Detecting Firmware Infection : Prelim start@Google's VIRUSTOTAL

1.   The severity in cases where firmware is already infected at the time of first purchase by the user is now being realized over the years. Be it the Dell server case , Seagate firmware case , Equation Group , Proof of Concept for even Macs , NSA revelations by Snowden and the list is pretty long to workout.Over various discussions and forums I read across I could never get any kind of implementing a solution to detect a threat at the firmware level not before I read about about the first such attempt via Google VirusTotal.

2.   Google’s VirusTotal service has come-out with a new tool that analyzes firmware, the low-level code that bridges a computer’s hardware and operating system at startup. The new tool will label firmware images as either legitimate or suspicious. It can also extract certificates attached to firmware and if there are other executable files inside of it. The tool can extract portable executables (PEs) inside firmware since these could sometimes be a source of malicious behavior. 

“These executables are extracted and submitted individually to VirusTotal, such that the user can eventually see a report for each one of them and perhaps get a notion of whether there is something fishy in their BIOS image,” Santos wrote. 

3.   It will now be possible for people to extract their own firmware and submit it to VirusTotal, which has the potential to create a database of various firmware images that could contribute to research into bad ones. 

4.    No details could be fetched across of how it actually works.But happy about there being a kind of first.More options wil arise after this circulates around and we have a secure eco-system of web.

Online Malware Analysis Tools : Listed with links

1.   Typically analyzing malware requires a great deal of knowledge in computers and expects basic knowledge of terminal commands,configuring the tool correct and right usage of advanced tools. As seen in my last post about Cuckoo usage and configuration,it is actually complex and confusing at times,now what if one can use Cuckoo without doing anything like that..no installation,no configuration,no testing and bugging...one can directly use Cuckoo directly for a sample file analysis.As we realize the power online tools,its becomes actually easier for anyone to analyze a file’s behavior by simply uploading the file to the free on-line services for automated analysis and review the detailed and yet easy to understand report.This way not only the analyst gets a quick report and analysis but more importantly he gets a variety of reports which can be compared and analyzed further leading to expedited pace of understanding and clarity of the malware architecture and working.Here I list out my choices of best on-line file/malware analyzers that can be used for free with address and screenshots of sample usage....

2.   ThreatExpert at http://www.threatexpert.com/submit.aspx

ThreatExpert is an advanced automated threat analysis system designed to analyze and report the behavior of computer viruses, worms, trojans, adware, spyware, and other security-related risks in a fully automated mode.In only a few minutes ThreatExpert can process a sample and generate a highly detailed threat report with the level of technical detail that matches or exceeds antivirus industry standards such as those normally found in online virus encyclopedias. 

3.   Wepawet at http://wepawet.iseclab.org/

Wepawet is a free service, for non-commercial organizations, to detect and analyze web-based threats. It currently handles Flash, JavaScript, and PDF files.But the upload size of the file is limited to 2 Mb and below.

4.   IObit Cloud at http://cloud.iobit.com/

IObit Cloud is an advanced automated threat analysis system. It uses the latest Cloud Computing technology and Heuristic Analyzing mechanic to analyze the behavior of spyware, adware, trojans, keyloggers, bots, worms, hijackers and other security-related risks in a fully automated mode

5.   Comodo Instant Malware Analysis at http://camas.comodo.com/

Comodo Instant Malware Analysis is one of the easier to use and understand online sandbox service wherein no submission form is required nor an email address nor solving a CAPTCHA code. Simply browse the file that you want to analyze in Comodo sandbox, tick the box to agree with their terms and click the Upload file button. The file will then be analyzed in real time and the report page will continuously refresh by itself until the analysis has been completed.

6.     ViCheck at https://vicheck.ca/

Vicheck.ca is an advanced malware detection engine designed to decrypt and extract malicious executables from common document formats such as MS Office Word, Powerpoint, Excel, Access, or Adobe PDF documents. ViCheck will detect the majority of embedded executables in documents as well as common exploits which download malware from the internet.ViCheck is a free service designed to help the public detect new sophisticated malware which is often difficult to detect with common commercial anti-virus programs.

  7.   Anubis at https://anubis.iseclab.org/

Anubis is another popular online service to analyze unknown Windows executable files. Four report formats (HTML, XML, PDF and Text) are available to download once the analysis has been complete.

8.   GFI Threattrack at http://www.threattracksecurity.com/

GFI SandBox is meant for OEM or cloud providers and fortunately they’ve created a webpage that offers free analysis called ThreatTrack which uses their sandbox technology. ThreatTrack supports analyzing any Windows executable file, office documents, PDF files and even flash ads that is mostly not accepted by other online sandboxes.

 9.   Joe sandbox cloud at https://www.file-analyzer.net/

Joe Sandbox is the automated malware analysis system which implements any state of the art program analysis technology from coarse to fine grained including dynamic, static and hybrid. Joe Sandbox’s analysis spectrum enables to discover any behavior including hidden or obfuscated parts.

10.   EUREKA:An Automated Malware Binary Analysis Service at http://eureka.cyber-ta.org/

Eureka is a binary static analysis preparation framework. It implements a novel binary unpacking strategy based on statistical  bigram analysis and coarse-grained execution tracing. Eureka incorporates advanced API deobfuscation capabilities to facilitate the structural analysis of the underlying malware logic.

11.   XecScan   at http://scan.xecure-lab.com/

The Xecure Lab Scanner (XecScan) gives the security community and general public on-demand analysis of any suspicious document file where no installation or registration is required to enjoy the service. Though it’s free, XecScan is capable of finding advanced malware, zero-day, and targeted APT attacks embedded in common file formats.

12.    Malwr at https://malwr.com/submission/ [Based on Cuckoo]

Malwr is a free malware analysis service and community launched in January 2011. One can submit files to it and receive the results of a complete dynamic analysis back.Malwr is operated by volunteer security professionals with the exclusive intent to help the community. It's not associated or influenced by any commercial or government organization of any sort.Malwr is mainly based on an open source malware analysis tool called Cuckoo Sandbox as explained in my last post at http://anupriti.blogspot.in/2015/09/cuckoo-sandboxautomatic-malware.html

In fact as you google,you will find thousands of links and websites offering free online malware analysis but one has to be careful too while submitting any file to such sites.......so happy analyzing for now.....

APT 28 :Cyber Espionage and the Russian Government?

Russia may be behind a long-standing, careful campaign designed to steal sensitive data relating to governments, militaries and security firms worldwide.This presentation based on a report made public by FireEye (report here)brings an over view of their opinion.....uploaded here just for general info to understand how its all happening in the dynamic and vibrant world of CYBER ..!!!!

VPN: Graduating to NECESSITY!!!!

1.   Years back in India some where in 1990's...computer was still a rich men's possession...so was the case with plain mobiles graduating further to smart phones..but over the years today both are part of routine possession of every one...PCs/Laptops/Tablets today have entered almost all domains of most of the minutes we spend with our eyes open...whether it is office...studies... entertainment.. personal life... everything...The growing dependence has made new problems too...prime being PRIVACY.The privacy issue has recently taken a more serious note with so many Cyber Espionage operations coming in open...wiki leaks happening...Snowden out in open with his story ...government backed cyber traffic monitoring projects incl few as mentioned below :

    PRISM
    ECHELON
    Carnivore
    DISHFIRE
    STONEGHOST
    Tempora
    Frenchelon
    Stellar Wind
    Fairview
    MYSTIC
    Bullrun
    Upstream
    

2.   The above list is actually endless with specific aims of collecting information in form of call records,location mapping,building profiles....all happening in the name of building Intelligence for the safeguard of respective individual nations.There is no way one naive citizen without a tech background of any country can safeguard himself from all above operations and projects.In recent times.....VPN has been increasingly showcased across various forums and even by the likes of Snowden and Julian Assange who have used it in their routine transactions of email...Skype and messaging someone..

VPN is a network that is constructed by using public wires — usually the Internet — to connect to a private network, such as a company's internal network.  There are a number of systems that enable you to create networks using the Internet as the medium for transporting data. These systems use encryption and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.

3.  Now with the growing paranoia and due concern of Cyber Security and Privacy in general public too,the option of VPN has started gaining due focus....with free VPN Services in abundance...like openvpn, freevpn, vpnbook,Shrew Soft, Comodo Unite and the free/basic version of Hamachi etc...the lure is only becoming more tempting. Most people are coming out of the typical mindset of VPN being only a corporate protocol for business travellers and people who work remotely.VPN is thus gradually moving from an option today to a necessity.The good thing is that even the paid VPN services are not so costly to make an impact on pocket.With a VPN configured in ur PC/Laptop...u r rest assured safe from prying eyes of free wifi zones at Coffee shops or places like at airport.

Does VPN imply 100% Safety for the user?

4.   Like all security solutions, even the securest of VPNs can be compromised surprisingly since if the user is keen enough/careless to download malicious files, which is why the onus lies finally with the user habits of surfing safely.A VPN only makes sure that the traffic from user end is encrypted from third party eyes...it does not defy the need for Anti-virus software’s which are primarily responsible for detecting Virus/Malwares etc

Keep Changing Your Antivirus : CRUDE but EFFECTIVE Solution to curb Virus menace

1.    We all understand the importance of anti virus today.From a naive user point of view, a user can go for the cheapest of the lot or may be if some one is worried enough he would go for the costliest one....but does that matter in an overall context? I mean w.r.t to the serious business model that this antivirus corporate sector has emerged like....lets see it here down below that brings out the country association of each leading antivirus company :

AVG                                                        :  Czech Republic

Kaspersky                                                :  Russia

Avast                                                        :  Czech Republic

Norton Symantec                                      :  U.S

Avira                                                         :  Germany

E-Set                                                        :  Slovakia

F-Secure                                                   : Finland

McAfee                                                     : U.S

MSE(Microsoft Software Essentials)          :  U.S

Panda                                                        :Spain

2.   Sadly we see,there are no Indian companies in this short list.Besides these,if we get specific to India we can quote two companies viz : Quick-heal and K7 Computing..well....that's not the point that I am here to share....the thing to note here is that all these leading companies have got a affiliation with some other country and none is Indian.So when we blindly load a antivirus or a internet security suite in our systems just on faith and word of mouth publicity from peers and friends...are we doing the right thing ? Do we know what is running in the background ? In the name of uploading our dumps what actually goes to their servers? What information does it contain?How does that company identify a virus or a malware?what's the logic that finds a virus?...all these questions are critical because this all is happening in our own machines.....but most of us hardly bother about all this...coz we have faith!!! :-)...and also because there are no standards existing for defining a QR for a antivirus....there is none to cross check what's being cooked?

3.  Besides having a question mark  on the privacy issues...lets think about the logic being applied or the signatures being released to thwart the known threats....but do we know that more then the known virus list it is the ZERO DAY threats that are getting serious by the day....off-course few bright companies are trying to check that by working on behavioral aspects of a virus or a suspected file...but that has it's set of constraints and is often limited in detecting....so whats the solution.....i recommend using all trial versions for a month each of all leading companies that will pass your one year and then format your windows PC and then start again.....a cheap...crude method of using the best without spending a penny!!!!!!!!!!!!

4.   By the way,just for info...virus detection by various companies have their own speeds...a company like kaspersky may be able to detect a virus soon and another company may detect it later or may not even at times detect one....and this time lag of detection is critical to all users!!!!!a second of compromise is enough on your PC with loads of bytes to upload in a matter of a seconds!!!

Comments invited!!!!

Apple Needs a Doctor : Bitten by JAVA - 2

1.    The Flashback fiasco,as discussed in brief here, was the catalyst for one of the most meaningful decisions Apple made in order to beef up OS X security ie Removing JAVA. "Flashback both led to Apple removing Java from their default installs, and prompted them to release a dedicated cleanup tool," security researcher (and former security engineer for Obama for America) Ben Hagen told Ars. "When an OS vendor releases a dedicated cleanup tool, you know things are bad.The removal of Java was a very Interesting decision and de facto statement by Apple. Java on user systems has become a notorious vector for exploitation; with new, remotely executable vulnerabilities coming out several times last year," Hagen said. "Removing Java both simplifies Apple’s position and provides a safer default state for its users."[Source : http://arstechnica.com/].

2.    Another key decision taken by apple apart from disowning JAVA was endevor to signed security model for apps ie restrict the origin of third-party apps installed on the system, therefore protecting the user from inadvertently installing apps from malicious or unknown sources.Called Gatekeeper, this feature required Apple's developer ecosystem to either sign their apps with a registered certificate—holding them at a higher level of responsibility for when things go haywire—or selling their wares through the Mac App Store and giving Apple its 30 percent cut. [Source : http://arstechnica.com/].

3.   Java is a veri popular program and is used by millions of users worldwide in Windows, Mac and Linux operating systems and in mobile and television devices. It is this popularity that has made it a favorite target of the hackers.So today when we cannot surf without enabling JAVA.....apples decision is indeed a tough step....for those of you who do not realise the importance of JAVA...just try surfing the web disabling JAVA scripts in your browser...u will be surprised you will be prompted at every step to ensure a successful loading of most of the web pages....In fact the U.S. Department of Homeland Security advised computer users to temporarily disable or uninstall Oracle Corp's Java software, stating that a serious flaw in the software could make the system vulnerable to hacking.The warning came in an advisory posted on the department’s website amid the escalating fears and warnings from the net security experts about a flaw in Java Runtime Environment (JRE) 7 and earlier versions that allows the hackers to install malicious software and malware on computers.The vulnerability is so dangerous that the Department of Homeland Security's Computer Emergency Readiness Team urged the people to stop using the software immediately to mitigate damage.Source : [http://www.ibtimes.com/]

4.   So...did u just start thinking of disabling JAVA?????

Apple Needs a Doctor : Bitten by JAVA - 1

1.   The year last ie 2012 was full of various security OS issue like it has always been over years...but one landmark news that made waves was the flashback malware that hit APPLE's Mac that has been long promoted as a safer OS amongst other peer competitors.But as always SIZE DOES MATTER..so as APPLE and market share grew, it became more proner. Dr  Web said that an estimated 600,000 Macs were as of April 2012 infected as a result of users unknowingly installing the FlashBack malware.So before I move ahead...here's a simple FAQ compiled to understand more about FLASHBACK :

What exactly is Flashback?

-  Flashback is a form of malware designed to grab passwords and other information from users 

-  Spread through Web browser and other applications such as Skype. 

-  The user typically mistakes it for a legitimate browser plug-in while visiting a malicious Web site. 

-  At this point, the software installs code designed to gather personal information and send it back to remote servers. 

Apple needs a DOCTOR

When did it first appear?

-  End of September 2011

-  Pretending to be an installer for Adobe's Flash the malware evolved to target the Java runtime on OS X, where users visiting malicious sites would then be prompted to install it on their machine in order to view Web content. 

What has Apple done about it?

-  Apple has its own malware scanner built into OS X called XProtect. 

-  Since Flashback's launch, the security tool has been updated twice.

-  A more recent version of the malware, however, got around XProtect by executing its files through Java. 

-  Apple closed off the malware's main entry point with a Java update on April 3, and has since released a removal tool as part of a subsequent Java update.

How do I tell if I have it?

-  Right now the easiest way to tell if your computer has been infected is to head to security firm F-Secure and download its Flashback detection and removal software. 

Detecting a MALICIOUS PDF:PDFid @ BACKTRACK 5 R3

Here is the Screen cast of the past link on "Detecting a MALICIOUS PDF:PDFid @ BACKTRACK 5 R3"

Detecting a MALICIOUS PDF:PDFid @ BACKTRACK 5 R3

1.    Adobe, who gave us the the ever comfortable PDF..thats the "Portable Document Format" in the early 1990's never thought like how this can become a security threat by the simple action of opening it only....yess!!!this post will give a small insight of how things really work behind the scene in execution of a malicious PDF....

2.  So first of all...how a PDF becomes a malicious document?The answer to this question is simple embedding of a JAVA SCRIPT, that is not seen but only executed once a PDF is opened....no antivirus will be able to identify of what malicious thing lies behind a normal PDF that u and me use daily...so if u scan a malicious PDF with your Antivirus,it is veri unlikely to be caught....how do we know then whether a PDF is malicious or not?...thats what this post shows here....I came across a tool known as PDFid in the BACKTRACK R3 that I was running in Virtual Box.

3.   Few lines about the tool....this was developed by Didier Stevens who blogs at http://blog.didierstevens.com/.So this helps us to differentiate between PDF Documents that could be malicious and those that are unlikely to be....The tool is based on the fact that that a  typical PDF File comprises of header, objects, cross-reference table (to locate objects), and trailer.So , if there is a tool that can find out if any one of them is available in this PDF...things can become easier...so like for example...if a PDF that has no purpose of embedding or holding a JS inside it,then a eye brow raise is certain as to why should it be there....so PDFid tool comes to rescue us out of this question...First the typical structure of a PDF with its one line explanation is given below :

“/OpenAction” and “/AA” (Additional Action) specifies the script or action to run automatically.

 “/Names”, “/AcroForm”, “/Action” can also specify and launch scripts or actions.

“/JavaScript” specifies JavaScript to run.

 “/GoTo*” changes the view to a specified destination within the PDF or in another PDF file.

 “/Launch” launches a program or opens a document.

“/URI” accesses a resource by its URL.

“/SubmitForm” and “/GoToR” can send data to URL.

“/RichMedia” can be used to embed Flash in PDF.

“/ObjStm” can hide objects inside an Object Stream.

4. So now I have set up a VB machine running BTR3 that would run this tool and find out if the PDF that I have analyzed is malicious or not? These are the screen shots showing a step by step scene of how u do it....

(Click on the Image to ENLARGE)

(Click on the Image to ENLARGE)

(Click on the Image to ENLARGE)

(Click on the Image to ENLARGE)

5.   So the last screen shows the final result...for those of you who find this little complicated I will upload a video cast of this soon....

6.   Thanks http://blog.didierstevens.com and http://zeltser.com

McAfee : Runs on Windows/Linux and from Police

1.    Strange is the heading and so is the story....according to the news doing the rounds in cyber space.Anti-virus software pioneer John McAfee says he is moving every four hours to avoid Belizean police who wants to question him about the murder of his neighbor, a fellow American....how true or untrue is this ...m no one to comment....but being an ardent McAfee user for long on my various VMs....I would like to wish him the best.....more on the story that I read from is available here.....

Do all ANTIVIRUS companies research independently ?

1.   Ever wondered how a Antivirus signature is made? Not so difficult actually....the answer goes like you detect a virus and then make a anti dote for that and subsequently release it as a signature.But as you think at a slightly larger level...i mean signatures being released by various antivirus companies for the same virus.Does each antivirus company re invent the wheel for each virus every time a new virus is detected..... Do they actually work differently to first find and then create a signature separately....Are all the viruses/malware's created by various hackers and agencies detected independently by all these antivirus companies?I doubt...!!!!But if my doubt is incorrect, then it is a SAD issue.....Because with the speed of population explosion of these various malware's and viruses....there can not be so many separate fighters and if there is one way to fight this gigantic threat...these all antivirus companies have to fight together...We should indeed realize that the threat is not individually existing to you and me but it exists to US...ie not United States...but you and me together ie ALL OF US....:-)

2.  But fighting together will not be so easy as the Economics of this War will defy competition ...so is there a need of funding at national level or at cross country level?Will it one day become a UN issue....ha ha ha!...like poverty..food scarcity and other issues being undertaken by UN,will there be a day when UN funds these antivirus companies because global dependency on IT is increasing and so are all vulnerable to so many threats.....:-)

3.   The earlier this is made a common issue...the more safer will the world become in future...because this threat is common to world...so should be the solution...

FLAME on way to commit SUICIDE ?

1.    Further to my post on FLAME earlier which made a point wise summary based on my various reads across the web,here is something more interesting.....

2.    The creators of Flame have sent a 'suicide' command that removes it from infected computers ie  it has gotten orders to vanish, leaving no trace.As was mentioned in the post earlier that Flame may delete itself from systems that have been fully exploited without leaving any trace has come true soon......

3.   More on the subject at the link ahead and Thanks THN

 http://thehackernews.com/2012/06/flame-spy-virus-going-to-suicide.html

THE GOOD VIRUS : "CYBER WEAPON" BY FUJITSU,JAPAN

1.   Have u seen the epic movie SHOLAY.....where bad guys are hired to kill bad guys by the good people...its a must watch for those who have not seen this...on the same lines recently Japanese government has done some homework to counter cyber crime.....Outsourcing and working with Fujitsu to fight cyber crime with the help of developing a CYBER wEAPON VIRUS that automatically seeks out and destroys enemy viruses.Cyber Weapon almost acts like a human immune system tracking down and weeding out invading viruses. Systems like these are needed when facing the latest advanced threats.Few additional It is the culmination of a $2.3 million, three-year project to develop a virus and equipment to monitor and analyze attacks.  It is reported U.S and china have already put so-called cyber weapons into practical use.

2.   Tracing the source of cyber-attacks is notoriously difficult, mainly because attackers routinely hide behind botnets and anonymous proxies to launch attacks, such as denial of service assaults.Getting this right is a far from trivial process and the potential for collateral damage, even before hackers develop countermeasures, appears to be considerable. Few more points here about this good VIRUS :

- Currently, the virus is being tested in a “closed environment” to examine its applicable patterns. 

- The project is actually outsourced to Fujitsu Ltd. 

- It is capable to disable the incoming attack and record forensics data.

3.   It would actaully be interesting to know how would this be able to trace the source of cyber-attacks as claimed at times like today when the botnets and anonymous proxies are getting better and stronger by the day.

4.  Thanks http://www.airdemon.net/news2.html

ANDROID APPLICATIONS CLONED : Developers make it spam

1.    The latest to add on to the growing web of spams is repackaged android applications.....though till now most of the descried repackaged applications are not reported to have any malicious code in them and also like the genuine ones they are also made available for free. These effected applications have the same module as the original, but include an advertisement module ,thus developers of these apps try making money off the clicks on the advertisements.

2.   The thing is easy on part of the developers since it is easier on thier part to just fiddle with original Android apps which are written in Java and are, therefore, easily cloned.....

3.   Thanks www.f-secure.com

MALWARE & AUTORUN : LOVE BIRDS OF PROPOGATION

1.    All the family members of trojans,malware and adwares few of which are mentioned above have one similarity in form of a common propagation method. They all ab"use" the autoplay feature of Autorun, many by creating or manipulating Autorun.inf files on network drives and removable media, so that when a user connects, the malware is automatically executed on their system. Newer operating systems, like Windows Vista and Windows 7, have made changes to the way Autorun is configured (Windows Vista) and how it works by default (Windows 7). These changes appear to have had a significant difference in the ability for autorun-abusing malware to successfully infect these newer operating systems, especially for Windows 7.

2.   More interesting details here

3.  Thanks http://blogs.technet.com & Microsoft Malware Protection Center

BitDefender : Tips for Safe Shopping on Mobile Devices

A small piece of advice by BitDefender on security aspects while using new generation mobile devices.Pls click HERE

VIRUS in Boot Sector in Hard Disk fresh from OEM!!!!

Have recently heard of this in reputed makes and model of Top list hard disks OEMs.Would like to know if some has ever encountered this or has any form of info on this?

Security Enabled Hardware :INTEL - McAfee Merger

1.      “Security is more effective when enabled in hardware” provisions for something in the pipe known as Security Enabled Hardware.Howzzz that???? There has been a lot of speculation about the rationale behind Intel's recent acquisition of McAfee....well if u r not aware of this Intel’s proposed $7.7billion purchase of McAfee that comes as the most magnanimous takeover deal in the chip giant’s 40-odd-year history....u better be now....although there is no product roadmap to speak of yet.

2.       McAfee technology deeply desegregated into Intel products would mean adding security functionality into Intel’s chip. But would this pushing security into silicon be able to negate the increasingly sophisticated and dynamic threats from cyber crime? Though components of security could be significantly enhanced if chips were designed integrating this way. What about updates,patches etc

3.       Security in the 21st century is about being dynamic, responding to the ever-changing threat landscape in real-time, which you can do with a cloud-based system powered by a network of threat intelligence sensors and reputation-based technologies that stop threats before they even hit the device. Pushing security down to the hardware level makes it very difficult to be reactive, agile or fundamentally secure.

4.       Thanks http://www.infosecurity-magazine.com

User Mapped-Section open???

1. Regular users of Torrents might have seen something like the title disturbing them and stopping them of their downloads....i m one of them...so i tried and checked up few forums...tried doing force start etc...nothing worked....then tried disabling the antivirus for a while.....and it worked.....

2. So...simply just disable the antivirus for the time u wish to download....so lose some...gain some....

How to avoid an infected USB/PEN Drive?

1. The most common way for a virus to infect a healthy PC is through USB/Flash drives. Common viruses such as 'Ravmon' , 'New Folder.exe', etc spread through USB/flash drives . Invariably, anti virus programs are unable to detect them and even if they do, in most cases they are unable to delete the file, only quarantine it. Following are a step by step easy to do instruction

(a) A window appears similar to the one shown below…

(b) Don't click on Ok , just choose 'Cancel'.

(c) Open the Command Prompt by typing 'cmd' in the run box.

(d) In the command prompt type the drive letter: and press enter . Now type dir /w/a and press enter.

(e) This will display a list of the files in the Flash drive or Hardisk. Check whether the following files are there or not

(i) Autorun.inf

(ii) Ravmon.exe

(iii) New Folder.exe

(iv) svchost.exe

(v) Heap41a

(vi) or any other .exe which may be suspicious.

(f) If any of the above files are there, then probably the USB drive is infected.

(g) In command prompt type attrib -r -a -s -h *.* and press enter. This will remove the Read Only, Archive, System and hidden file attribute from all the files.

(h) Now just delete the files using the command del filename. example del Ravmon.exe. Delete all the files that are suspicious. To be on a safer side, just scan the USB drive with a latest anti-virus program like McAfee or TrendMicro's PCCillin to check whether it is free of virus or not. Now remove the drive and plug it again. In most of the cases, the real culprit turns out to be the "Autorun.inf" file which mostly gets executed when someone clicks Ok in the dialog window which appears above. Thus the infections invariably spreads...but not if u take these precautions as mentioned above.

2. Thanks http://www.howtodothings.com