pc + all three drives (by plugging them in and choosing a full scan)

-and then doing like I've done in these pics: http://i.imgur.com/bvwuD.jpg http://i.imgur.com/jZbO7.jpg

-and then manually looking into every folder and view every file (do I need to check if pictures is autorun.inf, or do I just have to check if there isnt a single file named autorun.inf?)
(or is this that I do when I do what I did in the pics above?)

Can I then be 99.99999999% sure :) ?

sorry for still nagging, but please answer these last questions and I will shut up about this FOREVER! :p

thank you for you patience.

Select as Best AnswerUndo Best Answer

jimc4567 (author)kjelll2010-11-17

Dude !!!!

I'm guessing this virus really freaked you out. Autorun.inf is a standalone file, not built into other files. Your .jpg's look fine, I don't see anything wrong with them.

According to this link, you can remove the Ravmon.exe virus very easily and quickly. Just follow the steps. Note step 1. "Right-click on any drive, if you see invalid characters in the menu, you are infected." My guess is if you simply do this, you won't need to run the flurry of virus scans. But you will anyway.


In the end you will have to satisfy yourself your drives are clean. If you run all the scans, you should be 99.999999% virus free.

Good luck

Select as Best AnswerUndo Best Answer

lemonie (author)2010-11-15