My friend Cody has a Trojan Virus he doesnt want to format it and lose his stuff is there anyway to clean out the Virus? The only thing i know was that the Virus came from C.S portable 1.6 meaning that the game had the virus and eventually it got into codys flashdrive. Ideas please?. C.S portable 1.6 Meaning Counter Strike 1.6
i watched him loading C.S and when it finished extracting it shows this box saying Trojan Virus after that i told him to restart his computer and found out that nothing wrong except when he plug his USB it wont open .
If you can Isolate the file that is infected then you should be able to clean it before you extract it.
Back It Seems like that he cant open C.S anymore and he cant get into his Flash Drive my advice for him is to get a new one what you think?
Have you tried getting the flash drive on another PC? I think that your AV has it locked down on the current PC.
Open the USB drive on a "disposable" pc (with full up-to date anti-virus). Ensure "hidden files" "hide system files" and "do not show file extentions" are unchecked. "explore" (not open) the contents of the drive and delete every file with the following extention on the Root of the drive: .bat .exe and finally, Autorun.inf Virus scan the whole drive and pc when you are done. I do this every day so i have the technique down to an art.
I don't think it's good idea to plug infected drive to your PC - if there's autorun.inf on flashdrive it might infect registry in your PC as well because WinXP will autoexecute it and make changes to registry even though you keep 'shift' pressed(but at least it won't run virus). Plug flashdrive into your friend's PC. If there are no sensitive data - format it. He can't open flashdrive because virus has probably made changes to registry. But it can be fixed quite easily. 1) open regedit and navigate to: HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ MountPoints2 Inside MountPoints2 is list of all drives and actions associated with them - they are represented by 32 digit string - {###.....}. 2) Now you need to find which one is flashdrive. But it would be good idea to check all of them. When you expand {###} there should be only one of these keys: shell - make sure default value is 'none'. or _autorun - default value: none Delete every value that refers to suspicious .exe file. If there is mess you can delete these sub-keys and keep only 32 digit string key, Windows will create new sub-keys as necessary. When virus change one of these keys you usually run virus when you try to access flashdrive or even HDD because it executes different command(something like this: "rundll32 virus.exe, ###"). After virus is executed it opens up explorer so that everything looks OK. So if you delete virus - windows keeps trying to execute this command but nothing happens, because virus executable is gone. In some cases windows display "missing file" warning message when you doubleclick drive(depends on what command it execute).
You mention it's a portable. Portables are usually made with Thinstall/ThinApp. Some stupid virus scanners flag these portables as viruses. They are false positives, though. What AV are you / he running?
Re:What AV are you/He running Just so you know its cody that has the virus hes my best friend thats why im helping him and its Window XP and the flashdrive is 1gig Lexar
And the antivirus is...? If you have access to a Linux machine that would be immune from the virus so you could scan it / save data from it without risks, otherwise ^what they said
Use a live CD of what ever Linux distro your happy with, and delete the files that you believe are dangerous. That way you don't have to worry about it sneaking in on your other drive.
Problem Solved Silly really what happen was that he copy and pasted every program and folders that were important and reformat his USB it. The USB is able to open now thank you all for the Handy advices . And repasted it back to his USB
Exactly what I was gonna say, I had to use my linux box to clear a virus from my USB that i picked up from college of all places, worked nicely though.
Why not format everything then run an un-format tool and only select the files you need. Not 100% sure that the Trojan could infect your PC from the un-format program, but I would safely say that it wouldn't.
Reavid Thanks for the advice for my friend aready finished formating and its been a couple of days and everything is going well for there is no need more more adivces but i thank you for the idea.
In case anyone else comes across this thread, http://www.precisesecurity.com/tools-resources/adware-tools/flash-disinfector/ - Flash Disinfector works great.
