ninjaflu Posted April 30, 2008 Share Posted April 30, 2008 Someone gave me a USB drive, telling me they'd just bought it but it didn't work on their PC so could I try it on mine to see if it worked. It was an Archos ARCDrive 4gb like this: hxxp: www. amazon. com/Archos-ARCDrive-Hard-Drive-USB/dp/B0007KVK84 I plugged it in without much thought (silly me). XP recognised it as a removable drive and installed the drivers automatically. Then I can't remember exactly what i did. . . I think autorun(?) started (as in searching for the type of files on the drive before it asks what I want to do) but I cancelled it and went to My Computer and tried to open the drive from there. But maybe I waited for autorun(?) to finish and then clicked on "open folder to view files". I can't remember for sure but I think I canceled it (whether or not that makes any difference I don't know. . . ) Anyway, when I tried to open the drive, Windows Explorer locked up for a while. During this time, the light on the usb drive was flashing as though there was a lot of activity on it. This lasted for a minute or two and eventually I got a prompt telling me the drive was not formatted and did I want to format it. I clicked No. Does it sound like a possibility? I've read around a bit but haven't seen any mention of the formatting thing anywhere. Could that have been added intentionally? Is there any way to know for sure? Would any traces have been left anywhere? I've checked to see if any user accounts had been added to XP but it doesn't look like it. Or could this all be normal behaviour for a faulty or non formatted drive and I'm just being Paranoid? Thanks in advance for any input. Quote Link to comment Share on other sites More sharing options...
Supervisor Posted April 30, 2008 Share Posted April 30, 2008 There is in the forum a anti swichblade dont remembear the spesefic name of that, but seacrh you will find it and run it. Just to make sure you not infected or something. Hope everything will be ok. Supervisor Quote Link to comment Share on other sites More sharing options...
sablefoxx Posted April 30, 2008 Share Posted April 30, 2008 Honestly is sounds like a bad USB drive to me... Quote Link to comment Share on other sites More sharing options...
SomeoneE1se Posted April 30, 2008 Share Posted April 30, 2008 it's not even U3 so unless you clicked on something you did not get hacked, you're safe... at this time you should install some sort of anit-virus so that you don't have to worry about it again. Quote Link to comment Share on other sites More sharing options...
Sparda Posted April 30, 2008 Share Posted April 30, 2008 You arn't letting windows waste enough of your time. Quote Link to comment Share on other sites More sharing options...
ninjaflu Posted April 30, 2008 Author Share Posted April 30, 2008 Ok thanks, you've nearly put my mind at rest :-P I do have Nod32 AV but thought I'd read that this didn't get picked up by most AVs. I also thought I'd read somewhere that even with a non U3 drive there was a way of running it without having to click on anything? Is that not correct? Even with other similar exploits? (ie not switchblade but others that do similar things?) How do these things normally manifest themselves on the infected PC? Is it completely invisible? Does my Windows Explorer lockup and the formatting window not coincide with the symptoms? Also, if I run the antidote and it turns out I haven't bene infected, do I risk breaking anything? Cheers Quote Link to comment Share on other sites More sharing options...
Sparda Posted May 1, 2008 Share Posted May 1, 2008 You arn't letting windows waste enough of your time. I am actually being serious if no one realised. If you plug in a slowish memory stick into a computer running windows, and the stick happens to contain allot of files windows can 'understand' (images and audio files mainly), you will get strange 'access denied' messages until windows has finished parsing the stick for the files it contains, even if you click 'cancel' to the auto run file scanner thing and windows ultimately does nothing with the files because you pressed cancel and the window disappeared long ago. Hence "You arn't letting windows waste enough of your time.". Quote Link to comment Share on other sites More sharing options...
nicatronTg Posted May 1, 2008 Share Posted May 1, 2008 I can't find it, but Moonlit created an Anti-USB application, that protects against USB based hacks. Just thought I would mention it, for future reference. Quote Link to comment Share on other sites More sharing options...
moonlit Posted May 1, 2008 Share Posted May 1, 2008 http://www.freewebs.com/mloiotn/AntiUSB.rar That one? Complain about the hosting and die. Quote Link to comment Share on other sites More sharing options...
SomeoneE1se Posted May 1, 2008 Share Posted May 1, 2008 http://www.freewebs.com/mloiotn/AntiUSB.rar That one? Complain about the hosting and die. you hosting suck wait until I get home and I'll mirror it here http://the.grayhatter.com/moonlit/AntiUSB.rar Quote Link to comment Share on other sites More sharing options...
nicatronTg Posted May 3, 2008 Share Posted May 3, 2008 http://www.freewebs.com/mloiotn/AntiUSB.rar That one? Complain about the hosting and die. Yes, that one. Free mirror: http://nicatrontg.awardspace.com/mirror/AntiUSB.rar Quote Link to comment Share on other sites More sharing options...
moonlit Posted May 3, 2008 Share Posted May 3, 2008 Thanks for mirroring. :) Quote Link to comment Share on other sites More sharing options...
Xarf Posted June 29, 2008 Share Posted June 29, 2008 Can anyone vouch for this app? Has anyone decompiled and checked it for nasty suprises? Just asking before I use it, Thanks Quote Link to comment Share on other sites More sharing options...
Sparda Posted June 29, 2008 Share Posted June 29, 2008 Has anyone decompiled and checked it for nasty suprises? I'm sure decompiling it in to assembler makes such things so easy. Quote Link to comment Share on other sites More sharing options...
Xarf Posted June 29, 2008 Share Posted June 29, 2008 Sorry, I don't quite understand how that helps to answer my question. Quote Link to comment Share on other sites More sharing options...
moonlit Posted June 29, 2008 Share Posted June 29, 2008 Can anyone vouch for this app? Has anyone decompiled and checked it for nasty suprises? Just asking before I use it, Thanks Sorry, I don't quite understand how that helps to answer my question. Since no-one else is answering, I guess I will. It won't mean much coming from me, but I can assure you that there is no malicious code in that app. I only have my position as moderator to offer as assurance that I'm not a malware writer and even that doesn't say a lot. I understand your concern though, I would be just as suspicious of random downloads (though, this is the USB Hacks section, random poisoned downloads is pretty much the reason this subforum exists...) The source is available in the appropriate thread, I think I put it in the Applications and Coding subforum. I had a little trouble uploading the ejector tool source though, so you'll have to take my word on that part. Anyway, I suggest if you hang out in places like this that you make good use of emulators and virtualisers, or if you have them, spare machines with disposable OS installations on them. That way you don't have to worry about malicious software because if something shows up then you just zap the OS and you're back to normal. As for the app, just make sure you read the readme and all will be well. Quote Link to comment Share on other sites More sharing options...
Sparda Posted June 29, 2008 Share Posted June 29, 2008 Sorry, I don't quite understand how that helps to answer my question. I was been sarcastic. Decompiling programs basically only makes the job of analyzing software slightly easier, the code is hard to understand because it was thrown together by a compiler. The way companies that look for software that does things' it probably shouldn't is run the program and see what it does, it's far easier to do it that way than trying to understand the assembly code of the program that was created by. If some one did embark on such a project, they would run in to all kinds of problem not including the problem of understanding assembly. For example, the actual program that dose the 'some thing' could be encrypted inside a wrapper program. Basically, it's a waste of time. Quote Link to comment Share on other sites More sharing options...
Xarf Posted June 29, 2008 Share Posted June 29, 2008 Thanks for the replies. I didn't know that the app was written by you, moonlit, hens the asking. However, I believe that testing the app on a VM will do little if there's a well thought out keylogger built in. That said, I'm using the tool now. Thanks Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.