Most viruses are “shared” trough users: users who connect their USB drive to any infected PC, then connect it on any other, and infect that one (if not infected already). Sometimes the AV won’t do anything, just stand there, eating resources, and not protecting you. Many DO protect you, but while working on a company I found that average users ignore many of the AV notifications, so whenever I install them, I set it to “automatic deletion” if possible. In case there is no “automatic deletion” the best thing to do is teach the users how the notifications work and how to protect themselves.
Now, knowing that, can we trust an AV to protect us from viruses on devices? Sometimes, yes. Viruses evolve as fast as AVs, so an outdated AV = high risk of infection… Of course, this only applies IF you trust 100% that the AV will protect you, but what if not? What if the AV wouldn’t be able detect threats correctly? It’s up to you to do it.
So, how to check for viruses on portable devices without an Antivirus? First of all, most viruses are hidden and Windows’ Explorer is set to don’t show hidden files and folders by default, and most users don’t change this, meaning that most users can’t see hidden files, so let’s start with this premise.
DO NOT OPEN THE USB DRIVE UNTIL YOU SCAN IT.
To see hidden files and folder (in this case a virus) you can either make them visible or use a third-party program. I don’t like interacting with a virus, so I rather use a program to SEE, and only see if and where the virus is located. The best part is that there are two programs that you can use to see these files:
- Chrome
- WinRAR (or any WinRAR-like: 7-Zip, PeaZip, etc.)
Take this as an example:
- Windows’ Explorer only shows two files: the ones that are visible, Anime (folder) and not hidden (a text file).
- WinRAR shows 3 files: Anime (folder), not hidden (text file), and hidden (text file).
- The same goes to Chrome: Anime (folder), not hidden (text file), and hidden (text file).
Now, Chrome won’t allow you to delete files, only see them. Explorer won’t allow you to delete them because it can’t see them. But WinRAR will allow you to see AND to delete these files easily. It will also let you see if a virus keeps reappearing after deleting it, letting you know if you’re already infected.
If you’re already infected, there’s nothing you can do. The best thing, always, is to re-install Windows. But since not everyone is able to do or afford this, the next best thing is to download an AV and running a scan.
If you’re not infected, just delete the hidden files that weren’t created by you. Most common threats/things to delete are:
- .exe files.
- Shortcuts to files in the same directory.
- RECYCLER or folder with random and weird names (zqlrk, avtro, and stuff like this).
- .vb files (like in the first picture).
- Applications with folders as icons.
- AUTORUN.INF <= You must get rid of this, one way or another. If you can’t delete it, backup your files and format your drive.
- In doubt, Google it.
This is the way to check and clean your device without using an AV. This is necessary knowledge since not all computers you’ll use can be trusted. The best part is that you can prevent viruses and delete them as well.
Disclaimer: I’m not saying than an Anti-Virus is useless or not necessary. I’m just teaching how to protect ourselves… or at least that’s the idea.
No comments:
Post a Comment