I was setting up a new computer and foolishly downloaded one of my favorite programs from a third party site instead of its home site. (Incidentally a google search for the program doesn’t even find the home site. If you go to its Wiki page, it’s there.) The downloaded file turned out to be infected. I used recovery to go back and start over. Since it was a virgin machine, nothing was lost except the 2 hours it had taken to download one of my programs. Everything worked fine until I put the memory stick (which contained initialization information for various programs) back and suddenly the machine was infected again. So I reformatted the stick, but I realized that the machine could have put the virus back into the reformatted stick. I went back to 0 on the computer and now it works fine, but I wonder about the stick. Is there a safe way of recovering it? Or should I just quit while I am ahead and toss it?
Unless this is a brand new 64 Gig thumb drive, just toss it. Not worth the hassle or worry.
If you are comfortable with linux, you could create a bootable linux cd/dvd then use these instructions to wipe the drive. This is basically the nuke it from orbit option.
It would probably be a good idea to disconnect your computer’s hard drive from the motherboard while doing all of this stuff so that you don’t accidentally type the wrong thing and nuke your hard drive’s data instead.
If you’re not comfortable with linux, the extra money involved in tossing it and buying a new memory stick may be worth it compared to the effort required to learn enough linux to follow the above instructions.
Do you need linux? If it is a Windows virus couldn’t you just put the USB stick into an Apple computer and use an erasing utility that overwrites the entire memory times with random 1s and 0s? Or if it’s an Apple virus do this on a Windows machine?
It would be best to make sure auto-run isn’t enabled just to be safe.
Ah I could just ask my sysop who has Unix and Mac machines around to do it. If he doesn’t want to I will just junk it.
Recently read Reamde in which an infected memory stick started the whole thing. Too close for comfort.
Mind if I piggyback here? I use a Mac, but I noticed recently that my thumb drive has a couple of .exe files and a .scr with random names, and that I know I didn’t put on it. Is it enough to just delete those files, or might there be something lurking deeper in the filesystem that I’d need to dig out? And would a PC be at risk just from putting the thumb drive in it, or would somebody need to be idiotic enough to run those executables?
Autoclave it?
Nah. Irradiate it.
Take off and nuke it from orbit. It’s the only way to be sure.
Well, if you delete them, use the thumb drive normally for a while and see them come back, then yeah, that’s an indication you have an infection somewhere. But I also know macs love to add all sorts of hidden files to thumb drives. Is it possible they’re just the .Trashes and fseventsd files all macs write to removable drives?
Alcohol; isopropyl for the stick, 20 year old The Macallen for you.
No, they don’t start with a . , as a Mac (or other Unix) hidden file would. They have random filenames, ending with .exe (for two of them) or .scr (for one). Both of which are extensions for Windows executables, but which are essentially unknown on Mac.
Here I was thinking you had dropped it in the toilet from the title. I don’t think saving the thing is worth the trouble and you’ll never know for sure. Just ask Iranian Nuclear Scientists… a Hammer might work well, magnesium fire, gunshots, or any other similar method.
No virus could withstand a reformatting could it? Or do USB sticks have a reserved portion of memory that is not subject to a reformat?
But reformatting it with an infected computer (which is what I did) might reinfect it. And I am not about to insert it into an uninfected computer just to reformat it again.
Sigh, I will just dump it.
If you make sure autorun and autoplay are turned off, it’s perfectly safe to insert the drive. They’re (stupidly, in my opinion) turned on by default, and it’s always been one of the first things I change when setting up a new machine.
It’s safe anyways, unless you do something stupid. Autorun doesn’t work like it used to. It just creates a menu entry for Autoplay. As long as you aren’t dumb enough to click that option, the file will not run. And, if you’re smart, you’ve already set up the default to be either Open Folder or Do Nothing.
Well, barring any hacking of the firmware, that is. That’s the new exploit talked about in the USB thread. It’s not appeared in the wild, but some security experts have designed thumb drives that will pretend to be some other device when you plug it in, allowing them to hijack your computer. And they left them lying around at a security conference, to see what would happen.
It’s extremely unlikely that this could happen to a drive by accident, though.
I am a little curious as to whether those firmware exploits can be modded on to an existing drive, or if they require custom hardware.
you could of course go to best buy and plug it into one of their demo machines and format it from there.
I am not that evil, although I find the thought amusing.