Archive

Archive for the ‘Do It Yourself’ Category

Removing Viruses From Thumb Drives

February 10th, 2009 7 comments

You’ve probably come across Thumb Drive Viruses when you connect your thumb drive to a computer at work or at school.

These viruses copy themselves onto a thumb drive as soon as it is connected to an infected computer and the second they’re connected to any other computer, the virus spreads on that machine as well.

Since you may not be able to remove the virus from the infected computer (due to insufficient admin privileges, etc.), you can ensure that the virus on the thumb drive does not spread on another machine.

Suppose you’re not sure if your thumb drive is infected or not and wish to connect it to your computer without taking the risk of infecting it. To ensure that the virus does not start, Hold Shift and insert the thumb drive into the USB Port. This will prevent the AutoPlay function from being executed from the thumb drive, and hence does not start the virus when the thumb drive is inserted.

Now that you’ve connected your thumb drive, it’s time to check if it has a virus or not. Most Thumb drive viruses can be detected by using these 2 techniques:

1) Check Drive Icon:

Although the virus is an exe file, it uses the directory icon to fool users into clicking it.  Though not all viruses do this, it’s still worthwhile to check if the icons have been changed.

This what an uninfected thumb-drive looks like:

not_infected

An infected thumb-drive looks like this:

infected

Now, if you want to access the files in this pen-drive, DO NOT DOUBLE-CLICK THE THUMB-DRIVE ICON as it starts AutoPlay and will execute the virus program.

donts

Instead, right-click the icon and choose Explore OR click the Folders icon on the menu bar and select the thumb drive from the left pane as shown below:

dos2

dos1

Now it’s time to find the viruses and remove them. If you look at your directory contents it will look like this:

virus_before

You won’t see any viruses as they are hidden. What’s worse, since they are also marked as system files some anti-virus programs ignore virus scans on such files. This is the time to use the second technique.

2) The ATTRIB Test

Click Start->Run and type cmd and press Enter. Once you see the command prompt, type [USBDriveLetter]: and press Enter i.e. E: in this example.

Now type attrib and press Enter. The output should look like this:

virus_check

You’ll notice a few files with the SHR File attributes in this window. One of these files will be autorun.inf, which instructs the OS which applications to run when the thumb drive is inserted. The other files will be .exe, .vbs or .pif files and are usually the viruses that you are looking for.

To remove all file attributes type this command: attrib -s -h -r <filename.extension>

After you type this command for all the filenames set with SHR file attributes, type attrib again and observe the result:

after_attrib

Cool, now open Windows Explorer and you’ll notice that the viruses are now visible.

virus_after

The next part is simple, choose all the viruses and delete them. You should also delete the autorun.inf file unless your thumb drive is made by SanDisk (SanDisk thumb drives depend on autorun.inf to start its own utility programs). If your thumb drive is manufactured by SanDisk, open the autorun.inf file and simply remove all lines that contain the virus filenames.

That’s all. Your Thumb Drive is no longer infected.

There’s something you should take care of though. Many Thumb Drive viruses make copies of itself in every directory on the thumb drive. If that’s the case then you will have to perform the above steps for each folder or use attrib -s -h -r /s *.* to unset SHR attributes of all files in your thumb drive. You can then delete them individually.

To play safe, instead of relying on pressing Shift every time you insert your thumb drive, it is wiser to disable autorun for all removal drives so that Autorun.inf is never executed when your thumb-drive is inserted.

To do that in Windows XP, download a powertoy called TweakUI and disable autoplay for all removable devices as shown below:

tweakui

Once that is done, you no longer have to press Shift to disable autorun every time you connect your thumb drive.

However, you will still need to use the attrib command to unset file attributes and delete the files manually.

You can also use Ninja PenDisk to do the same thing automatically but I suggest doing this on your own as Ninja Pendisk may not be able to detect and remove all viruses.

UPDATE:

Some “USB-Viruses” hide all directories on your thumb drive and replace them with exe files (i.e. the virus) having the same name.

In that case, change your attrib command to this:

attrib –s –h –r /s /d *.*

This will make all the hidden directories visible again.

Fixing a CD in 3 easy steps

January 17th, 2009 3 comments

A friend gave me his CD which had broken into two pieces and asked if I could fix it.

cd_before

Looking at it I knew there was no way I could recover all the files correctly, but there was a possibility that some files could be recovered. So I took up the challenge.

The first thing that I wanted to do was to attach the CD using Pidilite’s FeviQuick but I didn’t have any so I used FeviCol instead to attach the two pieces together.

step1

There were way too many scratches and the portion near the crack had vanished so I wasn’t too optimistic about the result. But I had way too much time on my hands so I thought I’d go all the way just to see what happens.

After an hour or two, the glue had hardened but the CD would still bend when lifted. I then used cellotape to ensure that the CD remained in one piece.

step2

After the cellotape fix, I realized that I had spilt some of the Fevicol on the CD layer.

step3_before

I used a combination of cologne and my mom’s nail polish remover to remove the glue and it even managed to remove a few scratches.

step3_after

That’s it. The CD was firm, relatively clean and seemed ready for the Acid Test  so I inserted it in my laptop’s CD drive.

step4

Obviously with the amount of damage the disc had taken there was no way Windows would even detect it as a CD.

I used some of the free tools from here and I managed to recover a few text files, pictures and portions of a video.

You’ll probably have more luck with your recovery process if your CDs are in better condition. ;)

Categories: Do It Yourself Tags: