It has been less than a month that Microsoft has ended official support for Windows XP, and already an exploit has been discovered. Microsoft has provided warning to users that hackers have discovered a very critical and unpatched Windows vulnerability involving USB flash drives that have been infected. This is the first exploit to hit Windows XP Service Pack two, and when Microsoft finally discovers a fix for the infected USB flash drive problem, they will NOT send out a security fix or patch for a machine still running Windows XP Service Pack 2.
Following are instructions for removing USB borne viruses but they may not be successful depending on the strain you have picked up. These instructions require downloading 2 free products – RKILL and SuperAntiSpyware (links below). As always make sure your antivirus software is current, and optionally, disable Autorun on your system to prevent any USB drives to automatically execute when plugged into your system.
Following are some instructions that we have used to remove these USB viruses.
(click on the first blue “Download Now” button)
Steps to remove the threat:
1. Reboot the PC into Safe Mode with Networking
(press F8 during startup to bring up the menu to choose Safe Mode)
2. Start the Windows Task Manager (Ctrl-Alt-Del) and manually terminate any virus-related processes. These would be any processes that you don’t recognize. Don’t terminate explorer.exe, but in general you can terminate most others. Windows will not let you terminate any processes that it needs to keep running. Optionally you can skip this step and try your luck by continuing with the remainder of these instructions.
3. This virus may hide all the files on your computer and on the desktop. If the files on the Desktop and in My Computer are hidden, change the attributes of the drive in question to show the hidden files
- Browse to Start >> Run, and type “cmd”
- Type “cd\” and press Enter to browse to the root of the hard drive (C:\)
- Type the command “attrib -s -h /S /D” and press Enter to un-hide all the files & folders. Be sure to include the spaces after attrib and after each attribute.
4. To make sure the virus is not running, start the “RKILL” program and let it run to completion. This should take less than 5 minutes to complete (usually closer to 1 minute).
4.5. If RKILL fails, or if you are unable to run any Executable programs (.exe files), you will need to fix the .EXE exensions using the following script:
(download the file to your desktop and run that file to make the necessary changes to allow .EXE files to run)
5. Once RKILL has completed, install, update, and run a Full Scan using SuperAntiSpyware. This program should detect the virus and present the option to remove it once the scan is complete.