Can a virus be in a memory stick?

[yungman]

Can virus infect memory stick? I backed up my files onto the memory stick from my infected laptop. Can virus get copied into the memory stick?

Can virus infect pdf, jpg, doxx or other files?

How can I scan the memory stick without worry about infecting another computer that try to scan the memory stick?

I am scanning the memory stick using Norton on my infected computer for the fun of it. Is Norton good? This is my first infection since I went to Norton at 2012, it's much better than McAfee. I remember I had so much trouble with McAfee before.

 

[StevieTNZ]

Can virus infect memory stick? I backed up my files onto the memory stick from my infected laptop. Can virus get copied into the memory stick?

Yes, if the infected file is copied to that USB. It may also get infected by the very nature of how the virus works, regardless if the infected file is copied or not to the USB.

Can virus infect pdf, jpg, doxx or other files?

Yes.

How can I scan the memory stick without worry about infecting another computer that try to scan the memory stick?

I am scanning the memory stick using Norton on my infected computer for the fun of it. Is Norton good? This is my first infection since I went to Norton at 2012, it's much better than McAfee. I remember I had so much trouble with McAfee before.

Norton is good. Every security product has its up and downs and reviews by, for example, PC World, can be helpful in choosing a product. If you plug the USB into another computer, it can infect that PC.

 

[yungman]

Thanks for the reply, how then can I disinfect the memory stick?

I just finish scanning the memory stick with Norton...but with the infected computer only. It said everything is fine.

If I plug the stick into a clean computer, but not opening any files, just go straight to scanning with Norton, is it safe?

Any other safe scanning program I can download to scan the memory stick?

I am asking because I am thinking about wiping the infected laptop, I want to make sure the files in the memory stick is clean before I load all the stuffs back.

 

[yungman]

I have been on Google looking for scanning USB drive. Can anyone comment of this:

http://download.cnet.com/USB-Drive-Antivirus/3000-2239_4-10841283.html

 

[Tom.G]

Before you plug that memory stick into another machine, make sure that machine has the 'Autoplay' setting turned Off. It is On by default. Instructions can be found with a Google search:
https://www.google.com/search?&q=windows+usb+autorun+disable

By default, Windows looks for a special file on a memory stick and automatically runs it every time the stick is plugged in. Some viruses take advantage of this feature and create that special file so they can infect the new machine. In fact, several years ago one country wanted to stop another country from refining material to make an atomic bomb. The result was the famous Stuxnet Worm that destroyed the refining equipment. It gained access thru a memory stick.

 

[jedishrfu]

A common ploy was to drop infected sticks in parking lots in the hopes that some Good Samaritan would try to find the owner by plugging it into his work computer and look for identifying info.

 

[yungman]

Thanks guys

Last night I reinstalled Norton 360 onto the infected computer again, everything was smooth. I ran complete scan on the computer, then I ran scan on the memory stick suspect to have the virus. After that, I downloaded the Norton Power Eraser, with the memory stick on the computer, I ran the Power Eraser again. You think I got rid of any virus. I did this cycle twice already.

 

[Stavros Kiri]

About the original question. I was always told that just files copied doesn't trasfer a virus. There has to be a program or app running in order to get you the virus (at least for ordinary old fashioned viruses - not cookies, malware, trojan etc. ... - I am not sure, not an expert either). Is this true?

 

[yungman]

I read on Google, it's pretty scary! It almost sounds like you plug it in, you got it. They did not even mention disable autoplay. Pretty much said the best way is to bury it.

 

[Stavros Kiri]

I read on Google, it's pretty scary! It almost sounds like you plug it in, you got it. They did not even mention disable autoplay. Pretty much said the best way is to bury it.

Lol

 

[phinds]

About the original question. I was always told that just files copied doesn't trasfer a virus. There has to be a program or app running in order to get you the virus (at least for ordinary old fashioned viruses - not cookies, malware, trojan etc. ... - I am not sure, not an expert either). Is this true?

I don't think so. One of the files you transfer could be infected and if you bring it back from the stick and run it, you're infected again

I read on Google, it's pretty scary! It almost sounds like you plug it in, you got it. They did not even mention disable autoplay. Pretty much said the best way is to bury it.

Yeah, I think that's about right, although if Norton says it's OK, I'd go with that. As you mentioned in your other post, Norton has good service. Also, their product is quite good. I've been using them for over 20 years and they've only missed one virus.

 

[Stavros Kiri]

I don't think so. One of the files you transfer could be infected and if you bring it back from the stick and run it, you're infected again

True, but because you run it, not because you copy it. See the difference? I think just copying doesn't get you a virus. Of course I am not saying you shouldn't disinfect it using an antivirus. Just don't run the file until you disinfect ...
E.g. if you delete an infected file before you even run it, I think it's like it never existed (whether on computer, disc or USB).
However, experts can correct me, if I am wrong. (e.g. @Greg Bernhardt, @Mark44 or others)
Cf. also post #8 above etc.

 

[phinds]

True, but because you run it, not because you copy it. See the difference? I think just copying doesn't get you a virus. Of course I am not saying you shouldn't disinfect it using an antivirus. Just don't run the file until you disinfect ...
E.g. if you delete an infected file before you even run it, I think it's like it never existed (whether on computer, disc or USB).
However, experts can correct me, if I am wrong. (e.g. @Greg Bernhardt, @Mark44 or others)
Cf. also post #8 above etc.

See post #5

 

[Stavros Kiri]

See post #5

Makes sense

 

[yungman]

I am just waiting to talk to Norton and get their help before I do anything. I definitely am not going to plug into a clean computer.

 

[FactChecker]

Running the infected file is not the only way it can spread. It can take advantage of an application that opens it and has a weakness. I have not heard of any weakness in the copy utility and I think that a plain copy utility could be (and probably has been) made safe. If you disable autoplay and do a Norton scan (including Power Erasor) before doing anything else, I think you are reasonably safe.

 

[DavidSnider]

The only way a file on a memory stick is going to transmit a virus is:
1) It's some sort of auto-play file that gets executed
2) It's a file like a jpeg or pdf that's been specifically crafted to exploit a vulnerability in jpeg or pdf (or pick your file format) reader
3) It's a file like a word document or excel that has macros that can break out of the sandbox
4) It's exploiting some vulnerability in the USB driver\system hardware
5) It's an infected .exe that you run

Since ASLR and DEP this sort of thing has becoming increasingly difficult to do though, but still possible.

 

[FactChecker]

Since ASLR and DEP this sort of thing has becoming increasingly difficult to do though, but still possible.

I stand corrected. I forgot about ASLR and didn't know about DEP. They are very interesting and important. Here is an article about them that I liked: https://blogs.technet.microsoft.com/srd/2010/12/08/on-the-effectiveness-of-dep-and-aslr/

 

[StevieTNZ]

Norton is saying your computer is clear of any malware/viruses. What is happening that makes you suspect your PC is infected?

 

[yungman]

Norton is saying your computer is clear of any malware/viruses. What is happening that makes you suspect your PC is infected?

While I was reading one of the article on Yahoo page, the screen change and said I a virus infected my computer, told me do not shut down computer, call Microsoft on the given number provided.

Then I tried to open Norton ( I have subscription), but it won't open. I went into "programs and features" to try to uninstall Norton 360, it won't do it. I went on Norton and downloaded the new version, it gave me a message it failed. I tried it a few time installing, somehow it installed and I used it to scan the computer and came out clean.

I chatted with Norton, the person remote controlled my computer and checked a lot of things, apparently the Norton was running correctly, he found no problem with my computer. He warned me that they cannot block web page the gave warning in words and he warn me not to call the numbers ( of cause I did not.). He referred me to call their virus removal team which I am going to call either tomorrow or the next day.

The computer has been behaving, I don't feel there is any difference from before. But I am not going to use this computer for my important email, buying on line until I can make sure the computer is clean.

I since reinstalled Norton 360 again and it was successful. I ran system scan twice and found nothing bad. I ran Norton Power Eraser twice and it's ok. I am starting to think the nothing is wrong with my computer, it's just a web page that try to get me to call their number and either give them money or get info from me.

 

[FactChecker]

As far as I know, those warnings are meaningless. They are not a virus, but rather a phishing attempt. DO NOT CALL THEM! They often lock up the browser, but they have no lasting effect after you kill the browser. If the system scan came up clean, I don't think that you have anything to worry about. Don't forget to update Norton with the latest updates before running the scan.

 

[StevieTNZ]

I think it is if you call them, and they try to "correct the problem" (when there is none), that's when they charge for your services and infect your machine while working on it remotely.

If you could not close the pop up or browser, usually Ctrl-Alt-Del > Task Manager > and ending the browser will close it. However, one must be careful when one reopens the browser and the tabs are usually reinstated. If you are quick enough to close the offending pop up before it loads again, then that's great news.

 

[FactChecker]

I think it is if you call them, and they try to "correct the problem" (when there is none), that's when they charge for your services and infect your machine while working on it remotely.

If you could not close the pop up or browser, usually Ctrl-Alt-Del > Task Manager > and ending the browser will close it. However, one must be careful when one reopens the browser and the tabs are usually reinstated. If you are quick enough to close the offending pop up before it loads again, then that's great news.

They are not Microsoft. They are crooks looking for your personal information to steal your identity or they want access to your computer. Neither one is good. If you have not given them access and are running Norton, they have probably not yet infected your computer.

The browsers that I use will not reopen tabs without asking you first.

 

[StevieTNZ]

They are not Microsoft. They are crooks looking for your personal information to steal your identity or they want access to your computer.

Correct. I already know that.

 

[Stavros Kiri]

While I was reading one of the article on Yahoo page, the screen change and said I a virus infected my computer, told me do not shut down computer, call Microsoft on the given number provided.

These are usually ads, connected with some malware. If you ingnore them and be careful they are not a big deal. Nothing happens, unless you click something. [The virus, if any at all, gets in e.g. when you click their allegedly disinfecting directions.] I usually close the browser or the tab as soon as I see them, to avoid hitting those windows by mistake. If you want you can restart your computer too, ASAP, just to be on the safe side. [Sometimes I think the latter works even after the malware hits you, and I think if you restart fast it's one way to stop or get rid of a possible connected to the ad virus, if any at all.] Or do as the other guys advised.

The point is do not believe such messages and never click on what they ask you to do. Another way they appear is as numbered messages (e.g. red alert ' "2" new messages') on an app or site or something. Never click them, unless they come from your computer, eligible real apps, or your antivirus. Such messages are usually not expected and should make you suspicious. Just ignore them.

These are common types of malware in apps or web sites. (Usually they are connected to an ad, but they can act in other ways too, which I am not really an expert to iterate.) You meet them in smart phones too.

told me do not shut down computer

Smart trick! It was advising you not to do the certain thing that would avoid or kill it! ...
Malware ...

... Norton ... I tried it a few time installing, somehow it installed and I used it to scan the computer and came out clean.

I since reinstalled Norton 360 again and it was successful. I ran system scan twice and found nothing bad. I ran Norton Power Eraser twice and it's ok. I am starting to think the nothing is wrong with my computer, it's just a web page that try to get me to call their number and either give them money or get info from me.

Possibly correct. That or it is a real malware and Norton just doesn't pick it up. Good anti-viruses can pick up (detect) most malware, even though new ones come out all the time. I better use Bitdefender or Panda. Last time I checked they had larger "scanning spectrum" than Norton or McAfee etc. ...

 

[FactChecker]

Correct. I already know that.

Sorry, I didn't mean to argue. I meant to agree with what you said and to warn @yungman that there is real danger in contacting them.

 

[yungman]

I talked to Norton Virus team on the phone today, They confirmed that my computer is clean from the record that the other Norton had done the remote checking and everything is ok. They also said it's common now a days that website can send out these fake message about people's computer is infect and lure people to call their number and try to cheat and gain info from the computer. They said also Norton cannot block that as those are the same as other legitimate web page. So just have to be careful not to call or do anything they suggested.

One thing good about Norton, they are very responsive, Since the first night they remote accessed my computer to check everything, they called me to follow up 3 times. I missed the calls twice, I was going to call them today because I don't want to do anything during Christmas. They called me the third time this morning and talk through this. This is really what I called service.

 

[FactChecker]

@yungman , I consider your experience to be an excellent review of Norton. That's good to know.

 

[yungman]

This turn out to be not a virus attack, So I can say I have not have a virus attack since I subscribed to Norton in 2010. I remember when I had McAfee before, it was like once a year. I don't go on questionable site like porn or anything, I remember when I had McAfee at the time, I got attacked when I was looking for car crash safety. How can anyone gets virus from searching for car crash safety?!

 

[Stavros Kiri]

This is really what I called service.

@yungman , I consider your experience to be an excellent review of Norton. That's good to know.

Only thing ... Norton didn't pick up (detect) that malware! ... It doesn't even see it as a threat! There are better anti-viruses ...

Possibly correct. That or it is a real malware and Norton just doesn't pick it up. Good anti-viruses can pick up (detect) most malware, even though new ones come out all the time. I better use Bitdefender or Panda. Last time I checked they had larger "scanning spectrum" than Norton or McAfee etc. ...

(+ read more carefully post # 25 above)

 

[StevieTNZ]

If you want reassurance, try using this free online scanner https://www.eset.com/us/home/online-scanner/

 

[WWGD]

Why not set up a VM and inspect it there? Worse case, delete the VM.

 

[Stavros Kiri]

Why not set up a VM and inspect it there? Worse case, delete the VM.

Are you sure there's no risk that way? A VM would be based on a Mother Software, which could potentially get infected, couldn't it? [?]
However, just by inspecting a Memory Stick (or CD) (using anti-virus), even the normal way, I don't think you get a virus; that usually happens when you run infected programs or apps found on that MS (or CD).

 

[WWGD]

Are you sure there's no risk that way? A VM would be based on a Mother Software, which could potentially get infected, couldn't it? [?]
However, just by inspecting a Memory Stick (or CD) (using anti-virus), even the normal way, I don't think you get a virus; that usually happens when you run infected programs or apps found on that MS (or CD).

Yes, my bad, I did not read carefully what the setup was. Please don't try this unless , e.g., you have the file attached to an email. Then my idea may work. My bad. Edit: You should, too, disable networking , sharing resources while in the VM.

 

[Quasimodo]

Why not set up a VM and inspect it there? Worse case, delete the VM.

NO! The safest method is to clone your HDD and SSD's before. Cloning once a month say, is the safest method guaranteed to protect you from malware plus you don't need to pay any money for anti-virus.

 

[sysprog]

About the original question. I was always told that just files copied doesn't trasfer a virus. There has to be a program or app running in order to get you the virus (at least for ordinary old fashioned viruses - not cookies, malware, trojan etc. ... - I am not sure, not an expert either). Is this true?

No; once a machine has been infected, a virus can be hidden inside any file.

 

[WWGD]

Reading a bit further I guess I was wrong on the potential effectiveness of VMs. It seems viruses can be programmed to detect whether they are in a VM and not be activated then.

 

[sysprog]

Reading a bit further I guess I was wrong on the potential effectiveness of VMs. It seems viruses can be programmed to detect whether they are in a VM and not be activated then.

Yes. They can, for example, detect what kind of machine they are defined to be, and check whether their own performance is consistent with the definition -- or interrogate what kind of RAM they're running on, e.g. DDR3 1333 mhz, and notice that they're going slower etc. -- you can't deprive them of access to the real system clock and still expect them to play a song correctly, so they have an objective external reference as basis upon which to make such comparisons.

 

[sysprog]

NO! The safest method is to clone your HDD and SSD's before. Cloning once a month say, is the safest method guaranteed to protect you from malware plus you don't need to pay any money for anti-virus.

That's a good strategy if used daily.

You don't want to lose a month of your work by restoring the entirety of your drive with a cloned image that is a month old.

Ransomware comes to mind -- if AV software fails to block it in advance, you are hosed.

To use your strategy without risking more than a day of work, for a 1TB HDD, you could use, for example, an external 4TB USB HDD, and schedule a daily task that writes a clone image, then deletes the oldest image so that you won't run out of space.

You can partition the drive into a <1TB bootable system partition that has the restore software on it, and use the rest for a partition on which to store 2 consecutive uncompressed sector-by-sector images, keeping >1TB freespace available for the next day's image.

 

[sysprog]

True, but because you run it, not because you copy it. See the difference? I think just copying doesn't get you a virus. Of course I am not saying you shouldn't disinfect it using an antivirus. Just don't run the file until you disinfect ...
E.g. if you delete an infected file before you even run it, I think it's like it never existed (whether on computer, disc or USB).
However, experts can correct me, if I am wrong. (e.g. @Greg Bernhardt, @Mark44 or others)
Cf. also post #8 above etc.

In principle, that's true for a standalone .exe file that has no dependencies and upon which other files do not depend and would not act; however, you can't rely on it, because many files are interdependent, so you won't always know whether you've "run" them or not.

For a purely hypothetical example: you wouldn't enter 'whatever.dat' into a command prompt, and if you deleted such a file because you thought it shouldn't be there, you might think you were fine, but if a non-malicious executable program always recognized any '*.dat' file in its directory as input that it should act upon, then if that program were to be run, it could be too late by the time you deleted the .dat file.

You have to be careful.

 

[Quasimodo]

That's a good strategy if used daily.

You don't want to lose a month of your work by restoring the entirety of your drive with a cloned image that is a month old.

Always true, if you would be running a server.

For the average user however the best strategy would be to copy a new day's work files into a USB stick every day and resort to the somewhat more drastic methods like cloning once a month or whenever he or she is about to install a new program or when a potent malware is to be inspected.

 

[sysprog]

Always true, if you would be running a server.

Most servers use a different strategy. To use the procedure described, you don't have to be running a server, but you do have to have your machine running when the scheduled task is set to commence, and not shut it down until the procedure has run to completion, or you will miss that day's image.

For the average user however the best strategy would be to copy a new day's work files into a USB stick every day and resort to the somewhat more drastic methods like cloning once a month or whenever he or she is about to install a new program or when a potent malware is to be inspected.

That's incorrect. You could still lose a month of work that way. While you're surfing the net, a ransomware could encrypt all your work files, and you would then have only your most recent day's USB stick file, plus your last full drive image.

 

[Dr Transport]

even daily backups get corrupted with a virus, so seriously, how are you going to know exactly when you were infected. The best thing to do is alway scan y any incoming files with a virus checker before downloading them.

 

[Quasimodo]

Most servers use a different strategy. To use the procedure described, you don't have to be running a server, but you do have to have your machine running when the scheduled task is set to commence, and not shut it down until the procedure has run to completion, or you will miss that day's image.

NO! There's RAID cloning software available.

That's incorrect. You could still lose a month of work that way. While you're surfing the net, a ransomware could encrypt all your work files, and you would then have only your most recent day's USB stick file, plus your last full drive image.

The last day files plus all your previous work files up to the 1 month (15 days or whatever) should be in the USB stick. Every day you should add new files to the previous ones. And you should utilize 2 or 3 USB's just in case the newly written one gets infected.

 

[sysprog]

NO! There's RAID cloning software available.

There are different RAID architectures; however, software can't run if you turn off the machine.

The last day files plus all your previous work files up to the 1 month (15 days or whatever) should be in the USB stick. Every day you should add new files to the previous ones. And you should utilize 2 or 3 USB's just in case the newly written one gets infected.

I interpret that to more clearly mean that the daily work file updates would be kept cumulatively for at least a month.

The following sentence is not clear about that:

For the average user however the best strategy would be to copy a new day's work files into a USB stick every day

That was what I said was incorrect. I interpreted it to mean that you supposed that only the current day's work need be kept on a USB stick. I agree that using a separate procedure for the work files, provided that the dailies for them are cumulative between full drive backups, would be a viable option.

Your original proposition was that monthly HDD and SSD image backups would eliminate the need for AV software. In response, I pointed out that monthly wouldn't be sufficient, because you'd risk losing up to a month of your work, and that using an automated process by which the drive images were done daily would mean that you'd reduce that exposure to a day.

 

[sysprog]

even daily backups get corrupted with a virus, so seriously, how are you going to know exactly when you were infected. The best thing to do is alway scan y any incoming files with a virus checker before downloading them.

The process as I outlined it was a sketch. Actually implementing something like it safely instead of using an AV product is rather involved. I don't recommend it except as it may be implemented by a competent technician.

 

[Quasimodo]

The process as I outlined it was a sketch. Actually implementing something like it safely instead of using an AV product is rather involved. I don't recommend it except as it may be implemented by a competent technician.

I have seen hundred of users had to re-install their OS and all the programs just because a virus infected the MBR or OS. Simple disk imaging might work or might not work depending on the case and severity of infection.

That's why I recommend disk-cloning at least once a month. It's not an easy process for the average user it's true. And what makes you think that you can't clone a RAID disk? Disk Imaging and Cloning are entirely different procedures.

 

[sysprog]

The process as I outlined it was a sketch. Actually implementing something like it safely instead of using an AV product is rather involved. I don't recommend it except as it may be implemented by a competent technician.

I have seen hundred of users had to re-install their OS and all the programs just because a virus infected the MBR or OS. Simple disk imaging might work or might not work depending on the case and severity of infection.

Yeah, but you were the one who said (in response to @WWGD):

NO! The safest method is to clone your HDD and SSD's before. Cloning once a month say, is the safest method guaranteed to protect you from malware plus you don't need to pay any money for anti-virus.

(emphasis added)

That's why I recommend disk-cloning at least once a month. It's not an easy process for the average user it's true.

I didn't say what you appear to be indicating me to have said. I think mere disk cloning is easy enough for most users. What I in fact said, in response to the contention of @Dr Transport to the effect that AV software was the right choice, was:

The process as I outlined it was a sketch. Actually implementing something like it safely instead of using an AV product is rather involved. I don't recommend it except as it may be implemented by a competent technician.

(emphasis added)

That's not the same as saying that simple disk cloning is difficult. What would be rather involved would be setting up a regimen that implemented an automated procedure for robustly preserving prior information states, such that one could confidently dispense with use of AV products.

And what makes you think that you can't clone a RAID disk?

I gave no indication that I thought that you can't clone a RAID disk. You can image or clone any disk. The disks and the sectors thereon don't know that they're part of an array.

Imaging and Cloning are entirely different procedures.

If by 'cloning' you meant keeping a second device of exactly the same type as the first, and then rendering the second device such that you could swap the 2 devices, with the 2 devices performing indistinguishably from each other, just as you can with RAID 1, that would be the most accurate use of the term.

You didn't say anything about buying a second HDD or SSD of the same model as the first. so I didn't assume that was what you meant.

The process of making such a clone is normally accomplished by imaging the first device, and then copying from the image to the second device in such manner as to make the second device sector-by-sector informationally equivalent to the first.

More informally, in an information state preservation context, people often refer to making a restorable image and then storing the image to another device for safekeeping as 'cloning', because that's the first half of cloning, and because using the image to restore a prior state to the first device employs the same process as using the image to render a second device the same as the first does.

 

[Quasimodo]

You didn't say anything about buying a second HDD or SSD of the same model as the first. so I didn't assume that was what you meant.

The process of making such a clone is normally accomplished by imaging the first device, and then copying from the image to the second device in such manner as to make the second device sector-by-sector informationally equivalent to the first.

No! There is no need for the second drive to be of the same model or capacity as the first ( only different types HDD to HDD and SSD to SSD respected. )

And No again, cloning is done on the fly, no need for image file created beforehand.

 

[sysprog]

No! There is no need for the second drive to be of the same model or capacity as the first ( only different types HDD to HDD and SSD to SSD respected. )

And No again, cloning is done on the fly, no need for image file created beforehand.

Please be more specific about exactly what you mean by cloning once a month, and about how that plus backing up a month of work files on USB sticks would eliminate your need for AV products.