Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Malware Analysis
Several Drive infection
Message
<blockquote data-quote="struppigel" data-source="post: 903386" data-attributes="member: 86910"><p>Hi,</p><p></p><p><strong><span style="color: rgb(44, 130, 201)">The short answer is:</span></strong></p><p>Yes it can happen, but it depends on the type of malware.</p><p></p><p><strong><span style="color: rgb(44, 130, 201)">The long answer:</span></strong></p><p>The majority of infections resides on the drive the operating system is on. Malware very commonly uses the registry to autorun and will put their file copies on the system drive to persist. For those kinds of malware it is enough to only reinstall the OS. Even if it is a ransomware infection, it will in most cases "just" encrypt files on all the attached drives, but not create any infectious files there. Meaning: Those files are encrypted or ransomnotes, but in most cases completely harmless.</p><p></p><p>There are two types of malware that spread to other drives: <strong><span style="color: rgb(65, 168, 95)">Viruses</span></strong> (in the sense of "file infectors") and <span style="color: rgb(65, 168, 95)"><strong>worms</strong></span>.</p><p></p><p>Viruses attach themselves to other files, turning them into malicious files which are also infectious. Those files would be backed up if you copy them to another drive. Worms that spread via drives will often place themselves alongside of the legit files on the disk and trick the user into executing them.</p><p>Viruses are usually not something your system gets infected with if you have an AV and follow common security practices because they are often old and well-detected by AV software.</p><p>Drive worms are more common and may also infect systems with an up-to-date AV.</p><p></p><p>Last but not least: You may also have a <strong><span style="color: rgb(65, 168, 95)">trojan</span></strong> and not recognize it as such and do the mistake of backing it up to the drive. That's a program that seems legitimate but has a malware attached to it. It doesn't necessarily infect other files or the drives, but everytime you run the supposedly legit program it will infect the OS again. This happens commonly with beloved adware installers and cracks where the users of those programs refuse to acknowledge the AV detections as legit and may put them into the allowlist for the AV.</p><p></p><p><strong><span style="color: rgb(44, 130, 201)">You should suspect that the infection is a worm or virus if one of the following is true:</span></strong></p><ul> <li data-xf-list-type="ul">the detection name contains "worm" or "virus"</li> <li data-xf-list-type="ul">the detected files are located on USB flash drives, external drives or your drive that is not the OS</li> <li data-xf-list-type="ul">the detected files are high in number (hundrets or more) and on files that are usually legit, e.g., belong to the operating system</li> </ul><p></p><p><strong><span style="color: rgb(44, 130, 201)">Removing an infection:</span></strong></p><p>For most malware it is enough to reinstall the OS.</p><p></p><p>If you know or suspect that your system was infected by a drive worm or virus (file infector), you will have to be very cautious and clean/wipe all attached drives as well as USB flash drives or external drives that were plugged in at the time of after time of infection. Worm infections can be cleaned by having an AV delete all worm related files.</p><p></p><p>After virus (file infector) infection it is recommended to not attempt to repair or fix infected files but wipe everything. Files with an attached virus cannot be turned back to the way they were. Some information in them gets destroyed. Tools that repair those files often leave in some traces of the virus and cause AV software to still detect those files as malicious.</p><p></p><p><strong><span style="color: rgb(44, 130, 201)">Mitigation:</span></strong></p><p>Use an external drive for making backups that is not plugged in all the time. This will prevent the spread of an infection to the drive. It also helps in case of ransomware infection that the ransomware cannot access the backup drive at the time of encryption.</p></blockquote><p></p>
[QUOTE="struppigel, post: 903386, member: 86910"] Hi, [B][COLOR=rgb(44, 130, 201)]The short answer is:[/COLOR][/B] Yes it can happen, but it depends on the type of malware. [B][COLOR=rgb(44, 130, 201)]The long answer:[/COLOR][/B] The majority of infections resides on the drive the operating system is on. Malware very commonly uses the registry to autorun and will put their file copies on the system drive to persist. For those kinds of malware it is enough to only reinstall the OS. Even if it is a ransomware infection, it will in most cases "just" encrypt files on all the attached drives, but not create any infectious files there. Meaning: Those files are encrypted or ransomnotes, but in most cases completely harmless. There are two types of malware that spread to other drives: [B][COLOR=rgb(65, 168, 95)]Viruses[/COLOR][/B] (in the sense of "file infectors") and [COLOR=rgb(65, 168, 95)][B]worms[/B][/COLOR]. Viruses attach themselves to other files, turning them into malicious files which are also infectious. Those files would be backed up if you copy them to another drive. Worms that spread via drives will often place themselves alongside of the legit files on the disk and trick the user into executing them. Viruses are usually not something your system gets infected with if you have an AV and follow common security practices because they are often old and well-detected by AV software. Drive worms are more common and may also infect systems with an up-to-date AV. Last but not least: You may also have a [B][COLOR=rgb(65, 168, 95)]trojan[/COLOR][/B] and not recognize it as such and do the mistake of backing it up to the drive. That's a program that seems legitimate but has a malware attached to it. It doesn't necessarily infect other files or the drives, but everytime you run the supposedly legit program it will infect the OS again. This happens commonly with beloved adware installers and cracks where the users of those programs refuse to acknowledge the AV detections as legit and may put them into the allowlist for the AV. [B][COLOR=rgb(44, 130, 201)]You should suspect that the infection is a worm or virus if one of the following is true:[/COLOR][/B] [LIST] [*]the detection name contains "worm" or "virus" [*]the detected files are located on USB flash drives, external drives or your drive that is not the OS [*]the detected files are high in number (hundrets or more) and on files that are usually legit, e.g., belong to the operating system [/LIST] [B][COLOR=rgb(44, 130, 201)]Removing an infection:[/COLOR][/B] For most malware it is enough to reinstall the OS. If you know or suspect that your system was infected by a drive worm or virus (file infector), you will have to be very cautious and clean/wipe all attached drives as well as USB flash drives or external drives that were plugged in at the time of after time of infection. Worm infections can be cleaned by having an AV delete all worm related files. After virus (file infector) infection it is recommended to not attempt to repair or fix infected files but wipe everything. Files with an attached virus cannot be turned back to the way they were. Some information in them gets destroyed. Tools that repair those files often leave in some traces of the virus and cause AV software to still detect those files as malicious. [B][COLOR=rgb(44, 130, 201)]Mitigation:[/COLOR][/B] Use an external drive for making backups that is not plugged in all the time. This will prevent the spread of an infection to the drive. It also helps in case of ransomware infection that the ransomware cannot access the backup drive at the time of encryption. [/QUOTE]
Insert quotes…
Verification
Post reply
Top