From: Jose on
On Mar 29, 1:27 pm, "glee" <gle...(a)spamindspring.com> wrote:
> "Àî" <H> wrote in messagenews:e7vWm8wzKHA.244(a)TK2MSFTNGP06.phx.gbl...
> > Sometimes, I plug USB flash disk into various unknown computers. And I
> > don't know if these computers are free from virus or not. What can I
> > do?
>
> This will help:
>
>   a.. Please download Flash_Disinfector.exe by sUBs and save it to your
> desktop:http://download.bleepingcomputer.com//sUBs/Flash_Disinfector.exe
>
>   b.. Double-click Flash_Disinfector.exe to run it and follow any
> prompts that may appear.
>
>   Note: Some security programs will flag Flash_Disinfector as being some
> sort of malware, you can safely ignore these warnings
>
>   c.. The utility may ask you to insert your flash drive and/or other
> removable drives including your mobile phone. Please do so and allow the
> utility to clean up those drives as well.
>
>   d.. Wait until it has finished scanning and then exit the program.
>
>   e.. Reboot your computer when done.
>
> Note: Flash_Disinfector will create a hidden folder named autorun.inf in
> each partition and every USB drive plugged in when you ran it. Don't
> delete this folder. It will help protect your drives from future
> infection.
>
> (from:http://www.bleepingcomputer.com/forums/lofiversion/index.php/t229158....)
>
> --
> Glen Ventura, MS MVP  Oct. 2002 - Sept. 2009
> A+http://dts-l.net/

Is it your recommendation to download an undocumented executable from
some Internet site to your computer, run it, ignore any warnings by
your other protection mechanisms that the software may be malicious,
plug in all your USB devices - including your mobile phone. and let
this software do whatever it does to them and then be content that you
are protected from "future infection" via the addition of some
autorun.inf folder on your devices?

From: glee on
"Jose" <jose_ease(a)yahoo.com> wrote in message
news:3ccae570-4e4c-49c6-bd7b-361188eec13a(a)q23g2000yqd.googlegroups.com...
>On Mar 29, 1:27 pm, "glee" <gle...(a)spamindspring.com> wrote:
>> "��" <H> wrote in messagenews:e7vWm8wzKHA.244(a)TK2MSFTNGP06.phx.gbl...
>> > Sometimes, I plug USB flash disk into various unknown computers.
>> > And I
>> > don't know if these computers are free from virus or not. What can
>> > I
>> > do?
>>
>> This will help:
>>
>> a.. Please download Flash_Disinfector.exe by sUBs and save it to your
>> desktop:http://download.bleepingcomputer.com//sUBs/Flash_Disinfector.exe
>>
>> b.. Double-click Flash_Disinfector.exe to run it and follow any
>> prompts that may appear.
>>
>> Note: Some security programs will flag Flash_Disinfector as being
>> some
>> sort of malware, you can safely ignore these warnings
>>
>> c.. The utility may ask you to insert your flash drive and/or other
>> removable drives including your mobile phone. Please do so and allow
>> the
>> utility to clean up those drives as well.
>>
>> d.. Wait until it has finished scanning and then exit the program.
>>
>> e.. Reboot your computer when done.
>>
>> Note: Flash_Disinfector will create a hidden folder named autorun.inf
>> in
>> each partition and every USB drive plugged in when you ran it. Don't
>> delete this folder. It will help protect your drives from future
>> infection.
>>
>> (from:http://www.bleepingcomputer.com/forums/lofiversion/index.php/t229158....)
>>
>
>Is it your recommendation to download an undocumented executable from
>some Internet site to your computer, run it, ignore any warnings by
>your other protection mechanisms that the software may be malicious,
>plug in all your USB devices - including your mobile phone. and let
>this software do whatever it does to them and then be content that you
>are protected from "future infection" via the addition of some
>autorun.inf folder on your devices?

Considering your frequent posts about how to detect and remove malware
using tools like MBAM and S*perAntiSpyware, I would have thought you to
be familiar with bleepingcomputer.com malware removal forums and
instructional pages for removing malware variants, as well as the many
tools they host and use there, written by sUBs...such as
FlashDisinfector, and ComboFix (which is an advanced tool to be used
under the direction of an experienced handler).

It's not an undocumented executable if you are familiar with malware
removal, and work in forums that use such tools regularly for malware
removal. I'm sorry you are not familiar with it...feel free not to use
it. The warning that it may be detected by some security programs as
malware is true for many many anti-malware tools. I'm surprised you do
not know this. I keep a folder of such tools separate so I can set my
AV to ignore it rather than have repeated warnings. Surely you know an
antivirus program will often raise an infection warning if another
antivirus program is on the system and it detects the virus definitions
of the other as malware.

No one (except you) said to "feel content you are protected from future
infection"...it states quite clearly "It will HELP protect your drives
from future infection." Having an updated antivirus running will HELP
protect you from future infections also....but it doesn't guarantee you
are protected and should feel content. Using tools such as
SpywareBlaster, SpyBot S&D, MBAM resident protection, and so forth, will
HELP protect you but that does not suggest you can be content either.
Following your argument, we should forego having an antivirus or any of
these tools, because it can't protect against all future infection
either....it "only" HELPS.
--
Glen Ventura, MS MVP Oct. 2002 - Sept. 2009
A+
http://dts-l.net/

From: Jose on
On Mar 29, 8:52 pm, "glee" <gle...(a)spamindspring.com> wrote:
> "Jose" <jose_e...(a)yahoo.com> wrote in message
>
> news:3ccae570-4e4c-49c6-bd7b-361188eec13a(a)q23g2000yqd.googlegroups.com...
>
>
>
>
>
> >On Mar 29, 1:27 pm, "glee" <gle...(a)spamindspring.com> wrote:
> >> "Àî" <H> wrote in messagenews:e7vWm8wzKHA.244(a)TK2MSFTNGP06.phx.gbl....
> >> > Sometimes, I plug USB flash disk into various unknown computers.
> >> > And I
> >> > don't know if these computers are free from virus or not. What can
> >> > I
> >> > do?
>
> >> This will help:
>
> >> a.. Please download Flash_Disinfector.exe by sUBs and save it to your
> >> desktop:http://download.bleepingcomputer.com//sUBs/Flash_Disinfector.exe
>
> >> b.. Double-click Flash_Disinfector.exe to run it and follow any
> >> prompts that may appear.
>
> >> Note: Some security programs will flag Flash_Disinfector as being
> >> some
> >> sort of malware, you can safely ignore these warnings
>
> >> c.. The utility may ask you to insert your flash drive and/or other
> >> removable drives including your mobile phone. Please do so and allow
> >> the
> >> utility to clean up those drives as well.
>
> >> d.. Wait until it has finished scanning and then exit the program.
>
> >> e.. Reboot your computer when done.
>
> >> Note: Flash_Disinfector will create a hidden folder named autorun.inf
> >> in
> >> each partition and every USB drive plugged in when you ran it. Don't
> >> delete this folder. It will help protect your drives from future
> >> infection.
>
> >> (from:http://www.bleepingcomputer.com/forums/lofiversion/index.php/t229158....)
>
> >Is it your recommendation to download an undocumented executable from
> >some Internet site to your computer, run it, ignore any warnings by
> >your other protection mechanisms that the software may be malicious,
> >plug in all your USB devices - including your mobile phone. and let
> >this software do whatever it does to them and then be content that you
> >are protected from "future infection" via the addition of some
> >autorun.inf folder on your devices?
>
> Considering your frequent posts about how to detect and remove malware
> using tools like MBAM and S*perAntiSpyware, I would have thought you to
> be familiar with bleepingcomputer.com malware removal forums and
> instructional pages for removing malware variants, as well as the many
> tools they host and use there, written by sUBs...such as
> FlashDisinfector, and ComboFix (which is an advanced tool to be used
> under the direction of an experienced handler).
>
> It's not an undocumented executable if you are familiar with malware
> removal, and work in forums that use such tools regularly for malware
> removal.  I'm sorry you are not familiar with it...feel free not to use
> it.  The warning that it may be detected by some security programs as
> malware is true for many many anti-malware tools.  I'm surprised you do
> not know this.  I keep a folder of such tools separate so I can set my
> AV to ignore it rather than have repeated warnings.  Surely you know an
> antivirus program will often raise an infection warning if another
> antivirus program is on the system and it detects the virus definitions
> of the other as malware.
>
> No one (except you) said to "feel content you are protected from future
> infection"...it states quite clearly "It will HELP protect your drives
> from future infection."  Having an updated antivirus running will HELP
> protect you from future infections also....but it doesn't guarantee you
> are protected and should feel content.  Using tools such as
> SpywareBlaster, SpyBot S&D, MBAM resident protection, and so forth, will
> HELP protect you but that does not suggest you can be content either.
> Following your argument, we should forego having an antivirus or any of
> these tools, because it can't protect against all future infection
> either....it "only" HELPS.
> --
> Glen Ventura, MS MVP  Oct. 2002 - Sept. 2009
> A+http://dts-l.net/

Well, if MBAM and SAS are not your cup of tea, maybe you can download
that Flash_Disinfector and have it scanned by a few online scanning
sites like:

www.virustotal.com (40+ reputable/popular scanning engines)
www.jotti.com

Taking a look at all the scanning positive results, threats and
possible threats and perhaps help us understand exactly what
Flash_Disinfector is, what it is supposed to do, what does it prevent
and how it does it (this may be proprietary though). Do I just run it
once a day/week/month? Right now it looks like a terribly infected
file - as a matter of fact, I don't recall one in recent memory with a
worse report.

Are these the possible threats you are talking about and is it okay to
ignore the results? Does that mean these scanning softwares are wrong
or is this just an insulated icodent?

I would usually consider it bad judgement to just download some
executable and just run it without checking it out first and I am
happy to try it to learn if it is useful tool for me to use now or
ever.

I did go ahead and run it when several portable devices installed and
did not see anything but an hourglass for a few seconds. Is that
normal? Should something happen to my autorun.inf files - some drives
have one and some don't. Does it somehow toggle autoplay? That
didn't work either. Or should it create a new folder? Nothing is
obvious, but my expectations may exceed reality.

Maybe the link is not working? What are the results you get?
From: glee on
"Jose" <jose_ease(a)yahoo.com> wrote in message
news:e965dbc1-5b3d-4a31-a550-8b8170226703(a)q23g2000yqd.googlegroups.com...
>On Mar 29, 8:52 pm, "glee" <gle...(a)spamindspring.com> wrote:
>> "Jose" <jose_e...(a)yahoo.com> wrote in message
>>
>> news:3ccae570-4e4c-49c6-bd7b-361188eec13a(a)q23g2000yqd.googlegroups.com...
>>
>>
>>
>>
>>
>> >On Mar 29, 1:27 pm, "glee" <gle...(a)spamindspring.com> wrote:
>> >> "��" <H> wrote in
>> >> messagenews:e7vWm8wzKHA.244(a)TK2MSFTNGP06.phx.gbl...
>> >> > Sometimes, I plug USB flash disk into various unknown computers.
>> >> > And I
>> >> > don't know if these computers are free from virus or not. What
>> >> > can
>> >> > I
>> >> > do?
>>
>> >> This will help:
>>
>> >> a.. Please download Flash_Disinfector.exe by sUBs and save it to
>> >> your
>> >> desktop:http://download.bleepingcomputer.com//sUBs/Flash_Disinfector.exe
>>
>> >> b.. Double-click Flash_Disinfector.exe to run it and follow any
>> >> prompts that may appear.
>>
>> >> Note: Some security programs will flag Flash_Disinfector as being
>> >> some
>> >> sort of malware, you can safely ignore these warnings
>>
>> >> c.. The utility may ask you to insert your flash drive and/or
>> >> other
>> >> removable drives including your mobile phone. Please do so and
>> >> allow
>> >> the
>> >> utility to clean up those drives as well.
>>
>> >> d.. Wait until it has finished scanning and then exit the program.
>>
>> >> e.. Reboot your computer when done.
>>
>> >> Note: Flash_Disinfector will create a hidden folder named
>> >> autorun.inf
>> >> in
>> >> each partition and every USB drive plugged in when you ran it.
>> >> Don't
>> >> delete this folder. It will help protect your drives from future
>> >> infection.
>>
>> >> (from:http://www.bleepingcomputer.com/forums/lofiversion/index.php/t229158....)
>>
>> >Is it your recommendation to download an undocumented executable
>> >from
>> >some Internet site to your computer, run it, ignore any warnings by
>> >your other protection mechanisms that the software may be malicious,
>> >plug in all your USB devices - including your mobile phone. and let
>> >this software do whatever it does to them and then be content that
>> >you
>> >are protected from "future infection" via the addition of some
>> >autorun.inf folder on your devices?
>>
>> Considering your frequent posts about how to detect and remove
>> malware
>> using tools like MBAM and S*perAntiSpyware, I would have thought you
>> to
>> be familiar with bleepingcomputer.com malware removal forums and
>> instructional pages for removing malware variants, as well as the
>> many
>> tools they host and use there, written by sUBs...such as
>> FlashDisinfector, and ComboFix (which is an advanced tool to be used
>> under the direction of an experienced handler).
>>
>> It's not an undocumented executable if you are familiar with malware
>> removal, and work in forums that use such tools regularly for malware
>> removal. I'm sorry you are not familiar with it...feel free not to
>> use
>> it. The warning that it may be detected by some security programs as
>> malware is true for many many anti-malware tools. I'm surprised you
>> do
>> not know this. I keep a folder of such tools separate so I can set my
>> AV to ignore it rather than have repeated warnings. Surely you know
>> an
>> antivirus program will often raise an infection warning if another
>> antivirus program is on the system and it detects the virus
>> definitions
>> of the other as malware.
>>
>> No one (except you) said to "feel content you are protected from
>> future
>> infection"...it states quite clearly "It will HELP protect your
>> drives
>> from future infection." Having an updated antivirus running will HELP
>> protect you from future infections also....but it doesn't guarantee
>> you
>> are protected and should feel content. Using tools such as
>> SpywareBlaster, SpyBot S&D, MBAM resident protection, and so forth,
>> will
>> HELP protect you but that does not suggest you can be content either.
>> Following your argument, we should forego having an antivirus or any
>> of
>> these tools, because it can't protect against all future infection
>> either....it "only" HELPS.
>
>Well, if MBAM and SAS are not your cup of tea, maybe you can download
>that Flash_Disinfector and have it scanned by a few online scanning
>sites like:
>
>www.virustotal.com (40+ reputable/popular scanning engines)
>www.jotti.com
>
>Taking a look at all the scanning positive results, threats and
>possible threats and perhaps help us understand exactly what
>Flash_Disinfector is, what it is supposed to do, what does it prevent
>and how it does it (this may be proprietary though). Do I just run it
>once a day/week/month? Right now it looks like a terribly infected
>file - as a matter of fact, I don't recall one in recent memory with a
>worse report.
>
>Are these the possible threats you are talking about and is it okay to
>ignore the results? Does that mean these scanning softwares are wrong
>or is this just an insulated icodent?
>
>I would usually consider it bad judgement to just download some
>executable and just run it without checking it out first and I am
>happy to try it to learn if it is useful tool for me to use now or
>ever.
>
>I did go ahead and run it when several portable devices installed and
>did not see anything but an hourglass for a few seconds. Is that
>normal? Should something happen to my autorun.inf files - some drives
>have one and some don't. Does it somehow toggle autoplay? That
>didn't work either. Or should it create a new folder? Nothing is
>obvious, but my expectations may exceed reality.
>
>Maybe the link is not working? What are the results you get?


I didn't say anything about MBAM or SAS not being "my cup of tea"...I
use MBAM as a removal or detection tool regularly. You seem intent on
putting your words in my mouth, and re-writing what I posted to suit
your argument.

It was already explained that it might, like many other tools to fight
malware, trigger alerts by virus scanners.

It was already explained that it would create a hidden folder named
autorun.inf in each partition and every USB drive plugged in when you
ran it. That is what I see on every system on which I have used it.

If you don't want to use it, don't use it. It is a tool I and many
others in the malware removal community use and recommend, including the
forums at MBAM. The tool has been hosted for quite some time at
http://www.bleepingcomputer.com/ where sUBs is a valued member,
respected by everyone in the field.

If you feel he is not trustworthy, contact Miekiemoes, who is a member
of the Malware Response Team at Bleeping Computer and also at the MBAM
forums, where she is an Administrator, and also Assistant Director of
Research at Malwarebytes....she will, I'm sure, vouch for the safety of
Flash Disinfector by sUBs, and for sUBs. Google: Miekiemoes and you
should have no trouble finding a way to contact her.

If you want to discuss their hosting of the file or its usage, I suggest
you contact Bleeping Computer and they may put you in touch with sUBs.
Again, I am very surprised you have no familiarity with
bleepingcomputer.com.....I suggest you become a member there or at the
MBAM forums, and at least spend some time reading there if nothing else.
--
Glen Ventura, MS MVP Oct. 2002 - Sept. 2009
A+
http://dts-l.net/