SandBox question

Page 1 of 2 12 LastLast

  1. Posts : 1,020
    Windows 10 Pro 20H2 19042.572
       #1

    SandBox question


    Is there a way to mount a USB Memory Stick in the standard W10 SandBox ? The reason I'm asking, I have a 32gb Lexar USB Stick that has a virus on it. If I mount it under standard window, it starts infecting all kinds of crap. I just want to Format the entire thing and be able to use it again in the future ?

    I could also create a Virtual Machine but the USB Stick needs to be isolated !
      My Computers


  2. Posts : 13,690
    Windows10
       #2

    storageman said:
    Is there a way to mount a USB Memory Stick in the standard W10 SandBox ? The reason I'm asking, I have a 32gb Lexar USB Stick that has a virus on it. If I mount it under standard window, it starts infecting all kinds of crap. I just want to Format the entire thing and be able to use it again in the future ?

    I could also create a Virtual Machine but the USB Stick needs to be isolated !
    A USB drive can only infect pc if autorun is set. Turn it off, format usb.

    How to disable AutoPlay and AutoRun in Windows 10 - TechRepublic
    Last edited by cereberus; 04 Jul 2020 at 10:28.
      My Computer


  3. Posts : 12,481
    Win10 Version 21H2 Pro and Home, Win11 Pro
       #3

    My favorite solution is to boot to a Linux Mint LiveDVD [created from downloaded .iso file], boot to it then use GPARTED to delete the partition on the drive, create a new single partition of 32GB [actually a bit over 29GB] then format as FAT32 [comes from the factory that way]. All this is done outside of Windows so it can't get infected and the Linux OS on the DVD can't be written to/infected.
      My Computers


  4. Posts : 161
    Windows 10
       #4

    cereberus said:
    A USB drive can only infect pc if autorun is set. Turn it off, format usb.

    How to disable AutoPlay and AutoRun in Windows 10 - TechRepublic
    That's not true. AutoRun simply is a script that runs a designated file upon mounting of a particular media. Malware doesn't need AutoRun to run. A USB stick can be manipulated into acting like a HID and this is actually the most common threat from malware infected USB sticks. If your computer thinks the device you plugged in is a monitor, keyboard, mouse etc it will automatically trust it. As soon as this happens the device can trigger the running of scripts to compromise the computer. Google "Bad USB" or "USB rubber ducky". AutoRun is but a very small part of a much bigger picture. If you want to minimize these sorts of threats you will need to really harden your OS in order to massively restrict what happens at the USB port. One suggestion is to boot into UEFI and disable USB altogether. Sounds counter productive but this is ultimately among the choices you have if you want to reduce infections from USB devices.

    There isn't much else you can do as our entire world revolves around the use of USB ports. Computers trust everything that connects to one because all of our technology uses USB ports. The fact we have USB ports pokes a huge hole into any computer system, at least from a physical perspective anyway. Protection against this kind of thing is what makes life hell for the guys who work in massive offices and workspaces where employees turn up to work with USB sticks potentially full to the brim with malware and basically put, you either disable the use of USB devices, or you massively restrict what they can do. At the end of the day we are talking about physical penetration here and this is something that is very difficult to prevent because all computer systems are vulnerable if and when the system itself can be accessed by an attacker. Sometimes that attacker is yourself when you use media that is infected with malware, even if you didn't know and absolutely did not want to be the person who got your own computer hacked by doing the dirty work of the attackers. You bypass pretty much ALL security in place when you physically compromise a system. This is why server farms are among the most protected assets on the planet. Imagine if someone could walk into Google and plug in a USB stick. Well, this is what happens in most cases when some of the biggest hacks take place. They take place by taking things back to basics. Just plug something in, bypass everything and use the default level of trust a computer has when it recognises something has been plugged in to a USB port. The rest is history.

    I agree with formatting the USB stick though. You are probably better wiping it completely several times over with a decent secure erase algorithm, and then formatting it afterwards. This will erase ALL data including any partitions. This is your best bet as it's a complete 'reset'.
      My Computer


  5. Posts : 13,690
    Windows10
       #5

    Far easier to use diskpart clean all commmand.
      My Computer


  6. Posts : 1,020
    Windows 10 Pro 20H2 19042.572
    Thread Starter
       #6

    supermammalego said:
    That's not true. AutoRun simply is a script that runs a designated file upon mounting of a particular media. Malware doesn't need AutoRun to run. A USB stick can be manipulated into acting like a HID and this is actually the most common threat from malware infected USB sticks. If your computer thinks the device you plugged in is a monitor, keyboard, mouse etc it will automatically trust it. As soon as this happens the device can trigger the running of scripts to compromise the computer. Google "Bad USB" or "USB rubber ducky". AutoRun is but a very small part of a much bigger picture. If you want to minimize these sorts of threats you will need to really harden your OS in order to massively restrict what happens at the USB port. One suggestion is to boot into UEFI and disable USB altogether. Sounds counter productive but this is ultimately among the choices you have if you want to reduce infections from USB devices.

    There isn't much else you can do as our entire world revolves around the use of USB ports. Computers trust everything that connects to one because all of our technology uses USB ports. The fact we have USB ports pokes a huge hole into any computer system, at least from a physical perspective anyway. Protection against this kind of thing is what makes life hell for the guys who work in massive offices and workspaces where employees turn up to work with USB sticks potentially full to the brim with malware and basically put, you either disable the use of USB devices, or you massively restrict what they can do. At the end of the day we are talking about physical penetration here and this is something that is very difficult to prevent because all computer systems are vulnerable if and when the system itself can be accessed by an attacker. Sometimes that attacker is yourself when you use media that is infected with malware, even if you didn't know and absolutely did not want to be the person who got your own computer hacked by doing the dirty work of the attackers. You bypass pretty much ALL security in place when you physically compromise a system. This is why server farms are among the most protected assets on the planet. Imagine if someone could walk into Google and plug in a USB stick. Well, this is what happens in most cases when some of the biggest hacks take place. They take place by taking things back to basics. Just plug something in, bypass everything and use the default level of trust a computer has when it recognises something has been plugged in to a USB port. The rest is history.

    I agree with formatting the USB stick though. You are probably better wiping it completely several times over with a decent secure erase algorithm, and then formatting it afterwards. This will erase ALL data including any partitions. This is your best bet as it's a complete 'reset'.
    This is exactly what happened. The Virus is called "FusionCore". Its a "PUA", of which was activated on June 29 (Why I don't know why), but it was infecting many different files. It came with the free version of PW11.exe of which a copy was on a local drive. Thought I killed all copies, but didn't realize it was migrated to this USB which was attached to my router as a network drive, of which I shut down upon finding it. But I know if I plug it in, it will spread again.

    I think I'm going to do what @Berton suggested, and wipe it out under UNIX.

    Thanks everybody that chimed in.
      My Computers


  7. Posts : 161
    Windows 10
       #7

    This guide has lots of information on this particular threat.
    PUA.Win32.FusionCore.SMBD2 - Threat Encyclopedia - Trend Micro USA

    Much of the removal process is simply cleaning up after the changes made, of which reside in program directories and the registry. You also may need a third party process manager (as stated in the guide) in order to see and manage running processes that Task Manager may not provide information on. I can see malware potentially dropping this as a minor inconvenience (and potential privacy nightmare) but this isn't an actual substantial threat ie potentially infecting a USB stick and compromising systems. It's not destructive, moreover it's annoying. I'd be looking a little depeer than this potential threat if you're seeking to learn more about any potential harms coming from infecting a USB drive. Something infecting a USB drive is far more severe than PUP/PUA. And if this has happened you're not looking at FusionCore being the culprit, you're looking at something more sophisticated and severe.
      My Computer


  8. Posts : 17,369
    Windows 11 Pro
       #8

    $9 US and problem solved:
    Sandisk Ultra 64GB USB 3.0 Flash Drive - Office Depot

    My vote is for the Linux Live USB/CD, though.
      My Computer


  9. Posts : 13,690
    Windows10
       #9

    NavyLCDR said:
    $9 US and problem solved:
    Sandisk Ultra 64GB USB 3.0 Flash Drive - Office Depot

    My vote is for the Linux Live USB/CD, though.
    Macrium Reflect Free boot drive should also work?
      My Computer


  10. Posts : 11,209
    Windows / Linux : Arch Linux
       #10

    Hi there
    For GPARTED you can also create a bootable GPARTED device -- you don't need even to use a Linux Live distro (although technically GPARTED runs on a very small subset of Linux Debian).

    GParted -- A free application for graphically managing disk
    device partitions


    Gparted like this is probably easier than a Live distro for people with no experience of Linux -- once booted the interface is the same as all the typical partition managers etc people might be used to seeing on Windows. Same security - you can't write to the "Gparted OS" so you can make a perfectly safe GPARTED USB stick --no need for burning physical CD/DVD's any more (Save the planet - more environmentally friendly --CD's and DVD's have a lot of toxic materials in them as well as plastic polymers too).

    Cheers
    jimbo
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 14:13.
Find Us




Windows 10 Forums