Virus on USB not detected by MAC?

Discussion in 'Mac Basics and Help' started by Cinderdora, May 8, 2013.

  1. Cinderdora macrumors newbie

    Joined:
    May 8, 2013
    #1
    Hi everyone,

    My USB flash drive seems to have picked up a virus of some kind from one of the crappy old PCs in college.
    Couldn't see it when I opened the USB folder on my Mac, but it shows up on PCs.
    I did a virus scan and it was being detected by Avast, but I couldn't remove it.
    I formatted the USB drive, and now no infections are bring detected by Avast/Sophos/ClamXav, however... the virus file still show up when I plug the USB into a Windows PC!
    How can I get rid of these files? Don't want to infect any other PCs!

    Thanks!:confused:
     
  2. satcomer macrumors 603

    satcomer

    Joined:
    Feb 19, 2008
    Location:
    The Finger Lakes Region
    #2
    Reformat the drive then let the college IT department to let them know what you found.
     
  3. Cinderdora thread starter macrumors newbie

    Joined:
    May 8, 2013
    #3
    I already formatted the drive, antivirus isn't picking up anything, but Windows does... that's my problem!
     
  4. justperry macrumors 604

    justperry

    Joined:
    Aug 10, 2007
    Location:
    In the core of a black hole.
    #4
    This can't be true, but I am not going to argue with you here, you could format and (secure) erase the drive, see what happens.
     
  5. Cinderdora thread starter macrumors newbie

    Joined:
    May 8, 2013
    #5
    Formatted the drive using Disk Utility, Erase, Format: MS-DOS (FAT),
    As described online in multiple locations, and again by tech support.

    The drive showed up as completely clear, neither my files nor virus file on it.
    But again, the virus file NEVER showed up on my Mac, even now after confirming their presence with a PC, they are still invisible to me on the Mac.

    I'm looking for suggestions for how to VIEW these files on the Mac, so that I can remove them, not obvious first aid solutions please.
     
  6. justperry, May 8, 2013
    Last edited: May 8, 2013

    justperry macrumors 604

    justperry

    Joined:
    Aug 10, 2007
    Location:
    In the core of a black hole.
    #6
    If you format a drive ALL files are gone, it does not matter if you use it on a Windows, Linux,Mac or any other operating OS, the files are not there anymore.

    But, you should do as I suggested, do a secure erase, see screenshots.
    Select security options... and move the slider one notch up.
     
  7. Cinderdora thread starter macrumors newbie

    Joined:
    May 8, 2013
    #7
    Justperry,

    Have done, exactly as described.
    Still no change.
    Retried with an even higher 'Security' level.
    The USB 'Get info' even shows the memory as not having anything stored.
    However, the issue is still occurring!
     
  8. simsaladimbamba

    Joined:
    Nov 28, 2010
    Location:
    located
    #8
    Tried it with another Windows based computer and another AV software? Maybe avast is frelling up?
     
  9. justperry macrumors 604

    justperry

    Joined:
    Aug 10, 2007
    Location:
    In the core of a black hole.
    #9
    Have to agree with Simsaladimbamba here, it could be the software on that PC which is the problem, not the USB stick.
     
  10. Cinderdora thread starter macrumors newbie

    Joined:
    May 8, 2013
    #10
    Simsaladimbamba, I had considered that, the only PC I have access to atm only has McAfee :/ and I don't have Admin privileges to install something else.
    Gonna try another PC, hopefully that works :)
    Also, your username gave me a good giggle, love it!
     
  11. rocknblogger macrumors 68020

    rocknblogger

    Joined:
    Apr 2, 2011
    Location:
    New Jersey
    #11
    Check it with this http://www.malwarebytes.org. Just download the free version.

    If it reports that there is no virus then there is no virus.
     
  12. snberk103 macrumors 603

    Joined:
    Oct 22, 2007
    Location:
    An Island in the Salish Sea
    #12
    Is this one of those USB memory sticks that came with extra features? Sorry that I'm being vague, but I only dealt with one and that was a while ago.

    The memory stick I had back then had a, iirc - an auto backup feature. I forget now what it did, but it was a Windows only added feature. The point though is that there was a hidden 2nd partition (of sorts) so that you could format the stick but leave the backup functionality untouched.

    It was bugger to find and to format with OS X because it was designed to be "hidden" and the tools the company offered to remove this partition were of course, Windows only. I think I ended up booting a Windows virtual machine in the end. There may be a way to do this Terminal, but at the time I didn't have the confidence to start mucking about with commands that I didn't understand that formatted irrevocably disks and partitions.

    I suspect you may be dealing with one of these. If so, go to the website of the maker of the drive and look for the tools they should provide to remove the partition. Or - if you are comfortable with Terminal commands that could irrevocably format all your hard-drives, look into that angle. Luck. And be careful if you go the Terminal route.
     
  13. justperry macrumors 604

    justperry

    Joined:
    Aug 10, 2007
    Location:
    In the core of a black hole.
    #13
    If you format a drive (1 partition) on OS X it will be completely wiped, nothing will remain on the drive even if one partition is "invisible"
     
  14. snberk103 macrumors 603

    Joined:
    Oct 22, 2007
    Location:
    An Island in the Salish Sea
    #14
    I would have thought so too. I can't explain why I couldn't... I don't have that level of technical knowledge. But I can tell you that I know how to format and/or partition a USB thumb-drive. And I know enough to tell when there is a portion of that drive that is not being seen by OS X. It was something like 20% of the drive was 'hidden'. I didn't really need that space back, but it was a technical challenge - and I needed to resolve it for myself.
     
  15. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #15
    Not so. There can be a hidden and write protected partition like Sandisk did here.

    I remember that. It was Sandisk USB drives and they had a hidden and write protected partition for their crappy U3 launcher software. When they first came out the only easy way to remove the hidden partition was to run the uninstaller under Windows. After some uproar, SanDisk finally released a Mac version of the uninstaller.
     
  16. chrono1081 macrumors 604

    chrono1081

    Joined:
    Jan 26, 2008
    Location:
    Isla Nublar
    #16
    We had a virus like this at my old job. Two things:

    1. If you wipe the drive on your mac its clean, if you put it into Windows and see malware then its because it got loaded on immediately.

    2. To see the virus file on mac make sure your hidden folders are set to show.

    There was one that went around my old workplace that hopped on external devices all the time, I'd have to sit there and wipe the external devices with my mac and linux machines all day.
     
  17. justperry macrumors 604

    justperry

    Joined:
    Aug 10, 2007
    Location:
    In the core of a black hole.
    #17
    I know those crappy drives, all I can remember from them that I just deleted the U3 software without problems.

    So, I myself didn't even see any other (hidden) partition on them, might have had other drives with U3 on it.
    Or, I just can't remember well.:eek:
     
  18. maccompaq macrumors 65816

    maccompaq

    Joined:
    Mar 6, 2007
    #18
    I had the same problem with an 8 GB thumb that I reformatted to install OSX on it. I had problems and finally discovered a hidden backup partition that was impossible to remove without special software from the thumb drive maker. I ended up buying a different brand of thumb drive.
     
  19. chown33 macrumors 604

    Joined:
    Aug 9, 2009
    #19
    I had the same problem with a thumb drive, and ended up doing the same thing: returned it and bought a different brand. It may even have been a SanDisk U3 drive as Weaselboy linked.

    Before I returned it, I was curious how the thumb drive was accomplishing this trick, so I peeked in the USB and IO-device tree a bit. IIRC, the inserted drive was registering itself as a USB hub, and there were two separate USB devices on this hub. Both were "disks" (the mass storage device profile), but one was read/write and the other was read-only. The read-only one even identified itself as a CD drive so it showed a CD-icon on the Mac desktop.

    It's not all that unusual for a device to identify itself as a USB hub. Keyboards with USB ports do this, for example.

    So the short answer is USB devices can do all kinds of tricky things to make the computer think the device is something it's not. Without knowing exactly what the manufacturer, model, and device is, figuring out what tricks it's playing is essentially impossible. Even knowing the mfgr, model, etc., unless someone with technical skills actually has a device to test and probe, getting information from the device about its tricks is difficult.
     
  20. Cinderdora thread starter macrumors newbie

    Joined:
    May 8, 2013
    #20
    Thank you both for your input, seems similar to what I was experiencing.

    Issue seems to be resolved now, got access to a PC with decent antivirus and removed the malware. Check in another PC and the drive came up as clean, happy days!

    Thanks for the help!
     
  21. snberk103 macrumors 603

    Joined:
    Oct 22, 2007
    Location:
    An Island in the Salish Sea
    #21
    The OP has posted the issue is resolved... so this is to say, yep... it was the U3 thing. Soon as you mentioned it rang the bell. Thanks. And to the other posters as well who explained the U3 thing further.
     

Share This Page