Saturday, April 4, 2009

Write protecting USB memory sticks

Have you ever plugged in your USB memory stick and then get a warning message saying that a virus has been found on it? The anti virus program will remove the virus but how did it get there to begin with? The signs that your memory stick is infected may include an executable found in each directory on the memory stick. For instance a utilities directory might have a file called utilities.exe that is the virus. Also look for a hidden system directory in the root directory called zpharaoh. The problem with virus' on memory sticks is so serious that the Pentagon recently banned all USB memory sticks.

After a while I found the infected computer that had put the virus onto my memory stick. Every time I plug in the memory stick the virus infected it and disabled the anti virus program on the memory stick from being installed in order to fix the computer. There are two possible solutions, one is to boot from a CD and then reformat the hard drive, just reinstalling Windows will not remove the virus. The other solution is to remove the hard drive and set it up as an external USB drive with an IDE to USB adapter. Then you can either scan the drive and remove the virus or you can at least copy all of your important files off the drive before you reformat it. Below is a picture from scanning the hard drive as an external USB device. Make sure your anti virus software is up to date before doing this or your computer will be instantly infected.

If you remove the virus from the drive with an anti virus program make sure that the virus infected files are actually deleted. Some anti virus programs will see that they are critical system files and will not remove them unless you tell it to remove them. Once the hard drive is cleaned you can reinstall it into the computer and then you will need to reinstall Windows, but be sure to do a clean install of Windows or there will still be several programs that will not work such as notepad, paint, etc.

Another solution would be to write protect the USB memory stick, right? Well doing that is not as simple as you might think. The computer has to be able to send things to the memory stick in order for the memory stick to know what you are looking for on it. So you would have to write protect the memory on the memory stick but you can not disable writing to the memory sticks controller.

My brother suggested that I try using camera memory sticks, because some of them have write protection built into them. First I tried using a SD memory card and a USB adapter. However thought matter what position the write protect switch was in the memory can always be written to. As it turns out the SD card depends on the device it is plugged into to prevent writing to the memory. No USB adapter bothers to read the status of the SD cards write protect switch and so they allow you to write to the SD cards memory either way. Most of the newer SD cards do not even have the write protection switch on them.

Next I tried using a Sony memory stick. I happened to have one of them in my older Sony camera. It worked perfectly allowing you to read from the memory stick but when you try to write to it a message comes up saying that it is write protected. However like the newer SD cards the newer Sony memory cards no longer have a write protection switch on them. The older memory sticks are called 'Memory stick' and 'memory stick pro' and they have the write protect switch but not the newer ones that are called 'memory stick pro duo'.

The size of the ones with the write protect switch goes up to 512 MB and there are some 1GB memory sticks with a write protect switch but not all of them. Many of the imitation Sony memory sticks also have the write protect switch as well. However 512 MB is usually enough memory to put all of the necessary utilities on it. The older Sony memory sticks do not fit inside of the USB adapter, they stick out of the end and prevent putting the cover back on.

I would recommend that you have the following programs on the protected memory stick;
AVG - Free anti virus program
Startup - Removes programs that are starting automatically
MRT - Microsoft malicious software removal tool program
Stinger - McAfee's free program to scan and remove virus's


axesan said...

This information looks usefull i had a pc for making music that i think was fully clean from malware and viruses etc but a freind of mine brought round a usb stick with song files to show me and both times my computer when from perfect to unusable.

hope he will learn and i can figure out the best protection/provention mesures

OJM said...

You could always disable writing to any USB device on that PC, until you've scanned it, then can re-enable writing to USB.

1. Run Registry Editor (regedit).

2. Navigate to the following registry key:

3. Create a New Key named as StorageDevicePolicies.
Highlight StorageDevicePolicies, and then create a New DWORD (32-bit) Value named as WriteProtect.
Double click on WriteProtect, and set its value data to 1.

LokIT said...

Hundreds of millions of USB flash drives are currently in operation around the world, with the vast majority not offering proper usb protection