Trojan on my Cruzer Thumbdrive.

[parkgranterson]

I recently helped my friends reinstall Windows XP Home due to a Trojan that wrecked the OS. I couldn't get rid of it for the life of me. It was the easiest thing for me to do. The only thing they wanted saved on there were a few gigs of pictures. I copied over only the photos. After I reinstalled Windows, I install all the drivers and an anti-virus program (Avira freeware). I wanted to transfer the images back over to the fresh install, once I plug it in, Avira starts alerting me to a trojan on my fresh install. Then MS Antispyware 2009, a program I did not install, is now present on this fresh install. I know this program is no good as well.

First off, did all of this transfer over from the thumbdrive?

Second, is there any way I can get the photos off of there without dragging this trojan with them?

I was planning on reinstalling Windows XP again, just to be safe for them. What do I need to do to get them a clean install of XP and these photos?

I just want to say in advance, thanks for any advice or tips. I visit these forums frequently, even though this is a new profile I always find good advice here. However, I am no good at this trojan and virus stuff, I've managed to avoid it on my home pc for a while now.

 

[mechBgon]

I would do this:

1) reinstall WinXP from scratch. If the WinXP disc is not at Service Pack 2 level or beyond, then refer to the instructions here so it isn't exposed to attack before you're ready.

2) after installing WinXP and making sure firewall protection is in place, run it through the Microsoft Update site as many times as needed to fully update it.

3) now install Internet Explorer 7 from here. Run Microsoft Update again to ensure it's fully patched.

4) disable AutoPlay as shown here. This prevents auto-execution of malware from that thumb drive.

5) fully enable Data Execution Prevention system-wide as shown here.

6) create an additional new user account and then change it to a non-Administrator account, called a "Limited" account on WinXP. Instructions here. A non-Admin account is an unloaded weapon... this is the one you'll use when you access the thumb drive.

7) Install your antivirus software and get it updated. In the case of AntiVir, now right-click its tray icon and choose "Configure," then hit the Expert Mode checkbox and methodically go down the entire settings tree to max out all the options, including Heuristics and the optional spyware/adware detection :camera:.


Now log on with the non-Administrator account, not the Admin-level account, plug in the thumb drive and scan it with the antivirus software. Deal with any threats that are detected, then rescue the photos and stuff.

 

[parkgranterson]

Thank you for the detailed information! I will give this a try and let you know how it turns out.