Is there a way to mount a USB Memory Stick in the standard W10 SandBox ? The reason I'm asking, I have a 32gb Lexar USB Stick that has a virus on it. If I mount it under standard window, it starts infecting all kinds of crap. I just want to Format the entire thing and be able to use it again in the future ?
I could also create a Virtual Machine but the USB Stick needs to be isolated !
A USB drive can only infect pc if autorun is set. Turn it off, format usb.
How to disable AutoPlay and AutoRun in Windows 10 - TechRepublic
Last edited by cereberus; 04 Jul 2020 at 10:28.
My favorite solution is to boot to a Linux Mint LiveDVD [created from downloaded .iso file], boot to it then use GPARTED to delete the partition on the drive, create a new single partition of 32GB [actually a bit over 29GB] then format as FAT32 [comes from the factory that way]. All this is done outside of Windows so it can't get infected and the Linux OS on the DVD can't be written to/infected.
That's not true. AutoRun simply is a script that runs a designated file upon mounting of a particular media. Malware doesn't need AutoRun to run. A USB stick can be manipulated into acting like a HID and this is actually the most common threat from malware infected USB sticks. If your computer thinks the device you plugged in is a monitor, keyboard, mouse etc it will automatically trust it. As soon as this happens the device can trigger the running of scripts to compromise the computer. Google "Bad USB" or "USB rubber ducky". AutoRun is but a very small part of a much bigger picture. If you want to minimize these sorts of threats you will need to really harden your OS in order to massively restrict what happens at the USB port. One suggestion is to boot into UEFI and disable USB altogether. Sounds counter productive but this is ultimately among the choices you have if you want to reduce infections from USB devices.
There isn't much else you can do as our entire world revolves around the use of USB ports. Computers trust everything that connects to one because all of our technology uses USB ports. The fact we have USB ports pokes a huge hole into any computer system, at least from a physical perspective anyway. Protection against this kind of thing is what makes life hell for the guys who work in massive offices and workspaces where employees turn up to work with USB sticks potentially full to the brim with malware and basically put, you either disable the use of USB devices, or you massively restrict what they can do. At the end of the day we are talking about physical penetration here and this is something that is very difficult to prevent because all computer systems are vulnerable if and when the system itself can be accessed by an attacker. Sometimes that attacker is yourself when you use media that is infected with malware, even if you didn't know and absolutely did not want to be the person who got your own computer hacked by doing the dirty work of the attackers. You bypass pretty much ALL security in place when you physically compromise a system. This is why server farms are among the most protected assets on the planet. Imagine if someone could walk into Google and plug in a USB stick. Well, this is what happens in most cases when some of the biggest hacks take place. They take place by taking things back to basics. Just plug something in, bypass everything and use the default level of trust a computer has when it recognises something has been plugged in to a USB port. The rest is history.
I agree with formatting the USB stick though. You are probably better wiping it completely several times over with a decent secure erase algorithm, and then formatting it afterwards. This will erase ALL data including any partitions. This is your best bet as it's a complete 'reset'.
This is exactly what happened. The Virus is called "FusionCore". Its a "PUA", of which was activated on June 29 (Why I don't know why), but it was infecting many different files. It came with the free version of PW11.exe of which a copy was on a local drive. Thought I killed all copies, but didn't realize it was migrated to this USB which was attached to my router as a network drive, of which I shut down upon finding it. But I know if I plug it in, it will spread again.
I think I'm going to do what @Berton suggested, and wipe it out under UNIX.
Thanks everybody that chimed in.
This guide has lots of information on this particular threat.
PUA.Win32.FusionCore.SMBD2 - Threat Encyclopedia - Trend Micro USA
Much of the removal process is simply cleaning up after the changes made, of which reside in program directories and the registry. You also may need a third party process manager (as stated in the guide) in order to see and manage running processes that Task Manager may not provide information on. I can see malware potentially dropping this as a minor inconvenience (and potential privacy nightmare) but this isn't an actual substantial threat ie potentially infecting a USB stick and compromising systems. It's not destructive, moreover it's annoying. I'd be looking a little depeer than this potential threat if you're seeking to learn more about any potential harms coming from infecting a USB drive. Something infecting a USB drive is far more severe than PUP/PUA. And if this has happened you're not looking at FusionCore being the culprit, you're looking at something more sophisticated and severe.
$9 US and problem solved:
Sandisk Ultra 64GB USB 3.0 Flash Drive - Office Depot
My vote is for the Linux Live USB/CD, though.
Hi there
For GPARTED you can also create a bootable GPARTED device -- you don't need even to use a Linux Live distro (although technically GPARTED runs on a very small subset of Linux Debian).
GParted -- A free application for graphically managing disk
device partitions
Gparted like this is probably easier than a Live distro for people with no experience of Linux -- once booted the interface is the same as all the typical partition managers etc people might be used to seeing on Windows. Same security - you can't write to the "Gparted OS" so you can make a perfectly safe GPARTED USB stick --no need for burning physical CD/DVD's any more (Save the planet - more environmentally friendly --CD's and DVD's have a lot of toxic materials in them as well as plastic polymers too).
Cheers
jimbo
Quote