5

My pendrive have been infected by virus and my antivirus fails to detect it. Several folders on my pendrive have been hidden and the virus has spread all over my computer. I see many strange changes in my computer like BiBin.exe appears everywhere, several shortcuts get created when several other portable devices get connected. I identified this as a shortcut virus but there are many other viruses in my portable drive.

I want to analyse all the viruses present in my drive in a safe environment. But when I connect my drive to another computer I'm quite sure it will infect that too. So how shall I analyse the viruses present in my drive without infecting my windows PC

Improve this question
0

2 Answers 2

Reset to default
5

If possible, you should attempt to only insert the drive into a secondary PC running some live version of a linux distro, preferably one you wouldn't mind completely wiping afterwards.

If not, just cut your losses and physically destroy the pendrive. USB viruses are extremely efficient these days, and are more frequently able to persist in hardware between wipes (either on small partitions on the pendrive, or by loading themselves into the firmware of the infected machines hardware).

Examples:

-badUSB

--- SRLabs badUSB BlackHat Slides

-UEFI rootkits

--- Hacking Team write up on TrendMicro

To more directly answer your question: No, there is no way to insert the drive into any new machine and assume it hasn't infected it at some level.

If you need to view the files on the drive (maybe so you know what you've lost / so you can physically print and recreate them by by hand), I'd recommend viewing them on your already infected machine after unplugging any network cables, since it can't really get any worse.

Improve this answer
5
  • Can you provide references for the "extremely efficient" "frequently perist in hardware between wipes" statements?
    – Neil Smithline
    Commented Mar 21, 2016 at 14:17
  • @NeilSmithline edited
    – WorseDoughnut
    Commented Mar 21, 2016 at 14:35
  • Looks better. I'm guessing it was lack of links that led someone to downvote the answer
    – Neil Smithline
    Commented Mar 21, 2016 at 14:40
  • @NeilSmithline that's completely understandable, I'll make sure to keep that in mind going forward, thanks.
    – WorseDoughnut
    Commented Mar 21, 2016 at 14:47
  • Hi, then what to do with my infected PC. How get the samples of viruses by its name in the Internet. I searched in Malware.lu, malwr, virus share etc please suggest me so that I can analyse it and can make sure my PC is completely safe.I do not have a Linux system but I have sandbox in my PC
    – user105127
    Commented Mar 22, 2016 at 1:41
2

If you use a live Linux distro of your choice, for example kali, you can safely scan the storage devices in question one by one without going at risks of infecting anything further.

Also note that it is highly unlikely that the drive contains Windows and Linux malware, so you should be fine testing on your infected machine when booting such a live image from a pen drive or a DVD.

Yet, to be completely sure: nuke from orbit.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .