Lately my USB thumbdrive has been infected by trojans and worms...again.
From my experience, whenever you try to do a 'Safely Remove Hardware' command and Windows won't allow you to do so, saying the device is busy... try later nevertheless you aren't accessing any files on the USB thumbdrive and no Windows Explorer window is open, that is when the device is being infected! I would immediately yank out the thumbdrive even though its lights are flashing.
Moral: Desktop PCs and laptop notebooks are notorious for being infected by malware so becareful where you stick your USB drive!
This article describes how to create a USB thumbdrive that infects a computer that it's plugged into, install malware and steal passwords.
Don't worry if you're not into hacking, my reason for linking to this article is to highlight how to prevent your computer from such USB drive attacks. Just scroll down to the end of the article and it'll describe some Windows Registry modifications.
Ok, so modifying your Windows Registry is too risky for non-IT literate folks...I'm sure there are lots of free Windows tweaking utilities out there that will allow you to disable the 'autorun' feature.
But what if your USB thumbdrive is already infected by malware?
Here's what you should do. Please note however that this is just what I would personally do and since I'm not a computer security expert I will not be held responsible if you screw up your PC!
1. Find an expendable PC that you're sure isn't already infected by malware. (psst! don't use your kid brother's PC, it's probably full of porno malware anyway!)
2. Make sure that PC is already installed with an updated antivirus. Here are some free for home use ones: AVG free edition, Avast! Home Edition and A-Squared (which installs on Microsoft Server 2003. Whoohoo!)
Now making sure you're online, UPDATE your antivirus signatures. I can't stress this enough, UPDATE YOUR ANTIVIRUS SIGNATURES DAILY. An Antivirus is totally useless if it's not updated.
3. Once your antivirus is updated. Yank out your network cable! Hmm...maybe I was being too dramatic back there...just disconnect or disable your network connection. Make sure your PC is not connected to the Internet or any other PC on the network.
4. Holding down the 'SHIFT' key, plug in your infected USB thumbdrive with trembling fingers. If you see a 'Removable Disk' dialog box, click on the 'Cancel' button. Please!
You shouldn't be getting any dialog box popped up if you're holding down the 'SHIFT' key properly anyway (with one of your fingers and not your tongue/nose/toes/i-don't-wanna-know).
5. Ok, so your stick is shoved in. ;) Try not to view the contents of the thumbdrive using Windows Explorer. Fire up your antivirus and do a full complete scan of the USB removable drive.
6. If malware such as trojans, worms, virii and any such goodies are detected, follow your antivirus' advice on how to remove it. If possible, do a Google search based on the malware's name using a different computer. Research removal techniques and research some more!
If things still don't go well, then you're royally screwed. Throw the thumbdrive into the wastebasket or better yet, a furnace. Curse the IT gods, then invest in a new USB drive.
7. If there's no malware detected. Scan the USB stick again with a different antivirus. Even after all that, still no infection, then I still won't guarantee you got off scott-free. Just be vigilant from now on. Say a little prayer everytime you stick the thumbdrive into any PC if you must, but please oh please don't stick it into a critical server system!
Hey, any additional security tips of your own? Post a comment here! No tips but you've your own malware horror story to tell? Well, share it with us anyway! Misery loves company.