Saturday, February 16, 2008

HOW TO remove Viruses or worms from ANY USB drive

Hi guys, wow it's been long since my last post.. lots of things have happened.. joined a job, and now i'm posted in Gurgaon near Delhi.
Well, this post is of a technical nature, so let's jump right to it.

How many of you have ever experienced this: You use your USB/portable drive in a net-cafe, office, school or even your friend's place, and voila! It catches a virus, which subsequently spreads to every computer that USB drive goes in. It's a severe problem.. and it's becoming the norm now.. almost every net-cafe you go to (at least the 1s i've seen in pune, hyderabad & gurgaon) will infect your USB drive. People keep saying "it's got a virus, and my antivirus is helpless against it".

But here's a heads-up: It's NOT a virus. It's actually a parasitic but relatively harmless worm (yes, we're still talking about computer programs here.. i hope no med-student stumbles across this page!). What's the difference? read on...

Viruses infect OTHER files, like html and .doc files. With security measures stepped up over the last decade, they're all but extinct now. Worms, on the other hand, are stand-alone .exe programs which a victim needs to explicitly RUN, ie, double-click it, etc. The worm will betray its presence by its .exe extension. There's new ones popping up all over the place, so naturally all antiviruses can't keep up. Plus, these guys that spread thru USB, don't do actual damage to your system, which is why it doesn't always ring the alarm bells.

Still, it's dangerous.. some of them open up ports that can let a hacker in, others may reroute your browser.. Hey I don't know what these worm-makers are up to, or how exactly they install themselves onto every netcafe I visit, But I know how to STOP them in their tracks. I've removed these viruses manually from over a hundred USB-drives by now, without using any sophisticated paid-subscription antivirus or removal tools, etc. All it takes is a little restraint.. from double-clicking yourself into a mess. Read on..

OK, now here's a troubling fact: many versions of this virus (it's a worm! oh, what the heck..) are not detected by some popular free antiviruses like mine. But that doesn't mean you should junk the otherwise excellent freeware and go chain yourself to a paid version. Follow these steps and show those troublemakers that humans aren't always the weakest link in a security chain.

1. Do this step BEFORE inserting the USB. This involves a little system tweaking, but there's no chance of any damage. Open My Computer. In the menu, go to Tools>Folder Options, then hit the View tab. Under Advanced settings,
1.1. Choose "Show hidden files & folders"
1.2. Check OFF "Hide extensions for known file types"
1.3. Check OFF "Hide protected operating system files" (and just say yes to the warning-dialog)

Ok, now you have a completely transparent system. Any virus(worm) you see will betray itself with its .exe extension at the end.

2. Insert the USB Drive. While inserting the drive, press & hold Shift key for atleast 10 seconds. That'll override the autorun process.

3. Open My Computer. On the flash-drive's icon, instead of double-clicking, Right-Click and Open or better yet Explore (avoid the "auto(0)" like options at all costs, that would install the virus onto your system). This will open the USB drive like an ordinary folder, without activating the virus.

4. Search & destroy the following things:

4.1. Autorun.inf : You can open this file in notepad first without risk.. it'll show u how it operates the virus. Delete this file & all such files in any subsequent folders.

4.2. RECYCLER or RECLYCLED folder: Hard drives have these, they're the Recylce Bin's depository, and usually hidden. But USB drives do not need these. They're the ones holding the main virus file. delete them. ignore any warnings.

4.3. folder-iconed .exe files: Some viruses don't make these in your USB drive, but others do. And believe me, it's a pain. Going into the folders, you may notice a .exe file having the icon of a folder, and the same name as the container folder, or some other file. Here the trick is revealed: if we hadn't done step 1, the .exe extension wouldn't have been seen, we would've thought it's just another folder. If you can't check off the "known file types" (refer 1.2) for some reason, then click "Folders" on the toolbar to see the folder-tree. there you'll see that the viruses are absent.. , Delete ALL such exe files. A quick way of doing it would be to Search for all .exe files in the USB and deleting them off in 1 go.

No comments:

Related Posts with Thumbnails