Security Software Need Help Removing Worm From Pen Drive!

Black_Hawk · Nov 6, 2014

Hello Folks,

Need a bit of help. I have this particular pen drive that has been infected with a worm and I've not had any luck cleaning it with Avast (Free Ed) after scanning and trying to repair the files. I need certain files from the said drive for work purposes and thus would appreciate if someone can suggest other AV programs/ methods to remove the worm so that I can safely copy the files I need from the drive.

Here are a few details:

Pen Drive: Transcend 4GB.
Infection/ Threat: VBS: AutoRun-BL [Wrm]

Here are a couple of screenshots from the Avast scan...

Regards,
Black_Hawk

logistopath · Nov 7, 2014

@Black_Hawk The simplest suggestion I can give is this. Connect the drive using an OTG cable to your smartphone, and copy the files required. Then do a full format of the drive using your PC.

indy1811 · Nov 7, 2014

Black_Hawk said:
Hello Folks,

Need a bit of help. I have this particular pen drive that has been infected with a worm and I've not had any luck cleaning it with Avast (Free Ed) after scanning and trying to repair the files. I need certain files from the said drive for work purposes and thus would appreciate if someone can suggest other AV programs/ methods to remove the worm so that I can safely copy the files I need from the drive.

Here are a few details:

Pen Drive: Transcend 4GB.
Infection/ Threat: VBS: AutoRun-BL [Wrm]

Here are a couple of screenshots from the Avast scan...

Regards,
Black_Hawk

If it's that important and you can't delete anything from the drive, connect it to a machine running a different operating system like Mac or Linux. You will be able to easily copy the files without the OS being affected.

jsmithe · Nov 7, 2014

Good suggestions from logistopath and indy to use a non MS OS to bypass the MS specific worms.

You could also try the free Kaspersky Virus Removal Tool
see https://www.raymond.cc/blog/manuall...ersky-virus-removal-tool-signature-databases/ or

the Kaspersky Anti-viral toolkit
see https://www.raymond.cc/blog/free-portable-and-powerful-avz-anti-viral-toolkit-from-kaspersky/

or use a bootable anti-virus disk to scan and clean the pendrive,
see https://www.raymond.cc/blog/13-anti...-compared-in-search-for-the-best-rescue-disk/

nimod · Nov 7, 2014

before you attempt anything, save an image of your flash drive for a safer side.
You can easily do this in linux using dd command.

CapriAnupam · Nov 7, 2014

Avast is detecting the malware, and its suggesting to move it to chest (quarantine), so why not do it? Or, just delete that file. Clearly, it's a malware file, and therefore, deleting it won't have any effect on the rest of the files in the pen drive. Just delete the detected malware file. Why are you trying to repair it? It's not an important file, it's just a malware file.

If you suspect that the drive might still be infected, scan it with Avast again.

To make sure that there are no more malware inside, you can scan with other security software, like MalwareBytes Antimalware free version, or, as suggested, you can also download an antivirus rescue disc, and scan with it. Kaspersky Rescue Disc is an excellent rescue disc. You can also use BitDefender Rescue Disc too.

You can also scan your whole computer with this disc to make sure that the malware has not infected your computer.

For protection from malware from pen drives, I will also suggest a free software, an anti-malware specially for pen drives. It will function very well along with your resident antivirus. The software is

MCShield: http://www.mcshield.net/

Its detection capabilities sound great, and the product itself looks good. Although, there are no independent tests as to how good it is. But, it definitely looks good. You can install this too, and scan the pen drive with it.

Also, another tip. To prevent malware from pen drives infecting your computer, I would suggest the use of Toolwiz TimeFreeze, a virtualization software, which is excellent.

When you start Toolwiz TimeFreeze, any changes you make to the computer won't affect the computer in real. So, just put your pen drive then, and scan it with an antivirus. If malware is found, remove it. And then take pen drive out, and then reboot the computer. No change will be made to the computer at all.

Suggesting this, because sometimes, even with autoplay option turned off, the malware inside pen drive can cause it to open automatically. Once the pen drive opens, the malware can infect the system, and some of these malware can be really nasty and hard to remove. Therefore, this method offers good protection.

Good luck.

Faraz · Nov 7, 2014

Use trial of Kaspersky internet security to remove it.

vivek.krishnan · Nov 7, 2014

If you are running Windows 7, then I don't see why this is an issue. Autorun is disabled Windows XP SP2 onwards - Any antivirus can fix this. I would suggest to get Microsoft Defender/Security Essentials, else a trial of any of the softwares - Norton/McAfee/etc.

nimod · Nov 7, 2014

Here's how I would do it on linux (not giving specific commands as OP is certainly not a linux user):
1) Create an image of the thumb drive.
2) As you know the bad file, simply delete it.
3) Copy the important files to temp folder on desktop.
4) Open and check the contents of files retrieved in step 3.
5) Format the drive (full format). If its right now NTFS, then format it in FAT and vice versa.
6) Copy back the retrieved files to thumb drive.

In case, something is still missing, I mount the image or write the image again on the same thumb drive.

Unless other files on the thumb drive are infected, its all very simple.

Black_Hawk · Nov 7, 2014

Thank-you guys for all the help, really do appreciate it... this is what makes TE such a great place!

I got the pen-drive malware/ worm free!! I used the @logistopath mentioned. Connected the said pen drive to an Android tab via an OTG cable and deleted that particular file called 'zakzouk.vbs' which was showing up as the threat on the Avast scan. I then removed the pen drive from the tab and re-connected it to my PC and ran a full scan with Avast and it came back clean as a whistle! Super duper!!

Here's the screenshot after the final scan through Avast...

Thanks again everyone for chiming in and helping... Cheers all round!

CapriAnupam · Nov 7, 2014

I am confused. If you had to delete that particular file, then why connect it to your smartphone, just to delete that file. You could have deleted the file on your PC itself. In the alert window that Avast shows, there is an option to delete the file, from the drop down list, under Actions. You could have simply chosen that, and then click on Apply. The file would have been deleted, and the drive would have been malware free. No need to go through loops.

Black_Hawk · Nov 7, 2014

CapriAnupam said:
I am confused. If you had to delete that particular file, then why connect it to your smartphone, just to delete that file. You could have deleted the file on your PC itself. In the alert window that Avast shows, there is an option to delete the file, from the drop down list, under Actions. You could have simply chosen that, and then click on Apply. The file would have been deleted, and the drive would have been malware free. No need to go through loops.

Avast couldn't delete it.

CapriAnupam · Nov 7, 2014

Really?

That's strange. Wonder why it couldn't delete the file.

Anyways, you should have mentioned this clearly. You didn't write that you tried to delete the file too. That's why I was confused as to why you were looking for alternate methods to get rid of the file when Avast had detected it already. Now it's clear.

Did Avast throw any error to say why it couldn't delete the file?

nimod · Nov 8, 2014

CapriAnupam said:
Really? That's strange. Wonder why it couldn't delete the file.

Anyways, you should have mentioned this clearly. You didn't write that you tried to delete the file too. That's why I was confused as to why you were looking for alternate methods to get rid of the file when Avast had detected it already. Now it's clear.

Did Avast throw any error to say why it couldn't delete the file?

Windows has stupid IPC & File system permission management.

In short, microsoft windows / viruses / anti-viruses live on a symbiotic relationship at the cost of user's productive time and money.

adi_vastava · Nov 12, 2014

>>Windows has stupid IPC & File system permission management.

Really? And you are saying this as a programmer; Care to elaborate?

booo · Nov 12, 2014

nimod said:
Windows has stupid IPC & File system permission management.
In short, microsoft windows / viruses / anti-viruses live on a symbiotic relationship at the cost of user's productive time and money.

Both the lines that you wrote contradict each other... seems you have blind hatred towards windows or you are just trying to look "cool".

topgear · Nov 14, 2014

Just my two cents : If the AV fails to delete the infected file from PD it means the pc itself is infected and the virus just set itself to run on every windows startup. Couple of days ago removed such a pen drive virus manually with the help of winpatrol.

Anyway, op's issue looks like the AV is not properly updated but deleting even files with complicated permissions can be done with unlocker if AV is somehow unable to delete it.

Security Software Need Help Removing Worm From Pen Drive!

Black_Hawk

logistopath

Molar Police

indy1811

jsmithe

nimod

CapriAnupam

Faraz

vivek.krishnan

BLR~ZRS-TX-1-MX

nimod

Black_Hawk

CapriAnupam

Black_Hawk

CapriAnupam

nimod

adi_vastava

Code Game Code F**K

booo

BA BA BA BABANANA

topgear