Looking for general antivirus advice in a third world country

So I'm after general advice,

I currently work in a third world country assisting the national police with IT infrastructure (mainly purchasing and installing).

Issues I am having:
They do not have internet connectivity, if I want to update a system (Most are windows 7, I'm trying to update them to Windows 10 via the free upgrade where I can) I need to download the manual updates and install them manually.

Viruses, so many viruses! I am constantly pulling off viruses from systems, my record is 45 on one system. I have been using Avast (and Avast rescue disk). Every USB I come across is riddled with trojans and Win32 viruses.

I plugged my USB into a particular system to load a printer driver only to find when I had returned to my system that it had automatically uploaded 3 different viruses to my USB.

I'm planning on installing Avast on every system and setting the auto scan feature to run daily. But my main issue is how can I find a way to have every USB scanned upon insertion into a machine? I do not see anyway to prevent the rampant spread of viruses unless I can physically sanitize every USB 1 by 1 (which is impossible). I need some way of auto scanning every USB that is inserted and automatically sanitized.

Does anyone have any suggestions on this? Can I create a *.bat file and a task schedule? Has anyone else had this issue in an inter office setting?

I honestly feel like I'm playing whack-a-mole.

If they don't have internet access then viruses are getting in by some other means.
Perhaps from thumb drives, CD/DVD disks, SD cards, etc?
Maybe you should lock out all such usage.

margrave55 said:

If they don't have internet access then viruses are getting in by some other means.
Perhaps from thumb drives, CD/DVD disks, SD cards, etc?
Maybe you should lock out all such usage.

Thank you for the advice margraves55, I had considered that but it would unfortunately defeat the purpose of them having computers in the first place EG: case files for transfer and the like.

I also considered turning off the ports via BIOS but well half the BIOS batteries are flat so default settings it is.

I know where the viruses have come from, dodgy movie downloads that I hear they buy from a dodgy phone repair shop. If it wouldn't get my legs broken I would just go tell them to stop but unfortunately that isn't an option here.

Does someone have the knowhow to create or know of a script/bat file that could auto delete the places that the usual Trojans like to hide, such as RECYCLE.BIN ect..? I could probably create a task scheduler from that to auto execute when a USB is plugged in.

Can I make a standalone inoculation computer? Is there a way to autoscan and repair a USB factoring in the lowest common denominator, imagine a group of old people who click on every spam e-mail link and have no idea what the effect of such actions will cause, that's what I'm dealing with, computer illiteracy. Yes I am working on education but that will take time, I need to find a way to prevent the spread.

Believe me if I could give them a slab of rock a hammer and a chisel I gladly would in place of PC systems.

Back in the days of 3.5" floppy disks we used to have a 'sheepdip' PC in each of our offices. Staff were expected to scan their floppy disks before using them on any of the office PCs. This is just a more modern requirement.

You need something that monitors insertion of a USB stick which, upon insertion, launches one or more actions of your own choosing.

Have a look at Didier Stevens' USBVirusScan, It automates the detection (and scanning) of USB sticks on insertion, in conjunction with an installed AV product.

Alternatively, have a look at Nir Sofer's USBDeview which, in Advanced Options, offers an auto-execute on insertion checkbox that can be used to trigger AV scans:



(Of course you still have the issue of keeping the AV definitions up-to-date without internet access...)

PS - Just be aware that there's a longstanding bug with USB usage in Windows. Each insertion leads to new records in the registry and after a while the PC just stops recognising new insertions. One answer is to use USBDeview to uninstall USB devices that are no longer connected. This deletes the buildup of their stored registry entries.

Hope this helps...

RickC said:

Back in the days of 3.5" floppy disks we used to have a 'sheepdip' PC in each of our offices. Staff were expected to scan their floppy disks before using them on any of the office PCs. This is just a more modern requirement.

You need something that monitors insertion of a USB stick which, upon insertion, launches one or more actions of your own choosing.

Have a look at Didier Stevens' USBVirusScan, It automates the detection (and scanning) of USB sticks on insertion, in conjunction with an installed AV product.

Alternatively, have a look at Nir Sofer's USBDeview which, in Advanced Options, offers an auto-execute on insertion checkbox that can be used to trigger AV scans:



(Of course you still have the issue of keeping the AV definitions up-to-date without internet access...)

PS - Just be aware that there's a longstanding bug with USB usage in Windows. Each insertion leads to new records in the registry and after a while the PC just stops recognising new insertions. One answer is to use USBDeview to uninstall USB devices that are no longer connected. This deletes the buildup of their stored registry entries.

Hope this helps...

Thank you RickC very good advice indeed. So I have spent the better part of today trying to make this work. Last month I did actually try USBVirusScan but I was finding its all outdated *.exe lines from 2013 versions of the AV and the new versions don't allow such scans.

So today I have given USBDeview a crack and its a much better interface but I have the same issue the *.exe for the FREE AV do not actually scan anything. so I decided to use a two pronged attack with the following.

Avast to do most of the heavy lifting and Windows Defender to do the USB scans. If I give them to tools to update the PCs from time to time it would at least keep those virus definitions in check.

So I have spent the better half of this day trying to make a *.bat file that I can use as the executable in USBDeviews.

Is anyone and expert on *.bat files as I can only get this one to half work?

So my understanding is this:
MpCmdRun.exe will only operate in command prompt, not a problem.
We want the latest version of what's installed so we go to "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18*"
Execute MpCmdRun with parameters "-Scan -ScanType 3 -File E:" (E:\ being the USB drive letter, ScanType 3 being custom scan of files and folders as defined by E:\ ).
So in CMD I can CD to that directory and execute the scan as listed above it works quite well(pic attached) but I am having trouble getting a *.bat file to do it (so I can load it into USBDEVIEW).

So this is what I have:

@ECHO ON
cd "C:\ProgramData\Microsoft"Windows Defender"\Platform\4.18*"
start "MpCmdRun.exe -Scan -ScanType 3 -File E:"

It will open CMD (yes I am using run as admin) to the desired directory but it will not do anything past that.

Anyone a pro at this, my DOS is extremely rusty and I haven't written that many *.bat files before so any assistance to get this working would be greatly appreciated.

It would be nice for it to open CMD scan show that its scanning, fix or delete any viruses then close. Would prefer if it did it with admin privileges' but I can do a work around for that. But again I don't want any of them messing with it either.

I think my next solution will involve petrol and matches TBH.

Try this:

Code:

@echo off
for /F "usebackq tokens=1,2,3,4 " %%i in (`WMIC logicaldisk where "DriveType=2" get /value ^| find "Caption="`) do (set drive=%%i)
set drive=%drive:~8,9%

"%ProgramFiles%\Windows Defender\MpCmdRun.exe" -Scan -ScanType 3 -File %Drive%\

Fabler2 said:

Panda Online Antivirus supports this. Worth checking out the free version first?
Free online antivirus for your devices - Panda Security

Thank you Fabler2, appears this one is a paid AV, whilst I can purchase it for them for a short time they wont be able to maintain the upkeep, they struggle to put fuel in their vehicles and the building is falling down around them, its funny how money for vital infrastructure just seams to disappear in some places............

- - - Updated - - -

MaloK said:

Good info Rick !

I modified the CMD I posted earlier to be able to cope with USB drives that have more than one partitions.

With the method you provided and any AV supporting command lines, it can be used. to quickly find which letters the drive obtained and run a scan on them:

Code:

@echo off
for /F "usebackq tokens=1,2,3,4 " %%i in (`WMIC logicaldisk where "DriveType=2" get /value ^| find "Caption="`) do (Call :Run "%%i")
pause
:Run
set drive=%1
set drive=%drive:~9,2%
echo Scanning Drive %drive% please wait...
"%ProgramFiles%\Windows Defender\MpCmdRun.exe" -Scan -ScanType 3 -File %Drive%\

Replace the "Pause" to "Goto :eof" for unattended execution.

Works well:


Note that Defender in Windows 7 does not support any of this... And anyway it would be futile to use it today.

RickC and Malok thank you so much for the help! Ok I think I have something I can work with. I will load it up on my test machine and see how it goes!

Really appreciate the advice and the assistance!

My head Honcho is flying in so I better bugger off and look busy but I will run a test and get back to you.

Thank you again!