Today I'm going to use my blog to help push a message that I think is important. Even though this post is long and techy and only a fraction of you will want to read beyond this sentence, I still think it's worth reading - especially if you are running Windows XP and haven't updated your virus protection software recently.
Over the last few weeks Virus Stompers has been very busy. This is a good thing in that people are finding us and using our services. And for that we thank you. But unfortunately these people are needing our help because there is a very nasty virus circulating right now that is highly infectious, and I thought it might help if I shared what it's about.
Basically, there is a set of Trojan files that are able to embed themselves onto your hard drive, which have the ability to very quickly transfer themselves over to an external USB device such as a thumb drive, SD card or external hard drive. These files are:
trojan.dropperAnd not only will they write to your thumb drive, but they will also write themselves back to any computer you plug it into - instantly! I've experienced this myself. Here's what happened...
The other day a local customer called because his computer had lost the ability to run anything. Because he was unable to access the internet he brought his tower over to our office. Normally in this situation, we will boot the computer up in safe mode, install our virus clean-up programs and fix the problem. But in his case, the virus had worked its way down into his operating system and we weren't able to even run the computer. So, I took the next step, which is to remove the hard drive and scan it from one of our shop PCs instead using special USB cables.
In this case the virus was so new that my own PC's software wasn't even aware of it and it wrote itself onto my hard drive as well, totally unbeknownst to me.
Fast forward to later, after we had finished cleaning up his hard drive and put it back into his tower. I needed to put a file onto his PC so I used my thumb drive to copy it from my (now infected) PC back over to the customer's freshly-cleaned PC - which I had yet to update with the latest virus protection. BAM!!! within 2 seconds the virus was transferred right back onto his PC and I had to do the whole cleanup all over again.
So here's the takeaway lesson for all of you...
If you are running Windows XP (Home Edition or Professional), your PC is set by default to automatically run anything that is plugged into the USB port. Plus, most thumb drives also have a file (that is hidden) called autorun.inf that will automatically run when you plug it in as well. This is why you always see that box open up that shows you all the contents of your thumb drive so you can select which things you want to open. However, the same functionality that shows you that box is also the same functionality that runs the virus. What happens is the virus writes itself to the the thumb drive's autorun.inf program and is programmed to transfer itself to whatever host it is plugged into.
So what should you do?
If you don't want to delete the autorun.inf file from your thumb drive, you should at least use this method of opening your USB devices instead:
Hit the WINKEY+E (hold down the key with the Windows symbol on it and press the "E" key at the same time) to open Windows explorer. Then click on the USB drive from the left hand file tree as opposed to just double-clicking it from the list of drives on the right side panel.Doing it this way will not run the autorun.inf program (including any viruses resident within it), but will directly display the contents of the drive instead. From there you can open the files you need without the risk of executing the autorun.inf virus.
Turn off the Autorun feature from your PC. Unfortunately, there is not a simple button to check in Windows XP to do this. But fortunately, I've written the instructions here just for you (see Recommendation 1 under Other Recommendations).
Make sure your antivirus software is running, and most importantly - UP TO DATE!
After you have turned off your autorun feature and updated your antivirus software, scan all your external USB devices.
I know this all seems boring and complicated, but this virus is very destructive. In fact, if left untreated it will destroy your operating system to the point that your only option is to reformat your computer and reinstall Windows, which we had to do for one customer just last week. So if this post keeps even one of you from having to go through that, then it was worth it. And as always, please feel free to ask us any questions you have about your PC or viruses in general.
Also, if you want to see our Facebook "tips of the week" that highlight the latest threats and contain helpful tibits such as this, you should befriend Virus Stompers here. In the meantime... stay clean!