Helping people with computers... one answer at a time.
USB Thumbdrives or flash drives are a non-obvious but easy way to spread malware. You should be quite careful when dealing with an unknown device.
One day I found a USB thumbdrive and I plugged into my computer. After that I couldn't do most of the stuff on my computer, I couldn't open Help and support center, run MSN, Yahoo messenger, other installed programs, system restore, Internet Explorer. Do I have malware or something of that sort?
•
Yes, I'll bet you do.
I wanted to address this question because it's not all that obvious to most people that plugging in an unknown USB device can be dangerous, to say the least.
And it's one of the reasons I almost always turn off "autoplay".
•
I vaguely remember an anecdote about a security test performed where USB thumbdrives were left outside around a corporation, as if they'd been mistakenly left behind somehow. Each was infected with some relatively benign malware that would alert some remote site that the drive had been picked up and inserted.
Something like over 50% of the thumbdrives were plugged in and their malware installed.
The lesson is clear: if you want to infiltrate a random corporation, put malware on a number of thumbdrives and drop them around the company's headquarters.
On the other hand, if you're that corporation, you want to make sure that at a minimum your employees are alert to the danger.
So what's happening here? What is that danger?
In a nutshell: autorun.
You've probably seen it: when you insert a CD-ROM, for example, quite often a program will run automatically. You'll typically see this in product setup CD-ROMs. Encoded on the CD-ROM are a couple of special files that say, in effect, "when the disk is inserted, run this program".
The same is true for USB thumbdrives. They, too, can have auto-run ability.
And to make matters worse, autorun can happen silently.
So it's very simple: a malware author simply creates a USB thumbdrive with malware, and sets it up to auto-run and install the malware silently when the thumbdrive is plugged in. You'd never know until you scanned for viruses or spyware or, as in your case, things stop working as they should.
Lesson: don't plug in thumbdrives (or any "removable media") that you're not certain of. Treat them just like downloads, if you can and at least scan them first.
So how do you scan them if you can't safely plug them in? Turn off auto-play. Once you've done that you can safely insert the device and examine its contents or run anti-malware scans.
Or you can just decide it's not worth the risk, and discard the drive. They're cheap these days, and a malware infestation can be pretty expensive.
Assuming you did decide to look, once you're satisfied that it's safe you can do whatever autoplay would have done by opening the file "autorun.inf" at the root of the drive in notepad and examining the "open=" line.
Most of the time that'll be a setup program, also at the root of the drive.
But as a rule of thumb (no pun intended), I disable auto-play on all my drives. Not only do I find auto-play often annoying, but as you can see there can be significant security risks if you're not careful.
Article C3319 - March 13, 2008 « »
Leo A. Notenboom has been playing with computers since he
was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed.
After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers
to common computer and technical questions. More about Leo.
March 15, 2011 11:54 AM
I have an option where I can scan a thumbdrive with my malwere goodies before I open it.
Right click on it and try Properties.
March 15, 2011 12:18 PM
Our local library's computers have only floppy drives. No USB. I wonder if this article's premise is the reason. I would think the floppy is just as vulnerable to malware transfer.
16-Mar-2011
March 15, 2011 12:28 PM
Before the Internet was available to the general public, the principal means of virus propagation was floppy disks. I think over half of the diskettes I checked contained viruses. Either the computers in your library are very old or they don't realize that diskettes can transfer viruses.
March 15, 2011 5:16 PM
Okay, I don't mean to flame here, but maybe that's what it is. What kind of people ask what happens if you push this red button marked Global Nuclear Destruction and then push it? Even 75 years ago, people laughed at The 3 Stooges for using a lit match to check the gasoline level in the tank.
Okay, I just read an item by Randy Cassingham about 4 idiots who heard a warning about the incoming tsunami and ran down to the beach to watch it! I'll be quiet now. No matter how smart you make the computer, it's still operated by a human being.
March 15, 2011 5:50 PM
What about using a live CD on a computer without a hard drive, to look at a unknown flash drive? Could the computer still be infected?
16-Mar-2011