Electronics companies distributing virus's

[cupoftea]

Hi,
Please help with getting rid of virus’s transferred by USB stick…..

I have worked in multiple different electronics companies. In each of them , I “took work home” by copying files from my work PC onto various USB sticks, then connecting the USB stick into my home laptop.

It became blatantly obvious that the companies had made their PC’s put spy software (and possibly other virus’s) onto these USB sticks. It was obvious because often IT staff were able to tell me eg what youtube songs, etc , I had listened to the night before.
I have even had staff at work accurately repeating eg conversations that i have had with my partner the evening before...so they somehow collect the audio and transmit it back to themselves.

Recently my laptops have started to run very very slowly, and I believe that this is due to virus’s that I have inadvertently transferred from my work PC to my home laptop via the USB sticks, in this way. (ie , the companys somehow make their PC’s put virus’s on any workers’ USB sticks connected to them)

Do you know how I can “clean” these virus’s off these USB sticks?
And do you know how I can “clean” these virus’s off my laptop?
(do I have to reset windows?)

(I guess that these companies do this because they suspect that workers might be trying to steel the company's IP, but i was not trying to do this. I guess the companys inject these virus's because ultimately, they want to destroy the home laptop, as in their minds, it may contain their IP, due to it possibly being transferred by USB stick)

(I have Norton anti-virus, but it obviously hasn’t stopped these virus’s.)

 

[BradtheRad]

You describe spyware or 'snoop'-ware. I suppose an expert programmer can custom-alter the destination to which they send data.

Various kinds:
* keylogger (records every keypress you make, sends to destination via internet)
* video snooper (turns on your webcam)
* Evidently audio snooper which turns on your mic
* Evidently browsing history snooper

A direct method to watch what's running on your computer is Task Manager (ctrl-alt-delete in recent Win versions). Examine all processes and applications. Some are genuine, others may be fraudulent. Sometimes the name is a giveaway although not all the time. Check all signatures since they're intended to prove authenticity. You can click a button to stop a suspicious process (effective until you restart Windows).

Experts recommend using more than one antivirus program because no single program can catch every malware.

Microsoft provides free virus protection programs:
* Microsoft Security Essentials
* Defender / Bit-defender
* Safety Scanner

--- Updated Oct 23, 2021 ---

My Win 7 laptop gradually got so it ran slowly, thrashing the hard disk repeatedly. I restored it to the original disk image from when I bought it, but it didn't restore original speed. Finally on a message board I saw a suggestion to turn off the Windows update checking function. Success!

I suspect Microsoft added so many updates over the years, that any Win 7 computer spent increasingly more time checking that every update was installed.

 

[betwixt]

I use Linux to avoid these kinds of problems. I once had to install software on a customers computer via USB stick and afterwards, back at base when the stick was re-used, it copied malware to the base computer. Randomly every few minutes an image of Bart Simpson popped up and shouted 'cowabunga'! When I queried it with the customer they calmly said all their computers did that. That was all on Windows of course.

The only dead certain way I've found to entirely wipe a USB stick is to fill it with zeroes using the Linux 'dd' command then recreate the filing system with 'mkfs'. Just deleting files and hoping the virus has gone doesn't work because they can be hidden in boot sectors or invisible partitions. Incidentally, it also restores many sticks that are apparently dead and unusable.

You can do all that from a live boot Linux CD/DVD without installing Linux if you need to.

Brian.

 

[cupoftea]

Thanks, i must admit i dont have a Linux Boot CD or DVD.

BTW, just did this to my USB stick...

...i hope it works.
I am loathe to load more antivirus software as i already have norton...and antivirus softwares fight each other.

Also, is another good way to clean virus's off a USB stick to put the files on a laptop...then "format" the USB stick, then put your files back onto it?

 

[BradtheRad]

Also, is another good way to clean virus's off a USB stick to put the files on a laptop...then "format" the USB stick, then put your files back onto it?

Is the laptop your sole computer? Then it's wiser to cut down any chance of exposing it to stuff that you don't know what it might do. A power user like yourself ought to have alternate boot methods, external hard drives, and even an alternate computer.

The internet is abundant with free boot disks:
* various Linux packages (I use Zorin because it's bundled with many applications)
* ReactOS. Windows-like and runs many Windows applications, reads FAT & NTFS formats)
* Ultimate boot disk, Emergency boot disk, diagnostic utilities, etc
* Bart's pre-install Windows environment (years old, limited usefulness)

Usually you download them as .iso. It's not too hard nowadays to burn .iso files to a blank cd to make a bootable cd.

I learned how to remove my laptop's hard disk (IDE or PATA type). I obtained several 2.5 inch drives from Ebay cheap. I swapped them in my laptop and created alternate boot disks. I obtained several external 2.5 inch enclosures. I obtained a second laptop and discovered its hd was SATA. I got a set of SATA devices too.

The event that started me doing the above was when my sole laptop no longer started up. I obtained an external hd. I booted from a DOS floppy. To preserve my data took 70 hours nonstop under a DOS command. That was when I wished I had an extra bootable hard drive.

 

[betwixt]

That video shows probably the worst method to attempt to remove a virus. Simply deleting the files from the USB stick leaves lots of potentially infected stuff behind and also risks re-loading a virus back on to it.

It is imperative that you do not boot from the hard disk, it could already hold a virus. I would not trust ANY Windows anti-virus program to find or remove all viruses (virii?) completely.

Do this:
1. On a known clean computer, download a copy of Linux. Most are available as ISO files (disk images) and can simply be copied to a CD/DVD/USB stick. Any 'live' version of Linux should work, there are many. I suggest Ubuntu for simplicity although I use the KDE version 'Kubuntu' personally.

2. Boot your computer from the device holding Linux. It will be VERY slow compared to booting from HD, especially if using USB2 or optical media.

3. Follow the instructions here: https://askubuntu.com/questions/223598/how-to-format-a-usb-stick. Be careful to select the correct device (sdX where X is the USB stick, it tells you how to discover it in the text). I strongly advise you to add 'status=progress' to the dd command as explained at the end of the page, it lets you see whats going on in real time.

What you achieve by this is overwriting the entire USB stick with 0x00 bytes from end to end, including partition tables, file allocation tables and all storage areas. You are sure it is completely free of anything, then it re-creates the partition and filing system from scratch. When finished you have a stick just like it left the factory, less any junk the manufacturer pre-installs for you. Read the help file on the mkfs command (type 'man mkfs') it lets you format the stick in many ways, including FAT, VFAT, XFAT and NTFS as well as the standard Linux ones.

Brian.

 

[D.A.(Tony)Stewart]

More likely you have installed some slugware that is choking your PC. But you can find find stuff with adwcleaner.exe from Malwarebytes that Norton won't. But for a quick analysis send me the NFO file saved when you run [win+R] msinfo32 then file > Save (yourname.nfo). That will tell me in a instant if there is an easy fix from your startups and drivers. I hate Norton and call it Notrun.exe I have hundreds of apps for Eng, Video editing, players, etc and never run "bigname" Security Suites for over a decade now on Win 7 and love it far more than Ubuntu, Slax, and all the other Linux memes. (don't want or need anymore stinkin' updates) I also like the www.Portableapps.com/apps freebies. But I do monitor all new startups being added, automatically which get run on the next boot. That's the most common source of infection that is easily detected.

 

[D.A.(Tony)Stewart]

Normally with Firefox, Thunderbird , playing music or watching a movie and a few monitoring utilities my CPU is 90% idle.

Here 99% idle is common

 

[cupoftea]

Thanks, ill bear these things in mind. It does puzzle me a bit.....why is it that USB sticks are such effective carriers for virus's?.....i mean, would i be reducing the chance of getting virus'd if i emailed the work computer files to my google drive from the work PC...and then downloaded it from there to my home laptop? (ie, avoid using a USB stick)

And suppose i have a virus'd USB stick...and i download all the files on it to my home laptop.....then the laptop will be virus'd...but presumably i can just re-install windows (whilst keeping the files there and not deleting them)...and then when ive re-installed windows, and removed the USB stick, then i will have all the files off the virus'd USB stick, and no virus on my laptop?

 

[betwixt]

Don't think of a virus as a bad file you can delete. The people who write them are quite clever and use various techniques to hide them. Some are hidden in plain sight, just given a name that sounds like it is legitimate, for example 'disk-manager.exe' so you don't suspect them but the majority either attach themselves to the end of an otherwise good file or make a space for themselves in a reserved place in the memory. The last type are worst, for example they might load themselves inside the boot sector so they run as soon as the stick is inserted or hide inside the file allocation table or even in a hidden partition.

What you have to avoid is having the infected USB stick plugged in to an already booted computer. Most will instantly and automatically load into the memory or hard disk and re-infect any other devices attached, including networked devices. Re-installing Windows, apart from being a pain in the a55 will not remove a virus already stored in the computer and it will immediately re-infect.

If you ever wondered how anti-virus programs run so fast, they work in two ways:
1. index all the file sizes and periodically check to see if they have unexpectedly changed,
2. scan the final few bytes of the files to search for known virus signatures. The theory being that if a virus was anywhere other than tagged on the end it would interrupt its normal operation.

The problem with 2. is self-encrypting viruses are very hard to detect. What they do is save a randomly created decryption key somewhere else, maybe in the registry and after doing their damage they use it to encrypt the virus code. It means every time the virus activates, it looks different so signature matching doesn't work.

There is an unfortunate side effect of .exe and .dll files being relocatable, the routines in them are not stored at absolute addresses but at fixed offsets from the start of the file. The offsets are themselves stored in a table at the beginning of the file. It is quite easy for a virus to 'slot itself in' by installing anywhere in the file and manipulating the offsets so the original parts seem to work normally.

Brian.

 

[G4BCH]

To see how easy it is for a USB stick to place a reverse shell RAT (remote access tool) on you machine see this Youtube video from David Bombal; lots of other computer security info on his channel.

Some RATs don't show in Task manager, only as services and are difficult to remove, these are sometimes used by scammers see

. This one works on Linux & Mac too.

 

[cupoftea]

To see how easy it is for a USB stick to place a reverse shell RAT (remote access tool) on you machine see this Youtube video from David Bombal; lots of other computer security info on his channel.

Thanks, that sounds like whats happened to me.
Do you know how to counter it?
Is the only way to re-install windows?

Does re-installing windows definetely get rid of a virus?

 

[betwixt]

Does re-installing windows definetely get rid of a virus?

No, it rarely does!
You would have to completely wipe the hard disk (not just erase the files on it), partition it, reformat it, then reinstall Windows. Note that you can't do this from inside an installed Windows, you have to boot the machine from a clean external non-writable media to wipe the disk.

Brian.

 

[cupoftea]

Thanks, also supposing i used a USB mouse on the work PC, then come home and connect this same USB mouse to the home laptop, then could that USB mouse spread a virus to the home laptop, just as if it were a USB stick?

 

[betwixt]

A USB mouse is an output device, it has no storage facility so you have no worries. USB flash drives, HDs, memory and Wifi/Phone dongles IF they have storage are all risky. I state WiFi dongles and mobile phone internet dongles because many of them have micro-SD card slots that emulate attached drives.

Brian.

 

[G4BCH]

I'd do as Brian advises and do a clean re-install. If the PC has enough memory, I'd also use a virtual machine for any interaction with third party USB sticks. That way you can keep your PC isolated from any spy ware by not allowing the VM to have access to the host files and disabling clipboard sharing (this should be default set up) and even not allowing it to connect to your network. You could also use Wireshark monitor the network traffic from the host machine and see where, if anywhere the spyware is connecting. By using the VM approach you can reset the VM to a known good state at any time, or take a snapshot and investigate what has been put on without your knowledge.
I regularly run W7 & Linux via a VM on a W10 host. I'd use Linux as the main OS, but the laptop does not run well with it as the main OS, the cooling does not work correctly.

 

[cupoftea]

Thanks, such a "clean re-install" is going to need quite a bit of training up for....

.....As discussed, a virus or malware can infect a computer, such that even a standard windows re-install
cannot remove it.
For most computer/laptop users, this is a disaster, as realistically few people will be able
or capable of doing fixes like erasing boot sectors or partitions.
As discussed, such a virus can enter a computer simply by someone clicking on something
in an email.
So this means that no laptop is safe from disastrous infection.
This is because often one receives daily spam emails into the inbox......the only way to stop these is to
open them and click "Unsubscribe"......and clicking that "unsubscribe" could allow the virus in.
This means that most people should never spend much money on a laptop, as they wont be able to
fix the malware/virus problems which they so easily could get?

 

[betwixt]

Now you know why so many 'anti virus' packages exist and some are extremely invasive on your machine. Even though they all claim to be effective you will find most Windows users have more than one anti-virus program installed.

Sometimes I have to run windows programs but I use 'Crossover' in Linux to run them. It doesn't use any of the MS files but it runs in a sandboxed environment that makes the program think it is running in windows. That way I can select any version of Windows from XP to Windows 10 without needing to install any Windows OS or files at all.

Incidentally, NEVER click on 'unsubscribe', invariably you will find the link has a unique code attached to it. The code identifies who it was originally sent to, when you 'unsubscribe' all you do is confirm your email account is live and active.

Another thing to watch for is images in emails. Most people use HTML mail which can be very dangerous. The images are not stored in the email, a link to fetch the image is stored instead. You see the image as expected but because it 'called home' to fetch it, your identity has been confirmed.

Brian.

 

[G4BCH]

So this means that no laptop is safe from disastrous infection.

That's right, true for any computer or smart phone. Good digital hygiene is as important as anti-virus etc as a first line of defence. Only click links if you trust the link, 'drive-by ' malware is easy to place on a PC.
When you set up your PC I'd recommend setting up 2 accounts, admin and user, user has minimal privileges, like on a Linux system. The account names I use are anonymous and have passwords.
To help protect against failure or ransomware attack I'm almost paranoid about backing up all irreplaceable or important files, and don't keep personal information on the device. I've been asked for help by too many people who have damaged their phones or PCs and have effectively lost their digital lives because they had no backup at all.
For a well locked down PC you could try Tails or Qubes OS, but perhaps that's a bit too far for general use.

 

[betwixt]

Same here, I keep a mirrored image of all my /home, /opt and /usr files daily and copies of all my personal files and programs for re-installation on the mirror and also on two other drives, networked but in other buildings.
Call me paranoid but I also carry a backup with me if I'm away for any length of time! Never lost a file in 40+ years.

Brian.