What to do if there is a virus on the flash drive. What viruses and how most often affect removable USB drives? Here is a list of good similar programs


A USB drive is a “tidbit” for viruses. There is even a separate category of “digital strains.” They are aimed specifically at external drives. Trojans and worms secretly penetrate a flash drive, install their elements (startup modules, startup file, shortcuts) and carefully disguise them, delete or damage them. custom folders and files. They also interfere with the operation of the USB drive: they do not allow you to open the partition and separate folders, obstruct safe removal devices imitate system errors(fake messages appear).

Let's look at how to clean a flash drive from viruses using various methods.

Method #1: antivirus cleaning

Disabling autorun

The first step is to secure the operating system of the computer on which the scan will be performed. Disable in Windows autorun. So that the virus, after connecting a USB flash drive, cannot automatically start and secretly penetrate the PC’s hard drive.

This procedure is performed as follows:

in Windows 7

1. Press the key combination “Win” and “R”.

2. In the Run panel line, enter the directive - gpedit.msc.

3. Click OK.

4. In the editor window group policy select the “Computer Configuration” section.

5. Open the “Administrative Templates” subsection.

6. From the list of options, select Windows Components.

7. Go to “AutoPlay Policies” → “Disable AutoPlay” settings.

8. In the settings window that opens:

  • by clicking the left mouse button, turn on the radio button next to the “Enable” add-on;
  • Click the "Apply" and "OK" buttons.

in Windows 8.1

1. Click right click By Windows icon on the taskbar.

2. B context menu select Find.

3. B search bar type - autorun.

4. Click in the search results - “Enable or disable autorun”.

5. In the “Computer and Devices” panel, go to the “Startup” section.

6. In the block on the left, set the value “Do not perform any actions” in the “Removable media” and “Memory card” fields.

Advice! If you want to completely disable the AutoPlay feature, click the slider at the top of the block to “Off.”

Scanning a flash drive

1. After disabling autorun, connect the USB flash drive to the PC.

2. Press "Win+E".

3. In the window that opens, right-click on the USB drive icon.

4. To check the flash drive for viruses, select “Scan…” from the list of options. (IN in this case This ESET Smart Security).

5. Remove all malicious objects found.

Advice! You can perform cleaning using alternative anti-virus scanners - Dr.Web CureIT!, Free Anti-Malware or Kaspersky Virus Removal Tool. Before the scan is performed, do not forget to check the box next to the flash drive in the list of partitions.

Method #2: formatting

(removing all data - virus and user files)

Note. This option is appropriate to use when there is no valuable information on the media or when it is not possible to remove the virus from the flash drive using other methods.

1. Make sure that AutoPlay is disabled on your computer. And then connect the infected media.

2. Press the “Win” and “E” keys simultaneously.

3. Hover over the USB shortcut. Click the right button. IN system menu select "Format...".

4. In “Formatting...” set the following values ​​in the settings:

  • “File system” - NTFS;
  • “Cluster size” - “Standard size...”;
  • “Volume label” - the name of the flash drive (optional; you don’t have to change it);
  • “Format methods”: in the “Quick” box, check the box to perform superficial (quick) cleaning.

5. Click the "Start" button.

6. B additional window confirm the action: click “OK”.

7. When the procedure is complete, in the “Formatting...” window, click “OK” again.

8. In the settings window, click “Close”.

Now the flash drive is clean and ready for full use.

Method #3: manually removing viruses

(for advanced users only)

This cleaning algorithm is advisable to use if you want to save as much useful data as possible located on an infected flash drive.

1. Turn on Windows display hidden files and folders:

  • press "Win+E";
  • in the window that appears, press “Alt”;
  • V top panel open: Tools → Folder Options;
  • go to the “View” tab;
  • in the last option item, enable by clicking “Show hidden files… »;
  • Click the “Apply” and “OK” buttons.

2. Check the autorun setting. It should be disabled (see Method #1).

3. Connect and open the contents of the flash drive.

4. Analyze the files. Elements of the malware may look like this:

  • files with extension .bat;
  • labels;
  • Recycler folder (a clear sign of the presence of a virus).

5. Right-click on each of them and view the “Object” setting in the properties (click → item in the “Properties” menu). In virus files, the “Object” usually displays the executable file of the “microbe” that attacked the USB drive.

6. Delete everything malicious files and shortcuts, as well as the executable element of the virus to which they access (listed in the “Object” line).

Vaccination of flash drives

A vaccine for a flash drive is a kind of software protection in the form of a special file (Autorun.inf). It prevents the virus from “settling” on the flash drive: it blocks its functions. Used exclusively as a prophylactic and warning agent on “healthy” USB drives. Created manually and using special programs. We will get to know some of them better.

Panda USB Vaccine

A utility from the famous antivirus company Panda. Has a volume of less than 1MB. However, very useful. Available free of charge on the official website. After launching USB Vaccine for the first time, in the panel, check the boxes next to “Hide tray icon...” and “Enable NTFS...”. And then click "Next". Connect the USB flash drive and click the “Vaccinate USB” button in the application window.

Autostop

Does not require installation. Runs in the MS-DOS console. At the request of the user, he can not only “vaccinate” the flash drive, but also disable autorun by changing the registry settings and prohibit writing data on the media.

USB Defender

An effective tool with graphical interface. Activates USB storage protection in one click (and disables it in the same way). Carefully hides the presence of the “grafting” AUTORUN.INF on the flash drive.

Let your USB drives avoid viruses!


In this article we will tell you how quickly and easily remove virus from flash drive. One of the most common families of viruses are Trojans, which are written to the boot boot. system file autorun.inf. A sign of their presence on a flash drive can be files like autorun.exe, autorun.~ex, autorun.inf_ *** and other derivatives with even more dubious extensions after the dot. The virus copies itself to the flash drive as soon as the flash drive is inserted into the USB connector.


The principle of operation of the virus is as follows. Once in the system, it searches for everything local disks and flash drives. After this, two files are copied to each source found - autorun.inf and autorun.exe. In turn, autoran.inf contains the following lines:

And the autorun.exe file is executable and serves to reproduce the virus on possible media. In real, executable file.exe can be called completely differently, for example cyvvefew.exe, that is, with an unclear name.

Signs that a flash drive or memory card is infected with a virus

The symptoms of Windows infection by such a virus are very varied:


  • The flash drive just won't open
  • does not work left button mice
  • in the context menu of the explorer, instead of the names of the items, krakozyabry.
  • files on the flash drive may disappear

In general, do not overlook. In fact, these viruses are more harmless than those that . And you can catch them either without using an antivirus, or from someone else’s infected computer.

A direct indication that there is a virus on the flash drive is the presence of a hidden RECYCLED or RECYCLER folder. There should not be such a folder on a flash drive.

If such a folder exists, then it probably contains the executable file of the virus ***.EXE.


Removing a virus from a flash drive manually

Detect virus to a simple user difficult because the files have system status, which means they are not displayed in the standard file display in Windows. Enabling the display of hidden files and folders in Windows is easy. To do this we do the following:

Windows 7: Start -> Control Panel -> Folder Options -> View tab -> show hidden files, folders and drives
Windows XP: Start -> Control Panel -> Folder Options -> View tab -> show hidden files and folders

Some Autorun viruses disable the ability to change this parameter. However, if this option remains, then turn on display and delete specified files by searching for “autorun”.

Free antivirus Anti-Autorun will help remove the virus

You can remove a virus from a flash drive simply by formatting it. Naturally, it will be necessary full check systems. Typically, such viruses do not block your computer or corrupt data, so removing them will not be so difficult. But there is a more universal and simpler method.

You can use a special antivirus program called Anti-Autorun. You can find it in a search engine. Using this program, removing a virus from a flash drive will not be difficult. This antivirus is an excellent solution for monitoring and fighting autorun viruses. We hope our recommendations helped.

Schools, universities, even photo salons are places where any flash drive is often uncontrolledly connected to any computer. And such contact between a flash drive and a computer does not always occur without consequences. One day, our chief accountant brought to work a flash drive that her daughter used at the institute, and as a result, the company’s work was paralyzed for two days. A virus on a flash drive is now a completely common thing, but this does not make it acceptable. After this unfortunate incident, I became concerned about this problem and went online. As a result, a solution was found - and for the second year now, there are no viruses on flash drives...

Schools, universities, even photo salons are places where any flash drive is often uncontrolledly connected to any computer. And such contact between a flash drive and a computer does not always occur without consequences. One day, our chief accountant brought to work a flash drive that her daughter used at the institute, and as a result, the company’s work was paralyzed for two days. A virus on a flash drive is now a completely common thing, but this does not make it acceptable. After this unfortunate incident, I became concerned about this problem and went online. As a result, a solution was found - and for the second year now, there are no viruses on flash drives.

If you have not yet protected yourself from viruses on flash drives, accept the information.

The mechanism for spreading viruses through flash drives is as follows. When a flash drive is connected to an infected computer, it writes the body of the virus itself to the flash drive, possibly in a hidden (invisible) folder. But the virus there is harmless. In order for its malicious essence to manifest itself, it must be launched. It is unlikely that anyone, being of sound mind and solid memory, will launch it unknown how it ended up on a flash drive (and even, perhaps, in hidden folder) file. Although this is, of course, possible. But viruses do not leave their reproduction to chance. Along with the body of the virus, the file autorun.inf is written to the flash drive, which contains the path to the virus. And when such an infected flash drive is connected to a healthy computer, it looks for this file on the flash drive - autorun.inf - and launches the program to which it points. All! Your computer is infected!

Important conclusions follow from this.

1. It is necessary to prohibit the computer from automatically starting from removable media(flash drives and disks) programs specified in autorun.inf. It’s okay, we’ll launch the disk ourselves and open the flash drive, and what we need, and not the lurking villain. The problem is that Windows doesn't allow mere mortals to do this in a simple and obvious way. To do this, you need to edit the registry, being aware of your actions. As a result of such a ban, the virus itself will no longer start. This means that the computer is protected from infection.

2. It is necessary to prevent the virus from the infected computer from registering in the autorun.inf file. We will not be able to prevent the recording of the virus body, but measures can be taken regarding the autorun.inf file. If the path to the virus is not specified in the autorun.inf file, then when connecting to a computer (even with autorun enabled), the virus will not run.

One of effective solutions both of these tasks - free program Panda USB Vaccine released by a famous manufacturer Panda antivirus Security. I am using Panda USB Vaccine 1.0.1.4, you can download the program from this link. http://www.pandasecurity.com/russia/homeusers/downloads/usbvaccine/

Installing the program is very simple - just run it and confirm your intentions. During installation, I recommend leaving the \”Run Panda USB...\” checkbox enabled and turning on the \”Automatically vaccinate any new USB Key\” checkbox.

After installation, at the bottom, in the tray, you will see an icon with a syringe - this is the same USB vaccine. If immediately after installing the program its window does not open, click on the syringe icon.

At the top of the window, click the \”Vaccinate computer\” button - the inscription \”Computer vaccinate\” will appear. This means that autorunning programs from removable media on the computer is prohibited (as we discussed in paragraph 1).

At the bottom of the window is the management of “vaccination” of flash drives. If you enabled the automatic vaccination checkbox during installation, as I advised, you will not need this control. When you connect flash drives, they will be vaccinated, namely, the program will write its own autorun.inf file on them, but such that it cannot be deleted, renamed, or rewritten by any means. This means that the virus will not be able to write the autorun path of the virus into it. If you connect an already vaccinated flash drive to your computer, you will see a message that this device is already vaccinated, and viruses, even if they are on it, are toothless.

All! You can forget about viruses on a flash drive. Of course, the flash drives themselves should be checked with an antivirus from time to time. After all, the viruses themselves may still be there (they are harmless, since they cannot run), but they still have no place there.

As a result, if all school computers are equipped with this program, there will be no virus epidemics. The computers themselves will not catch someone else’s infection, and the flash drives that schoolchildren carry everywhere they go will become immune to the infection.

I myself, I repeat, have been using this program for the second year, I installed it on all the computers available to me, and the result is excellent. I wish the same for you!

Article taken from open sources: http://pechataem-attestat.ru/blog/post_1296279691.html

Panda USB Vaccine

Panda USB Vaccine - free solution for blocking malware distributed from USB devices.

Currently, the number of malicious programs that, like the Conficker worm, is rapidly increasing, spread through removable devices such as flash drives, MP3 players, digital cameras etc. For this purpose similar malware modify AutoRun file on these devices.

Panda USB Vaccine This a free solution designed to protect against such threats. The product offers double level of preventive protection, allowing users to disable the AutoPlay feature on computers, USB devices, and other devices:

Vaccine for computers: This is a “vaccine” for computers to prevent any AutoRun file from running, regardless of whether the device is infected or not (memory cards, CDs, etc.).

Vaccine for USB devices: This is a “vaccine” for removable USB devices that prevents situations where the AutoRun file becomes a source of infection. The utility disables this file so that it cannot be read, modified, or moved by malicious code.

This product is very useful utility, because does not exist simple way disable autorun feature in Windows. The utility provides users with an easy way to disable this feature by offering high level protection against infections that can spread from removable devices.

Have you ever dealt with flash drives infected with viruses? I'll tell you about myself. I am working system administrator and maintain a computer network. Once, about 5 years ago, there was a case of infection at work computer network a virus that was inadvertently introduced by one of the employees through an infected flash drive. This virus is also called “Autoran” (we will look at it in more detail later). The antivirus program installed on the computer at that time missed it without detecting it in time. And even then, when the computer was treated and this virus was removed, it restored itself! I had to disconnect all computers from the network and treat each one with boot disk. Here's the story.

Where am I going with this? And what's better than this? computer worm"strangle" before he even tries to get into RAM your computer. Now a small anti-virus program helps me cope with this task " Keen Eye" We’ll talk about how to use it and how to clean a flash drive from viruses a little later.

What kind of beast is this Autoran?

For those interested, here’s a little theory about what Autoran is. The word "Avtorun" (auturun) is translated as "autorun". This term means the automatic launch of certain types of files when any storage medium is connected to the computer, be it external hard disk, USB Flash drive (flash drive), memory card, player, phone, etc. (in this article we will talk about USB flash drives, meaning all external media information). The initiator of such a launch is the autorun.inf file located on the flash drive. The file itself was invented by Microsoft for noble purposes - to simplify work and reduce the number of user actions to open any program, video, music, images, etc. located on a flash drive. But this innovation played into the hands of the creators and distributors of the virus.

The easiest way to use the autorun.inf file to infect a system is to write in it the path to the file with the virus, which is located on the same media, in order to automatic start. The second method is to inject virus code into text format directly into the autorun.inf file itself. There may be other ways to use it this file for malicious purposes, but that's not the point. The point is that when a flash drive is connected to a computer, the infected autorun.inf file located on it automatically launches the virus into the computer’s RAM, which in turn monitors new network drives or external drives for the purpose of further reproduction. That's why, the main task user - this is to prevent the autorun.inf file from launching a virus, neutralizing it immediately after connecting the flash drive to the computer.

How to clean a flash drive from viruses without infecting your computer? The solution of the problem

It is interesting that disabling the autorun function in the system external devices does not solve the problem fundamentally, since when opening the flash drive manually double click mouse autostart will still work. Antivirus programs also do not provide a 100% guarantee of detecting all autorun viruses. What then best protection from viruses on a flash drive and other storage media connected to the computer? Answer - specialized utility from the Anti-autorun series, which instantly detects this type virus and immediately neutralizes it even before autostart. And just such a utility, as I mentioned at the beginning of the article, is the Vigilant Eye program.

This utility reliably protects your computer from viruses such as Trojans, autorans, rootkits and worms. It controls all autostarts and will be especially useful for those whose computers pass through a lot of flash drives, since they are the most common carrier of viruses. Separately, I would like to note that the Keen Eye program does not load the processor and does not conflict with any other antivirus programs. Moreover, she does not have antivirus databases and therefore does not need them regular updates. Its task is to monitor all autostarts and block them in time. If you fall under such a ban trusted program, it can easily be restored and added to the list of exceptions so that the “Keeping Eye” does not react to it next time. And the best thing is that this utility absolutely free.

Program functions:

    • autostart management;
    • maintaining autostart history;
    • setting exceptions;
    • presence of quarantine;
    • eliminating traces of virus activity, such as: unlocking the task manager, registry editor, safe mode, restoring the Explorer menu and removing all its restrictions, fixing the taskbar, etc.;
    • changing the skin (design) of the program;
  • Help section where you can find answers to additional questions about working with the program.

Attention! The Keen Eye program does not replace your primary antivirus program, but perfectly complements it, reliably protecting the computer from autocrackers and similar viruses.

Now let’s move directly to the video tutorial recorded by Sergey Medvedev, in which he will review the interface and tell you more about the functions and settings of the program.

Keen Eye - protection against viruses on a flash drive

Find out more about the Keen Eye program, as well as what other viruses are on removable media she catches, you can visit the author’s website.

P.S. How to protect yourself from absolutely any virus without a single anti-virus program?


2024 gtavrl.ru.