lunes, 26 de marzo de 2012

Malware Took over a Pendrive? Linux Goes to the Rescue

I had been away from blogging for a month. I've been working hard on several projects and, since my Linux systems work seamlessly, I've been able to concentrate all my efforts and energies in those projects.

Today, a coworker asked me for help. Her pendrive had been infected with malware and thus, her folders and files had been hijacked. The virus made them invisible (for Windows; they were perfectly visible on Linux, :P) and, as usual, there were some fake folders with the names of the original ones. Of course, the fake folders were no folders at all...they were files pointing to the virus.

What are the Windows ways to recover from that?

1. Downloading any "savemeplease" software (trial version), installing it, and then running it.
2. Running a very good antivirus while hoping it will make things normal again.
3. Using the Windows command line to correct the problem.

Well, I decided to use the third option, just for the sake of trying it. I ran cmd.exe.

Then, I tried the "attrib -a -h -r -s" trick... didn't work. Perhaps I should have chosen option 1?

Well, instead, I just used my Linux system to copy the folders from the pendrive and back. In this case, I didn't need anything else. The magic was done. Right, just by doing that.

Hey Windows users, Linux doesn't bite. The penguin is friendly and it certainly can help you a lot. I don't even remember the last time sweat ran down my temples and I hesitated before plugging my pendrive into someone else's PC.

5 comentarios:

  1. Yeah it's very easy with linux when the problems are made for windows. BTW were the files invisible to windows as in "hidden"? I'm used to deleting malware in windows the same way as in linux by enabling all types of views so I make I see the whole thing and then erase the virus/etc.

    1. Hi Fenrir,

      Although the virus folder itself was hidden (my coworker deleted it before I had time to add it to my collection T__T), the hijacked folders were totally invisible. Simply put, they didn't exist...not even for cmd.exe. On Linux I could see them normally, but Windows showed and empty USB drive, even using the Windows command line. The virus also changed the pendrive's name to some letters. Interesting, right?

  2. There are times, also, in which viruses survive a format of the pendrive. I've seen that more than twice.

    And there are times in which you have to gear up all the Linux weaponry to subdue an infection, too. I bet simply "Show hidden files" in Windows is to no avail then.

  3. Right, "Show hidden files" won't show them. The one you need to uncheck is "Hide protected operating system files". If after that you can't see them then yeah, you'll have to try with linux. Of course, trying with linux from the start should be the way to go, however just in case you don't have your linux netbook around, or just feel lazy.

    1. Thanks for the tip. I'll try it out next time a colleague comes with an infected USB stick, which, by the way, will happen soon, I believe.