Arin

Level 3
I use kaspersky internet security but it does not protect my pendrive. Today I saw something called "newfolder.exe" was automatically creating folders and subfolders flawlessly but kaspersky did nothing. Actually kaspersky couldn't prevent. Also detected "autorun.inf" and asked me to do a restart. I restarted thne again same thing happened. Then I went to my friends house then I scanned my pendrive on his pc with Norton. norton detected something called trojan and immediately removed that **** from my pendrive and helped me to get trolled as I'm a kaspersky fanboy :( sorry I forgot to take screen shot.
How to get rid of this kind of usb virus or so?????

do note that norton deleted virus from my pendrive along with all my documents without single permission.
 

Game Of Thrones

Level 5
Verified
Since in my country many of the malwares are transferring using USB drives, i could have tested many antivirus programs with this kind of malwares, the best USB protection I've seen was from norton Kaspersky and bitdefender, usb protection is tricky since repairing the damage is sometimes much more important than detecting it, in your case, there were problems i think, Kaspersky was not scanning the USB for some reason but since you said it blocked the autorun it seems that it scanned it, so i do not know what was the problem but i can assure you that new folder virus and LMK virus are nothing for programs like Kaspersky and norton, and they nearly detect 100 percent of them. About norton deleting your files i think the files are there and are hidden, check the storage capacity and see if it got empty or the data is there but not showing in the Explorer, most of the time some antivirus apps are detecting the threat in usb and just deleting it. What I've seen was that nearly just bitdefender and Kaspersky are able to do a good repair of USB malwares and bring up! (since most of the time they are hidden) the files. Specially bitdefender, even big names like trend micro are lacking in usb repairs. That's why i say the testing labs should have the test about usb protection which nearly none of them does this, what they do is just coping the exe files of the malwares to the system for just testing of the different malware input, so not with an actual infected usb. Just coping a exe files to the system. Do not format the flash since most of the times your files are there just they are hidden, change the setting of windows to show the hidden files, then go to the usb and see if your files are there or not, if not a simple search in google about new folder virus and LMK virus can help you to get your files back.
 

ZeroDay

Level 28
Verified
Malware Tester
Did you add your pendrive to the 'Scope' part of Kaspersky scanner.

Edit: And before scanning your pen drive with Norton did you right click scan your USB with Kaspersky?
 

Game Of Thrones

Level 5
Verified
Did you add your pendrive to the 'Scope' part of Kaspersky scanner.

Edit: And before scanning your pen drive with Norton did you right click scan your USB with Kaspersky?
Kaspersky scans USB everytime, no need to add it to scope! In default settings it scans, even if not, if the malware starts it will detect it without scan.
About second question from the things that he said it seems that Kaspersky did something but not completely, norton was completed the job but since the process was broken, it couldn't repair the drive. ( i think if norton was the first app that confronts with this malware MAYBE it could have repair the drive since it seems that it detected the malware itself.) i answered just for saying my opinion of course the writer should answer this. :):rolleyes:
 

askmark

Level 12
Verified
I use kaspersky internet security but it does not protect my pendrive. Today I saw something called "newfolder.exe" was automatically creating folders and subfolders flawlessly but kaspersky did nothing. Actually kaspersky couldn't prevent. Also detected "autorun.inf" and asked me to do a restart. I restarted thne again same thing happened. Then I went to my friends house then I scanned my pendrive on his pc with Norton. norton detected something called trojan and immediately removed that **** from my pendrive and helped me to get trolled as I'm a kaspersky fanboy :( sorry I forgot to take screen shot.
How to get rid of this kind of usb virus or so?????

do note that norton deleted virus from my pendrive along with all my documents without single permission.
Was KIS at default settings or customised?
 

rockstarrocks

Level 20
Verified
In India infected USBs are pretty common. For me defender fared much much better than other 3rd party AVs in the case of those nasty Autorun viruses, the only exception was Quickheal (i know it sucks in other departments but USB malwares is it's silver lining).
I asked almost the same question here in MT & was suggested MCshield and Smadav. And unfortunately (or fortunately) i haven't been able to see MCshield in action.:)
 

Arin

Level 3
Did you add your pendrive to the 'Scope' part of Kaspersky scanner.

Edit: And before scanning your pen drive with Norton did you right click scan your USB with Kaspersky?
I didn't do anything everything is by default.

Yes I did right click scan with kaspersky several times.
 

WinXPert

Level 24
Verified
Trusted
Malware Hunter
Your pendrive protection should be as good as your antivirus. But there are ways to add some layer of protection to complement your AV
  • Disable autorun.inf
  • Use McShield, No Autorun, USB Guardian or similar program. Note: I use EAM and 360 TS so using any of this is redundant
  • If you have NVT EXE Radar Pro, disable all programs from USB drives from executing
  • Use common sense. Don't click on any shortcut or on any application disguised as a folder (Application using a folder icon
  • Use Detailed View when navigating flash drives
  • Use A43 or similar instead of Explorer
F 5242017 94707 AM.bmp.jpg



I use kaspersky internet security but it does not protect my pendrive. Today I saw something called "newfolder.exe" was automatically creating folders and subfolders flawlessly but kaspersky did nothing. Actually kaspersky couldn't prevent. Also detected "autorun.inf" and asked me to do a restart. I restarted thne again same thing happened. Then I went to my friends house then I scanned my pendrive on his pc with Norton. norton detected something called trojan and immediately removed that **** from my pendrive and helped me to get trolled as I'm a kaspersky fanboy :( sorry I forgot to take screen shot.
How to get rid of this kind of usb virus or so?????

do note that norton deleted virus from my pendrive along with all my documents without single permission.
You can give me a copy of your newfolder.exe so I can play with it and do some analysis.
 

ravi prakash saini

Level 13
Verified
this kind of usb virus are very common in india,rest assured every antivirus solution ,big or small,is capable of detecting them. however antivirus do not unhide the files hidden by virus .for example I insert my usb drive in any virus infected system and all my files get hidden now if I insert my usb drive in another system how can antivirus know if I had hidden my files intentionally or not casue hiding or in unhiding is legimate Windows commond.
So either one can unhide files manually using attrib commond or can use some utility .I personally use folderfix.exe. you can give it a try
 

WinXPert

Level 24
Verified
Trusted
Malware Hunter
this kind of usb virus are very common in india,rest assured every antivirus solution ,big or small,is capable of detecting them. however antivirus do not unhide the files hidden by virus .for example I insert my usb drive in any virus infected system and all my files get hidden now if I insert my usb drive in another system how can antivirus know if I had hidden my files intentionally or not casue hiding or in unhiding is legimate Windows commond.
So either one can unhide files manually using attrib commond or can use some utility .I personally use folderfix.exe. you can give it a try
Same here. Anyway these kinds of worms are easy to remove. About your AV, detecting is one thing, preventing it from doing the unhiding your folder and files is another. If that is the case, better replace your AV, it's not doing it's job properly. Or maybe it's the way it is setup.

  • McShield can automatically unhide all hidden files/folders in your flash drive in seconds
  • 360 TS can automatically scan your USB drive if it is infected and unhide your files/folders at the same time
  • ATTRIB is not an antivirus. Useless to use on an infected system. It can change the attribute of files but since the worm is active, it will just unhide the files again on its next scanning cycle. Just like playing cat and mouse.
  • Best way to disinfect the system first then unhide your files last.
 

Duotone

Level 10
Verified
My friend had the same issue with Kaspersky before. Try adding SMADAV in your setup if you always use your pendrive, its not that well known like MCshield but it does an excellent job in protecting from USB virus even against scripts/macro... just don't use the on-demand scanner, a lot of FP's!
 

Game Of Thrones

Level 5
Verified
UsbFix : Free USB Anti-Malware
This was one of the best when i had the issue with usb malwares, they are bitdefender partner so i think thats why bitdefender is really good in usb protection, mcshield is not updated for a long time.
this kind of usb virus are very common in india,rest assured every antivirus solution ,big or small,is capable of detecting them. however antivirus do not unhide the files hidden by virus .for example I insert my usb drive in any virus infected system and all my files get hidden now if I insert my usb drive in another system how can antivirus know if I had hidden my files intentionally...
Same here. Anyway these kinds of worms are easy to remove. About your AV, detecting is one thing, preventing it from doing the unhiding your folder and files is another. If that is the case, better replace your AV, it's not doing it's job properly...
My friend had the same issue with Kaspersky before. Try adding SMADAV in your setup if you always use your pendrive, its not that well known like MCshield but it does an excellent job in protecting from USB virus even against scripts/macro... just don't use the on-demand scanner, a lot of FP's!
 

WinXPert

Level 24
Verified
Trusted
Malware Hunter
SMADAV is crappy and useless. There are way much better FREE alternative antivirus/antimalware solution. You can even try 30 day trial software which is way much better than Smadav.

  • For one, Smadav treats all VBS as malware. That's crap! Even a hello world script is malware.
  • Doesn't have heuristics
  • Doesn't have Behavior Blocker
  • Can block wscript host so some claim that it's effective. If you want to block wscript.exe, a simple registry hack can do that, no need for another redundant AV
  • Try scanning a clean system and you'll have additional detections
  • Claims to block wannacry2, but only one variant and detection is sig based
If your AV is good enough, If you set it up right, if you have additional layer or protections to complement your AV, there's no need for another AV for USB protection like smadav
 

Duotone

Level 10
Verified
My suggestion was of an average user, for an average computer user, with minimal configuration involved.

Smadav today focused mainly as additional protection (second layer) antivirus, and for protecting/cleaning USB Flash-disk from virus. Trying to leave the old blacklisting methods, we develop intellegence technique to detect malware, we use behavior, heuristic, and whitelisting methods, and also we are still developing our next-gen antivirus with machine learning and data mining methods. Smadav Antivirus 2017 - Official Website
SMADAV is crappy and useless.
Depends on the user... if it works for him, conform to his needs(protection/cleaning USB) then how can one say its useless or crappy?!