Removing Pen Drive Viruses

Tired of the viruses coming over and over again in your pen drives or removable media? Know where they come from and how to tackle them
| Friday, September 05, 2008

(This article may be outdated, although some points may still be valid.)

Troubled by the viruses coming again and again on your pen drive or other removal storage devices? Well, read through and you would be able to remove them from your pen drive or other removable storage device.

Where do viruses comes from?

The virus may had come from a friend's computer or a internet cafe you visited recently. Most of these viruses which spread themselves through removal storage media are at first loaded in the system itself. These viruses infect your removable storage drives as soon as you plug them in. Some of these create applications which have icons exactly similar to your folders. So, people often mistakenly double click them. This loads the virus in their system memory as well. Viruses may set themselves to autorun as soon as you plug in your removable device by which they are capable of infecting it and spreading further. I have mentioned a series of steps below which will help you prevent and remove viruses from your system and pen drives or whichever removable devices you have.

Remove them from the memory first

You need to find yourself a good antivirus scanner for this. I strongly recommend the ones below:

  1. ZoneAlarm
  2. AVG
  3. Avira Antivirus

Most often these viruses get updated more quickly than anti viruses do, so we can use some other tools which can aid us in removing them from memory. You can try to find some spammy windows processes and terminate them before attempting to download an anti-virus. Hijackthis, GMER, Roguekiller, etc. can be handy to achieve this.

If you are wondering which processes to kill, I would suggest you look out for this ones:

# 1.exe

# logon.exe

# slsk.exe

# actalert.exe

# lsas.exe

# sms.exe

# adm4005.exe

# lsass32.exe

# smsss.exe

# a.exe

# lssas.exe

# soproc.exe

# aq3hel~1.exe

# ma.exe

# spollsv.exe

# arupld32.exe

# matcli.exe

# spooler.exe

# asm.exe

# mediagateway.exe

# spool.exe

# asmonitor.exe

# mfc71.dll

# spools.exe

# backweb.exe

# microsoft.exe

# spoolsrv.exe

# bargains.exe

# mm.exe

# spoolsvc.exe

# basfipm.exe

# mmm.exe

# sqlserver.exe

# belt.exe

# mousedrv.exe

# sr.exe

# bil.exe

# mrtstub.exe

# sservice.exe

# bmupdate.exe

# msbb.exe

# ssk.exe

# bpk.exe

# msblast.exe

# start.exe

# cdaengine0500

# msmgs.exe

# susp.exe

# cds.exe

# msmsg.exe

# svch0st.exe

# cfmon.exe

# mspmspv.exe

# svchosts.exe

# check.exe

# mssearchnet.exe

# svchot.exe

# cmesys.exe

# mtask.exe

# svhost.exe

# cmrss.exe

# mwsoemon.exe

# svshost.exe

# crss.exe

# nail.exe

# sychost.exe

# crsss.exe

# navapp.exe

# sysmonitor.exe

# cryptfg.exe

# netmon.exe

# syspools.exe

# csrrs.exe

# netsurf.exe

# system32.exe

# ctfmon32.exe

# netsvc.exe

# sysupd.exe

# dcomcfg.exe

# nls.exe

# taskbar.exe

# ddcman.exe

# nsvsvc.exe

# taskmon.exe

# desktop.exe

# ntosa32.exe

# tbon.exe

# dfrgsrv.exe

# nvcpl.exe

# tbps.exe

# dinst.exe

# nvsc32.exe

# tool.exe

# dlhost.exe

# optimize.exe

# udcpas.exe

# dssagent.exe

# p2p networking.exe

# udcsdr.exe

# dw.exe

# p2pnetworking.exe

# umxfwhlp.exe

# exec.exe

# picsvr.exe

# updater.exe

# exp.exe

# plscd.exe

# updmgr.exe

# explore.exe

# pmmnt.exe

# vsnpstd2.exe

# explorere.exe

# pmmon.exe

# wauclt.exe

# fc.exe

# pmsngr.exe

# wdfmrg.exe

# fph.exe

# pmsnrr.exe

# wfdmgr.exe

# fservice.exe

# poker.exe

# whagent.exe

# gmt.exe

# powerreg

# whsurvey.exe

# gui.exe

# powerreg scheduler.exe

# win32.exe

# hbtv.exe

# pro.exe

# win.com

# hnm_svc.exe

# resetservice.exe

# winctlad.exe

# ibm00001.exe

# rk.exe

# winlogin.exe

# iexplorer.exe

# rlvknlg.exe

# winmain.exe

# install.exe

# rundl32.exe

# winnt.exe

# inst.exe

# sacc.exe

# winotify.dll

# isamini.exe

# sais.exe

# winshost.exe

# isamntr.exe

# sass.exe

# winstall.exe

# isamonitor.exe

# scchost.exe

# winsys2.exe

# isass.exe

# schedulingagent

# winsys.exe

# istsvc.exe

# scrss.exe

# winupdate.exe

# kernel32.exe

# scvhost.exe

# winupdates.exe

# keygen.exe

# senslogn.exe

# wsys.exe

# lass.exe

# servic.exe

# wtoolsa.exe

# license_manager.exe

# shmgrate.exe

# wupdt.exe

# lockx.exe

 # xhrmy.exe

# zango.exe

Disable autorun

To disable autorun in Windows XP:

  1. Open run dialog (Windows Key + R), type gpedit.msc and press enter
  2. Under computer configuration, double click administrative templates and then click system.
  3. On the right pane, find Turn off Autoplay and double click it
  4. Click on enabled radio button and below it select All drives. Finally, press ok

To disable autorun in Windows Vista/7:

  1. Open control panel and open AutoPlay options
  2. Uncheck the Use Autoplay for all media and devices option
  3. Click save and close the window

Extra measures

To be sure that the virus doesn't get executed, scan your pen drive or other removable storage device with an anti virus software. Just remember to have a good anti virus program running always and keep it updated. You can also use a nice software called WinPatrol which will alert you whenever a new program is added to start with windows. This way you can prevent viruses to start automatically when windows start.

   
Subscribe to RSS Feed
Subscribe to RSS feed for Computer Troubleshooting category.
Search Articles