|
Problem with Removable Drives
|
View this Thread in Original format
| blackmonkey |
Hey guys,
I need a little help in the problem I'm experiencing with removable drives. Somehow whenever I tried to open the removable drive in my computer, a list of program keeps popping up the monitor. I think this is some sort of explorer virus. I tried scanning it with an anti-virus and it detected it and obviously I deleted it. But it still keeps popping up and I've having a hard time opening it. Any advice? |
|
|
| SuspicionVandit |
My advice would be to run anti-spyware software on the flash drive as well as any computer the flash comes into contact with.
situation:
Computer A becomes infected with spyware. Upon attaching the flash drive (or any removable storage for that matter), the spyware will infect it as well.
Now take the flash drive to computer B and connect, the spyware/virus will jump from the flash onto that computer.
Upon seeing the anomalies, you run a check on the flash, delete the malware, but it's still on computer A and B, so re-connecting brings you back into the red zone. Running the check on the flash and computer A will rid the malware on those two pieces of hardware, but if you don't run it on computer B, you will be back to the red zone in no time.
Solution:
Get some anti-spyware software, install+run on each computer you connect the flash drive to. The free ones are great, and definitely better than the commercial ones you will find with a price tag on it.
My picks:
http://www.safer-networking.org/ Spybot: Search and Destroy
http://www.emsisoft.com/en/software/free/ A^2
Install and then download all the updates through the software. Hopefully it works out for you. |
|
|
| blackmonkey |
| Ok mate thanks a lot I'll try using these softwares you recommended.:) |
|
|
| LeopoldStotch |
that's bad man. yeah that sounds like a crazy sucker. sounds like the virus embedded malicious registry entries in your os, and have it where when you mount your removable hdd, it activates the virus.
is the virus on your main hdd, or your removeable hdd? yeah suspicion is right. what the virus could have did was plant the virus in your system directory and your removeable hdd. hopefully the virus cleaners can help you clean that stuff out.
what you can do (i don't know if this works or not, because it depends on how the virus infected your computer), is change the removeable hdd drive letter to another letter. maybe the virus is reliant on the drive letter. if that doesn't work, most likely the virus relies on the device id Volume Name, which is registered in your registry. |
|
|
| SuspicionVandit |
| quote: | Originally posted by blackmonkey
Ok mate thanks a lot I'll try using these softwares you recommended.:) |
this is just some funny trivia to throw out there:
Wikipedia:Spybot
| quote: | | In the Spybot license, Kolla dedicates Spybot to "the most wonderful girl on earth." Many believe that she is Kolla's girlfriend, but the title actually goes to one of his closest friends, who does not return Kolla's love, as mentioned in the help file (a case of unrequited love)[1] |
The reason the program is so damn good is because it stands for the integrity for his love of this girl! haha! |
|
|
| LeopoldStotch |
| Spybot does have one of the better detection hueristics out on the web right now. There are many different kinds of algorithms to find malicious stuff on people's computers it's crazy. |
|
|
| LeopoldStotch |
i'm going to take a stab here, and try to help you while you're fixing this. This may f*ck up your computer, but if you want to take the risk of removing this with balls, then try this. haha. If you can access your Windows Registry,
to access Windows Registry:
1. click start >> click Run
2. type 'regedit'
3. a window will pop up with a series of listings on your left hand side. they should be available for expandability for you.
go to this location
code:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\__YOUR REMOVEABLE DEVICE VOLUME NAME HERE__\shell
you can find your "removeable device volumne name" by going to your command prompt:
1. click start >> click Run
2. type 'cmd'
3. type 'mountvol /?'
there is going to be a listing of current partitions/devices that are mounted, and you will see your removeable hard drive letter listed there. there will be a series of digits and characters inbetween brackets {} listed next to the drive letter. this series corresponds to your hard drive's volume name. this volume name should be listed in your windows registry.
if there is a key (folder name) listing under 'shell', and they are either 'Autoplay', 'run', or 'open' (popular terms), and under that key is another named 'command', can you post it here, and we can tell you if this looks suspicious or not? |
|
|
|
|
