I found a worm on my USB

possiblylinux127, 14 days ago

The malware probably turned of defender. Try an offline scan

chevy9294, 13 days ago

Actualy the malware somehow deleted windows defender and disabled automatic updates. I install MalwareBytes and run full scan and removed it.

anarchist, 14 days ago

Lisan al ghaieb!!!

hanrahan, 15 days ago

Same thing happened to RFK Jr

laughterlaughter, 13 days ago

This was funny, but ugh - I hate when U.S. politics creeps into my tech discussions.

ohwhatfollyisman, 15 days ago

we’ve found the early bird.

SoupBrick, 15 days ago

Would you love your USB if it was a worm?

InternetCitizen2, 15 days ago

Yes.

KazuchijouNo, 15 days ago

What if it didn’t exist? Would you still love your USB then?

sag, 14 days ago

Yes

TheAnonymouseJoker, 15 days ago (edited 12 days ago)

Flamethrower and hammer, to be sure.

Joke aside, Kaspersky Virus Removal Tool is the tool you need. Download a fresh copy and put it on a USB stick. Whatever Windows computer you need to disinfect, restart in safe mode and copy KVRT. It is standalone and runs offline and can be removed after use. It will scan the whole system. Its malware removal rate is approximately the same as Kaspersky suite, so you know it will do the job.

Edit: turns out there are brainwormed redditors out here. Ignore their downvotes and you will be fine following advice.

possiblylinux127, 14 days ago

You could just do a Windows defender offline scan.

TheAnonymouseJoker, 14 days ago

Windows defender is almost useless. It heavily relies on cloud for scanning. This is not a problem with special offline tools that some AV companies provide to disinfect systems that may not be able to connect to a network.

I recommend you check PC Security Channel to see how Defender works against ransomware when internet is turned off, versus on. You can also check performance of other AVs. He is the most reputed resource on benchmarking AVs if you want to see frequent updates, and a rare one that is not biased or rooted in nationalistic or weird biases, since he has his Patreon, Discord and a lack of dependence on lackeys.

possiblylinux127, 14 days ago

Yeah I didn’t say it was perfect but does happen to be baked it

stevedidwhat_infosec, 15 days ago

I’ll also toss this hat into the ring - sysmon this is essentially a logging tool thats a bit better/nicer than the windows default, and categorizes all logs into very neat buckets that will make watching out for strange shit much much easier.

Sysmon is part of the sysinternals suite (vetted by the community + microsoft, which is sayin somethin lol) and you can make use this as the config file to use (Uses industry-standard MITRE Att&ck framework) which you can then use to correlate to more threats/malware authors/malware artifacts if you really wanna get your hands dirty/have some fun

borari, 15 days ago

To level set, Microsoft owns SysInternals, and has since 2006. None of it is “community vetted”, to me that implies FOSS or something.

Imprint9816, 15 days ago (edited 12 days ago)

Why would “community vetted” imply FOSS?

Microsoft has a massive community of users and sysinternals is highly regarded amongst amateur and professional users alike. The term “community vetted” makes perfect sense in this context.

borari, 15 days ago

Yeah, I use SysInternals stuff every day. Neither myself nor the community has vetted SysInternals tools any more than they have vetted outlook, teams, or word. Unless I’m misunderstanding the meaning of vetted.

Vetting in a program/application context as I understand it is that the code has been vetted, which can only be done by the community at large if the source code is provided. Just like with a person, vetting is doing an actual background check, where as vouching for someone is just one person telling a second person that a third person is chill or something.

BeatTakeshi, 15 days ago

RFKJr can take it in, he’s got a free slot

stevedidwhat_infosec, 15 days ago

Here’s probably all the info you could ever need:

redcanary.com/blog/…/raspberry-robin/

Next, you need to get your systems scanned and cleaned. Malware bytes is likely enough, but I always recommend BitDefender. Their efficacy rates are always fantastic, and they have been leading the industry for several years now. Download the AV on a clean system, put on clean flash drive, and install that way.

Last, you’re gonna need to reset your passwords. Yes, I know that’s toxic af. But this is the reality and why we always need to be veeeery careful with what we do. This worm communicates with a c2 server which means it can update itself which makes detection hard, and it also means that, at one point it may have been spying on your activity (and it likely was if not continues to)

This stuff happens, don’t beat yourself up too much. Live and learn

chevy9294, 15 days ago

Thank you for the link, it will help for sure!

I (not me but my family) always used just default Windows Defender but I heard good things about Malware bytes and BitDefender, I’ll checked them out.

stevedidwhat_infosec, 15 days ago

Bitdefender usually goes on sale too - check for coupon codes, don’t pay full price. Plus you get like 5 devices with your license IIRC. Worth a shot

chevy9294, 15 days ago

Oh it’s paid… I would rather install Linux, I don’t pay even for Windows.

Jumuta, 14 days ago

if you’re changing all your passwords and switching to Linux anyway consider using a free software local password manager like KeepassXC, I use it along with syncthing and it’s great

stevedidwhat_infosec, 14 days ago (edited 11 days ago)

And you got what you paid for, no?

I believe there is a free version as well but don’t think just because you’re installing Linux that you’re somehow safer.

There was just a package that was essentially socially engineered into by a hacker, who then had full access to everyone’s shit.

All because a GitHub author was pressured into letting them contribute to code. Mac/Apple are no different and starting to be more and more vulnerable as the “security by obscurity” wears off.

Free tools are fine and well, but that stuff is done for free. Including maintainence and everything else. In times like these, ain’t nobody got time for that anymore. People need to make a living and you will see degradation in the products thusly

laughterlaughter, 13 days ago (edited 9 days ago)

I didn’t downvote you, but I think you’re assuming waaaay too much about OP’s life circumstances. For al we know, he’s an Argentinian teenage girl with an allowance, or a Vietnamese retired fisherman with no life savings.

stevedidwhat_infosec, 13 days ago

Could be. However, the point stands, you’re gonna get what you pay for in the end. Not trying to be a dick ofc, but that’s the reality.

There are some well performing options that are free, but they are limited, and not too common imo

If anyone does have some good options, feel free to share as I may be unaware of them and think learning about them would be neat

apotheotic, 14 days ago

Windows defender along with a system hardener (like hard_configurator) can actually be quite insanely strong, especially since windows defender starts working and blocking stuff long before non-system apps, which can be a big boon. This approach is also free (if you have windows) which seems to fit your needs!

possiblylinux127, 14 days ago

I’d start with a offline scan.

If possible wipe the drive from Linux and reinstall Windows. Be mindful of any files as documents and other files can sometimes hide things. Make sure you reset all passwords as well. Start with email passwords and then go up from there.

sramder, 15 days ago

Doesn’t virus total display a list of the AV software it triggered?

I generally use Malware Bytes on windows but I don’t know if it’s effective against that particular virus.

chevy9294, 15 days ago

Yes it does but I haven’t checked whichones do end whichones don’t. But half of them do, thats important.

sramder, 15 days ago

Yeah, use one of those to clean it up. At least that’s where I’d start.

techognito, 15 days ago

Have you run a full scan using Windows Defender?

Can you confirm that the worm is actually running?

AV software may remove the installed worm from the system, but not from the drive.

Probably a good idea to reformat the USB drive

PS. if all else fails, nuke and pave (reinstall the computers in your household, including your linux machine)

You should do this offline, as in, quarantine the situation.

stevedidwhat_infosec, 15 days ago

Windows defender also has an offline scan mode which may be of use here - hard to say, dunno if they ever dropped a rootkit or any other av-dodging/persistence mechanisms

possiblylinux127, 14 days ago

Time to switch to Linux (joking)

techognito, 14 days ago

That would be a valid option, but only if there are no windows dependencies and the primary user agrees to the change.

With all the Win11 spam in Win10, my grandmother decided to try Linux. She is now a 90-year-old Linux user. Her use case is YouTube and email, and I have to support the system (I had to do that for the win10 system as well).

melroy, 15 days ago

Try to clean your USB stick. Remove the worm and maybe use a cloth to remove the dirt.

SomeBoyo, 15 days ago

I would use a microwave to kill any worms / eggs still remaining, just in case.

melroy, 15 days ago

Try C-band UV Lamp instead.

SomeBoyo, 15 days ago

At the end of the day, if nothing help’s, kill it with fire.

melroy, 15 days ago

Do you want to see something cool? See: https://www.youtube.com/watch?v=Uf4Ux4SlyT4

some_guy, 15 days ago

Rubbing alcohol should work in a pinch.

geoma, 15 days ago

Better use a biologic solution. Put the usb outside with some seeds nearby to attract birds that should eat it

geoma, 15 days ago

Better use a biologic solution. Put the usb outside with some seeds nearby to attract birds that should eat it

chevy9294, 15 days ago

I’ll clean all USB sticks the house, just to be sure.

melroy, 15 days ago

yea microwave all your sticks in your house at full power for 15 minutes.

possiblylinux127, 14 days ago (edited 11 days ago)

Then mix bleach with ammonia

(Don’t actually do this as it generates chorine gas which is quiet deadly and unpleasant)

melroy, 14 days ago

(what did you say? I can't read or ty.e mani 93

goldfndr, 14 days ago

In other words, wipe the USB stick.

melroy, 13 days ago

nowadays there is also malware that actually infect the firmware. Meaning just wiping the content isn't good enough anymore. Same is true for BIOS worms/infections.

turtlepower, 15 days ago

Even if this is the wrong community, I’m glad you posted it here because I might not have seen this otherwise. Honestly I don’t think this is the wrong community because to me, privacy and security go hand in hand. I wish I could help you, but in any case, good luck. I hope you get it taken care of!

TCB13, 15 days ago

And here I was under the impression that using USB storage for anything else than installing operating systems was a thing of the past.

DharkStare, 15 days ago

Out of curiosity, what do you use to transfer files between computers?

TCB13, 15 days ago (edited 12 days ago)

SMB (NAS), Syncthing, FileBrowser, snapdrop.net, email and sometimes public cloud services…

Grunt4019, 15 days ago

Localsend

realbadat, 15 days ago

SCP or a share on a NAS, personally.

delirious_owl, 15 days ago

Not everyone can afford a NAS

realbadat, 14 days ago

What does that have to do with the question I replied to?

Oha, 14 days ago

You dont need a Nas to transfer files over your local network

delirious_owl, 14 days ago

But where do you store them? My computer isn’t big enough for videos. Thats where cheap USB drives come-in

Oha, 14 days ago

HDDs are cheap.

delirious_owl, 14 days ago

Not as cheap as USB drives

WordBox, 14 days ago

You can pick up old PCs for free-$50 that’ll suffice for a nas.

delirious_owl, 14 days ago

Maybe you can, but most people don’t have the money or the time. Check your privilege.

Oha, 14 days ago

sftp.

sorter_plainview, 14 days ago

Syncthing and LocalSend.

Syncthing is used if it is not a one time transfer. LocalSend is mainly for one time transfer. LocalSend needs things to be in the same network. The same WiFi router is enough. Syncthing can send files over the internet also.

There are browser based alternatives like ShareDrop . These tools are not as reliable as Syncthing and LocalSend, especially when it comes to single large files (more than a few GBs), like ISOs.

For one time transfer over the internet, another handy tool is Croc . This one also suffers from the large file related issues.

user224, 15 days ago

If I want to quickly share something from my phone, I use NGINX in Termux with autoindex enabled.

No need for anything else than browser on client-side.
Actually, on Play store there’s also a simple GUI app called “Simple HTTP server”, but NGINX feels fancier.

Just a tip if you want to try this:
By default, error logs are kept. One source of errors is interface suddenly disappearing (i.e. your phone got disconnected from network). This error will be logged as quickly as it can be.
What happened (when this occurred)? I found my phone stuck in bootloop. The error log filled internal storage to the last byte causing Android system to crash and unable to reboot, which it tried again, again, again,… Bootloop. I just found my pocket suddenly feeling unreasonably hot.
In my case, forcing it into recovery, turning it off from there and retrying boot up freed 17MB from somewhere, allowing the phone to boot up.
Alternative to that would be a hard reset.

Sounds crazy, but any app could fill the internal storage like that.

Dave, 15 days ago

Personally, most stuff is in cloud storage. For local stuff I use syncthing.

But for the average person, I’d expect using iCloud, Google Drive, Onedrive, or Dropbox and then creating a shareable link for the other person.

I also can’t remember the last time I used a USB drive for anything other than installing an OS.

user224, 15 days ago

Deleted: Replied to wrong comment

Player2, 15 days ago

Ventoy is very useful for diagnostics too

TCB13, 15 days ago

And rEFInd, GParted Live… SystemRescueCd.

seaQueue, 15 days ago

NVMe in a USB enclosure makes a pretty rad backup target a couple of times a week. The whole job is over and done in <2 minutes.

TCB13, 15 days ago

Yes, that’s true but I’m no longer doing that. Everything sync to the NAS using Syncthing that in turn is set with file versioning and weekly snapshots.

delirious_owl, 15 days ago

Wut. Its where I store photos and videos

possiblylinux127, 14 days ago (edited 11 days ago)

That’s not a good practice as USBs aren’t designed for long term storage. Maybe build some sort of NAS.

ricdeh, 14 days ago

Lol any kind of flash storage suffers from degradation over time, it doesn’t matter whether you attach a computer to it or not

possiblylinux127, 14 days ago

That’s why you do not use flash drives. They are the worst of the worst.

hanrahan, 15 days ago

All the time, right now copying 400 MB onto one as an eBook Calibre library backup.