Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Cinderdora

macrumors newbie
Original poster
May 8, 2013
6
0
Hi everyone,

My USB flash drive seems to have picked up a virus of some kind from one of the crappy old PCs in college.
Couldn't see it when I opened the USB folder on my Mac, but it shows up on PCs.
I did a virus scan and it was being detected by Avast, but I couldn't remove it.
I formatted the USB drive, and now no infections are bring detected by Avast/Sophos/ClamXav, however... the virus file still show up when I plug the USB into a Windows PC!
How can I get rid of these files? Don't want to infect any other PCs!

Thanks!:confused:
 
I already formatted the drive, antivirus isn't picking up anything, but Windows does... that's my problem!
 
This can't be true, but I am not going to argue with you here, you could format and (secure) erase the drive, see what happens.

Formatted the drive using Disk Utility, Erase, Format: MS-DOS (FAT),
As described online in multiple locations, and again by tech support.

The drive showed up as completely clear, neither my files nor virus file on it.
But again, the virus file NEVER showed up on my Mac, even now after confirming their presence with a PC, they are still invisible to me on the Mac.

I'm looking for suggestions for how to VIEW these files on the Mac, so that I can remove them, not obvious first aid solutions please.
 
Formatted the drive using Disk Utility, Erase, Format: MS-DOS (FAT),
As described online in multiple locations, and again by tech support.

The drive showed up as completely clear, neither my files nor virus file on it.
But again, the virus file NEVER showed up on my Mac, even now after confirming their presence with a PC, they are still invisible to me on the Mac.

I'm looking for suggestions for how to VIEW these files on the Mac, so that I can remove them, not obvious first aid solutions please.

If you format a drive ALL files are gone, it does not matter if you use it on a Windows, Linux,Mac or any other operating OS, the files are not there anymore.

But, you should do as I suggested, do a secure erase, see screenshots.
Select security options... and move the slider one notch up.
 
Last edited:
Justperry,

Have done, exactly as described.
Still no change.
Retried with an even higher 'Security' level.
The USB 'Get info' even shows the memory as not having anything stored.
However, the issue is still occurring!
 
Justperry,

Have done, exactly as described.
Still no change.
Retried with an even higher 'Security' level.
The USB 'Get info' even shows the memory as not having anything stored.
However, the issue is still occurring!

Tried it with another Windows based computer and another AV software? Maybe avast is frelling up?
 
Justperry,

Have done, exactly as described.
Still no change.
Retried with an even higher 'Security' level.
The USB 'Get info' even shows the memory as not having anything stored.
However, the issue is still occurring!

Have to agree with Simsaladimbamba here, it could be the software on that PC which is the problem, not the USB stick.
 
Tried it with another Windows based computer and another AV software? Maybe avast is frelling up?

Simsaladimbamba, I had considered that, the only PC I have access to atm only has McAfee :/ and I don't have Admin privileges to install something else.
Gonna try another PC, hopefully that works :)
Also, your username gave me a good giggle, love it!
 
Is this one of those USB memory sticks that came with extra features? Sorry that I'm being vague, but I only dealt with one and that was a while ago.

The memory stick I had back then had a, iirc - an auto backup feature. I forget now what it did, but it was a Windows only added feature. The point though is that there was a hidden 2nd partition (of sorts) so that you could format the stick but leave the backup functionality untouched.

It was bugger to find and to format with OS X because it was designed to be "hidden" and the tools the company offered to remove this partition were of course, Windows only. I think I ended up booting a Windows virtual machine in the end. There may be a way to do this Terminal, but at the time I didn't have the confidence to start mucking about with commands that I didn't understand that formatted irrevocably disks and partitions.

I suspect you may be dealing with one of these. If so, go to the website of the maker of the drive and look for the tools they should provide to remove the partition. Or - if you are comfortable with Terminal commands that could irrevocably format all your hard-drives, look into that angle. Luck. And be careful if you go the Terminal route.
 
Is this one of those USB memory sticks that came with extra features? Sorry that I'm being vague, but I only dealt with one and that was a while ago.

The memory stick I had back then had a, iirc - an auto backup feature. I forget now what it did, but it was a Windows only added feature. The point though is that there was a hidden 2nd partition (of sorts) so that you could format the stick but leave the backup functionality untouched.

It was bugger to find and to format with OS X because it was designed to be "hidden" and the tools the company offered to remove this partition were of course, Windows only. I think I ended up booting a Windows virtual machine in the end. There may be a way to do this Terminal, but at the time I didn't have the confidence to start mucking about with commands that I didn't understand that formatted irrevocably disks and partitions.

I suspect you may be dealing with one of these. If so, go to the website of the maker of the drive and look for the tools they should provide to remove the partition. Or - if you are comfortable with Terminal commands that could irrevocably format all your hard-drives, look into that angle. Luck. And be careful if you go the Terminal route.

If you format a drive (1 partition) on OS X it will be completely wiped, nothing will remain on the drive even if one partition is "invisible"
 
If you format a drive (1 partition) on OS X it will be completely wiped, nothing will remain on the drive even if one partition is "invisible"

I would have thought so too. I can't explain why I couldn't... I don't have that level of technical knowledge. But I can tell you that I know how to format and/or partition a USB thumb-drive. And I know enough to tell when there is a portion of that drive that is not being seen by OS X. It was something like 20% of the drive was 'hidden'. I didn't really need that space back, but it was a technical challenge - and I needed to resolve it for myself.
 
If you format a drive (1 partition) on OS X it will be completely wiped, nothing will remain on the drive even if one partition is "invisible"

Not so. There can be a hidden and write protected partition like Sandisk did here.

Is this one of those USB memory sticks that came with extra features? Sorry that I'm being vague, but I only dealt with one and that was a while ago.

I remember that. It was Sandisk USB drives and they had a hidden and write protected partition for their crappy U3 launcher software. When they first came out the only easy way to remove the hidden partition was to run the uninstaller under Windows. After some uproar, SanDisk finally released a Mac version of the uninstaller.
 
We had a virus like this at my old job. Two things:

1. If you wipe the drive on your mac its clean, if you put it into Windows and see malware then its because it got loaded on immediately.

2. To see the virus file on mac make sure your hidden folders are set to show.

There was one that went around my old workplace that hopped on external devices all the time, I'd have to sit there and wipe the external devices with my mac and linux machines all day.
 
Not so. There can be a hidden and write protected partition like Sandisk did here.

I know those crappy drives, all I can remember from them that I just deleted the U3 software without problems.

So, I myself didn't even see any other (hidden) partition on them, might have had other drives with U3 on it.
Or, I just can't remember well.:eek:
 
If you format a drive (1 partition) on OS X it will be completely wiped, nothing will remain on the drive even if one partition is "invisible"

I had the same problem with an 8 GB thumb that I reformatted to install OSX on it. I had problems and finally discovered a hidden backup partition that was impossible to remove without special software from the thumb drive maker. I ended up buying a different brand of thumb drive.
 
I had the same problem with an 8 GB thumb that I reformatted to install OSX on it. I had problems and finally discovered a hidden backup partition that was impossible to remove without special software from the thumb drive maker. I ended up buying a different brand of thumb drive.

I had the same problem with a thumb drive, and ended up doing the same thing: returned it and bought a different brand. It may even have been a SanDisk U3 drive as Weaselboy linked.

Before I returned it, I was curious how the thumb drive was accomplishing this trick, so I peeked in the USB and IO-device tree a bit. IIRC, the inserted drive was registering itself as a USB hub, and there were two separate USB devices on this hub. Both were "disks" (the mass storage device profile), but one was read/write and the other was read-only. The read-only one even identified itself as a CD drive so it showed a CD-icon on the Mac desktop.

It's not all that unusual for a device to identify itself as a USB hub. Keyboards with USB ports do this, for example.

So the short answer is USB devices can do all kinds of tricky things to make the computer think the device is something it's not. Without knowing exactly what the manufacturer, model, and device is, figuring out what tricks it's playing is essentially impossible. Even knowing the mfgr, model, etc., unless someone with technical skills actually has a device to test and probe, getting information from the device about its tricks is difficult.
 
I would have thought so too. I can't explain why I couldn't... I don't have that level of technical knowledge. But I can tell you that I know how to format and/or partition a USB thumb-drive. And I know enough to tell when there is a portion of that drive that is not being seen by OS X. It was something like 20% of the drive was 'hidden'. I didn't really need that space back, but it was a technical challenge - and I needed to resolve it for myself.

We had a virus like this at my old job. Two things:

1. If you wipe the drive on your mac its clean, if you put it into Windows and see malware then its because it got loaded on immediately.

2. To see the virus file on mac make sure your hidden folders are set to show.

There was one that went around my old workplace that hopped on external devices all the time, I'd have to sit there and wipe the external devices with my mac and linux machines all day.

Thank you both for your input, seems similar to what I was experiencing.

Issue seems to be resolved now, got access to a PC with decent antivirus and removed the malware. Check in another PC and the drive came up as clean, happy days!

Thanks for the help!
 
Not so. There can be a hidden and write protected partition like Sandisk did here.



I remember that. It was Sandisk USB drives and they had a hidden and write protected partition for their crappy U3 launcher software. When they first came out the only easy way to remove the hidden partition was to run the uninstaller under Windows. After some uproar, SanDisk finally released a Mac version of the uninstaller.

The OP has posted the issue is resolved... so this is to say, yep... it was the U3 thing. Soon as you mentioned it rang the bell. Thanks. And to the other posters as well who explained the U3 thing further.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.