Unwanted Files Keep On Appearing in My Thumb Drive Even After Being Formatted

Discussion in 'Windows OS and Software' started by Faisal McMissile Damieya, Sep 27, 2017.

  1. Faisal McMissile Damieya

    Faisal McMissile Damieya Notebook Guru

    Reputations:
    0
    Messages:
    73
    Likes Received:
    22
    Trophy Points:
    16
    Good day. I plugged my thumb drive into one of the desktops in my university's library, then all of the existing files 'disappeared' and then these 2 files appear out of nowhere. When I clicked the file named 'FAISAL 4GB (Secured by Kaspersky Internet Security 2017).bat', a new windows explorer appears with the content of the original files that 'disappeared' from the thumb drive.

    At home, I tried to format the thumb drive using my windows desktop, but those 2 files keep on appearing every time I format it, as shown in the photo below:
    [​IMG]

    Those 2 annoying files disappear when I format the thumb drive using a Macbook, but they appear again once I plug the clean thumb drive onto my windows desktop.

    Whenever I plug other new thumb drives onto the windows desktop, those 2 annoying files appear in those 2 thumb drives as well.

    Is my desktop been infected by virus? Is there any way for me to remove those 2 annoying files?

    Since using Windows 10, I only use Windows defender. Please advise if I should get a decent anti virus.

    P/S: One more thing. I tried to create a Windows 10 installation media (for Windows 10 clean-install) using either the infected windows desktops or the thumb drives, but fail. So far, I only succeed creating the Windows 10 installation media using uninfected windows desktop and thumb drive.
     
  2. bennni

    bennni Notebook Evangelist

    Reputations:
    77
    Messages:
    405
    Likes Received:
    232
    Trophy Points:
    56
    A quick idea:

    1. Run the command line utility as administrator (Windows key, type 'cmd' and then right click and select 'run as administrator')
    2. Type 'diskpart' press enter
    3. Type 'list disk' press enter
    4. You'll see the disks and drives connected to the system - make sure you select the right disk...
    5. If you're not sure, run 'compmgmt.msc' and make sure you are selecting the correct disk
    6. Type 'select disk [insert the disk number that applies to your drive]' press enter
    7. if it states 'offline disk on the screen', type 'online disk' press enter - otherwise skip this step.
    8. type 'clean' press enter
    9. run 'compmgmt.msc' and select the USB drive (It will say 'Unallocated')
    10. Right click the drive where it says 'Unallocated' and select 'new simple volume'.
    11. Follow the Windows wizard and select the options that you wish for the drive.
    12: Profit?!

    You can do steps 9,10,and 11 with the command prompt but the wizard works fine.
     
  3. Faisal McMissile Damieya

    Faisal McMissile Damieya Notebook Guru

    Reputations:
    0
    Messages:
    73
    Likes Received:
    22
    Trophy Points:
    16
    Thank you very much for the reply. So far the annoying files still appear after I follow those steps. I think I have to try other methods.
     
  4. Vasudev

    Vasudev Notebook Virtuoso

    Reputations:
    925
    Messages:
    3,679
    Likes Received:
    1,842
    Trophy Points:
    231
    Open cm prompt in admin mode and point to your usb drive mount point or volume name, for example F: then follow these steps:
    • Type attrib -h -s *.* /S /D
    • chkdsk /f /x
    Use the first command to unhide your files and you can see the directories again. Just run a full scan on your PC or check your quarantine to clear or remove all existing or pending threats.
     
  5. Mr.Koala

    Mr.Koala Notebook Virtuoso

    Reputations:
    566
    Messages:
    2,306
    Likes Received:
    564
    Trophy Points:
    131
    Yes.
    Deleting the malicious files will not remove the root cause of the issue. It will just happen again next time.

    You can do a full scan as suggested. However, since there's no doubt the system is already infected by now I would recommend a full OS reinstall if possible, as that's the most reliable way to get rid of the infection. If you can't or don't want to do that, it would be easier to see the content of the batch script, find the malicious binary, and upload it to any online virus scan service to identify the specific virus. Once you have the result we can figure out how to take care of it. A full scan seems unnecessary when you can copy the virus itself easily.

    Next time you see any similar symptom, DO NOT run the executable. Biting the bait would only make the situation worse.

    If you have to use the library computers in the future and you can't control the infection there, take either your MacBook or a Linux live thumb drive with you. Use those tools to safely move the files you want first, and use your Windows desktop to process them later.
     
    Vasudev likes this.
  6. Vasudev

    Vasudev Notebook Virtuoso

    Reputations:
    925
    Messages:
    3,679
    Likes Received:
    1,842
    Trophy Points:
    231
    Any AV LiveCDs from Kaspersky, ESET and Dr. WEB Live CD can remove all those viruses using a ISO burnt to flash drive.
     
  7. Faisal McMissile Damieya

    Faisal McMissile Damieya Notebook Guru

    Reputations:
    0
    Messages:
    73
    Likes Received:
    22
    Trophy Points:
    16
    Thank you very much. I think I need some time to follow this instructions. Btw, yesterday I have installed the Symantec Endpoint Protection subscribed by my university - so far, even that Symantec Endpoint Protection didn't manage to detect that trojan. Will spend some time to do other instructions. Thank you again.

    So far I have tried using the Kaspersky Rescue Disk 10, but the desktop was unable to boot from the USB. Maybe:
    1) the USB preparation procedures that I made was wrong.
    2) or the Kaspersky Rescue Disk 10 was not compatible with the desktop.
    3) or some of the data in the Kaspersky Rescue Disk 10 was corrupted.

    Instead of using USB, I'll burn the ISO file into CD next time.
     
    Vasudev likes this.
  8. Vasudev

    Vasudev Notebook Virtuoso

    Reputations:
    925
    Messages:
    3,679
    Likes Received:
    1,842
    Trophy Points:
    231
    Its a bug in KRD and I did upvote the issue is present on EFI systems and Legacy BIOS on newer hardwares.
    Use Dr Web LiveCD its just as effective as Kaspersky and is updated to recognise NVMe and newer hardwares.
     
Loading...

Share This Page