Memory stick possible infection Options

[Jaded]

Hi. I have a memory stick that was in a pc when that pc was subjected to a virus attack. (win32/heur). Is it safe to connect the stick to a pc in order to apply malware pgms?
T I A
J

[Grasshopper]

It is impossible to give you a definitive answer. But is unlikely that a virus would be written to create an infection on anything other than the main drive. So unless an infected file was manually copied onto the memory stick, the likelihood is that it is OK.

But assuming that you are going to connect it to a PC which is running up to date A/V software, you can scan it before you open any files on it. Or if you don't need anything on it, immediately reformat it. Remember viruses are just programs in the end. If they aren't given a chance to run, they can't do anything.

[Skion]

Agreeding with Grasshopper.

I usually work with these steps

1) connect pen drive or memory stick to your pc pressing tab (this usually prevent the autorun of some applications included viruses...or may not)
2) clone your pen drive in an .iso file image
3) scan with A/V the .iso image, detect and delete the virus.
4) format your pen drive and then burn on it your safe .iso image
5) assuming that your A/V detects and destroys the virus, scan your system for the related entries of the virus, expecially in Sys32; check also with Hijack if something is working bad.

sorry as usual for my english and greetings

[Jaded]

Both. Thank you for information. This situation is just about at the limit of my competence. I shall think about the task. J

[Jaded]

Skion - hi. Will you explain, please, how to clone the memory stick in an .iso file image?
J

[Skion]

I suppose (and maybe i'm wrong) that a memory stick can be read (and written) as a normal drive with a specifical software. I usually work with Ultraiso, but i think that there's a lot of similare softwares free/shareware etc.
Try to make an .iso file or equal and then work on it to detect the virus, because, sometimes, launching the A/V directly on your memory drive could cause loss of datas.
I like Ultraiso because it's versatile, but maybe any burning software could compleate this task

let us know

[Jaded]

Skion. I regret that I do not feel confident enough to do as you suggest, sorry. What I have done is to connect the stick to an 'off-line' laptop and then ran an updated Malwarebytes scan. The scan found two infections on the stick (one was win32/explorer.exe). I highlighted both and clicked on 'Remove selected infections' (I can't remember the exact wording). I believe the files were removed into a virus vault and I then clicked on 'Remove all unhealed infections'. I followed this with another scan of the stick and the report was 'no infections'. I have my fingers crossed! There is a 'tick' box on one of the pages with the words 'Power User' does anyone know how to use this? J

[Jaded]

I've now arrived at a situation where Malwarebytes (updated) finds no infections on the stick, but the AVG resident shield is reporting two.
F:\CarryItEasy.exe Win32/Virut and F:\WMPlayer.exe Win32/Virut The AVG is unable to heal/remove them. Is there some way to remove them? please. J

[Grasshopper]

You could try their specific virut removal tool:

http://www.avg.com/us-en/virus-removal.ndi-67762

But virut is actually almost impossible to get totally rid of. You might be better cutting your losses and formatting the stick unless there is something mission critical on there.

You'll see what I mean if you read this:

http://miekiemoes.blogspot.com/2009/02/vir...s-throwing.html

[Jaded]

'Mein Gott'. I've re-formatted. Thank you for the guidance. J