a USB (Resident) Virus Scaner and Cleaner

a USB (Resident) Virus Scaner and Cleaner.

Some light fast and (TSR) Terminate and stay Resident Comodo USB AntiVirus App.

Being a USB Flash Disk One of the Most used media to infect PCs, would be nice to have such a fast efective and tinny application.

To Insert, (turn on), Load and Stay Resident type of application.

Sergio Korlowsky

Hi Averno ,

Please search & read this & other forums regarding connected USB devices and protection.
That was discussed here & there thousands of time already

The suggested Application is waste of time/resources & not needed at all.

Disable Autoruns, which is “must do” (ask if you don’t know how) & your computer is safe enough already, since nothing will be fired up from USB device automatically

Use either hardware or Software protection when you are connecting you own USB to the alien computer(s)

Then, scan whether it’s Comodo’s AV or additional scanners installed
That’s all you can do
If any of his scanners are missing infection “at this particular point” - nothing you can do anyway… so you better think about using decent Behavioral Blocker … still not not 100% bullet proof, but that will increase detection rate & at least may alarm you in case you evoke unknown executable from USB device

My regards

Thanks a lot for responding, yes I know how to disable the autorun, my system is protected, but I fix computers and I have seen an increase in infections on USB and SD memory modules used in cellular phones, specially the “Brontok” (Recycler) virus. Thanks anyway, have a nice weekend!


usb immunizer is not necessary… I will agree on SiberLynx… but here’s problem I have faced…

many ppl especially my friend, never scan usb after they had inserted it in infected computer… because of laziness… so everytime they insert usb in pc, they used to open usb before scanning…

many will say realtime protection will protect malware and will prove me wrong but that’s what didn’t happen… every fortnight when i visit my fren, his pc has been always infected by win32.virut and win32.sality… BTW he is also using CIS 5.9…

So it will be great if there is auto scanning usb feature like that of Bitdefender, Kaspersky and ESET, it might some of the lazy ppl like my fren from being infected…

Thank you

at the same time please read what was written above and in many cases re: USB.
What do you mean by “used to open usb before scanning” if Autoruns is disabled as posted above ???
That is really weird & that was the main point - nothing will happen ever unless you start any executable by yourself & if it is a malware & your current AV don’t know about it at that particular time - nothing can prevent the infection

Well … CIS 5.9 or whatever version will never protect you or your “fren” Comodo has very weak AV & completely not working sandbox… so what you would expect :slight_smile:

Again, that will not help ever! Moreover, I’ve tested many securities - auto-scanning USB connected devices must be disabled - that is annoying useless feature … why in Hell I would ever consider scanning connected USB automatically ? 64GB Flash Stick or 2-3 TB drive … Why??? what about the time spent for basically nothing?
Do it whenever you want in your spare time, for goodness sake … and it still will not protect you 100% no matter what AV you are using (considering that Comodo’s AV is just a joke that shouldn’t’ev ever being developed)

It depends on signatures and that’s the weakness. Locking down the autoruns of external devices is the best solution; simply don’t allow anything to be able to autostart.

The Comodo sandbox works fine in keeping malware at bay that the AV does not have signatures for. It is the mix of components that makes CIS a strong contender.

Quick summary:
No scanning.
Locking of autoruns and NTFS file permissions are a better solution in my opinion.

I would agree to SiberLynx on the scanning part, but about the autorun, that’s not going to be the only problem. Sure, don’t enable anything to autostart, but there are viruses that are capable of creating shortcuts of the files within the usb all the while hiding the files (there was one – though rare – that “ate” the files, and i mean to say they were literally gone while the virus chunked up). Average users don’t really get this, but they launch the virus anyway by clicking on the shortcuts. Launches the virus then the file.

CIS protects, but the problem is what of those who prefers other products or has issues with CIS? I think that’s the central point of his concern when he said

and of course SiberLynx’s as well

EricJH also confirms this (and I mean the possibility):

Apparently there are still some that are able to bypass AV’s regardless of the fact that it is now an “old trick” as one might put it. I’ve seen a variant of Sality do this. The main executable was quarantined, but it still managed to infect the host computer (which was a newly bought, fresh installed laptop). Rare as they may be, the concern is still legit.

I think that a better option would be the use of NTFS file permissions. I’ve used it on three USB’s for about 5 months now, and no infection to date despite various stress tests. The idea is to create an NTFS file format USB and block all write permissions on the first layer with a folder with only write/read/delete permissions, but without change permissions (i mean to say that it can’t change anything: not the file, not the attributes nor the permissions).

The downside is that I can only make advanced file permissions in windows 7 (I can’t find the option on xp) and that if I were to update a file, I have to create a copy of the original in hd, update it there and either change the filename or delete the previous one before placing the updated file back on the folder. Takes only two minutes tops for me though. And if you’re using linux (either by dual boot or another unit) you’d have to make sure that 1) the linux you’re using supports ntfs file formats and 2) that you cleanly removed the usb from windows before plugging it in linux.

The good side on this is that there are no autoruns made, no virus can piggyback on anything, and in detailed explorer view, nothing goes in without my notice. I can conclude with my experience on this that this is a safer option than scanning or blocking autoruns.

Search for palby777 (yeah that’s me) in youtube for a video of the process (perhaps the video could explain it better). Couldn’t post the link because I’m in a library and youtube is being blocked.

And if autorun is a functionality you’d like to keep for some reason or you find blocking autoruns, formatting and file permissions too complicated, USB Guardian does the trick for me rather well. If you’re willing to purchase, Zbshareware USB Disk Security is a good product.

Have a nice day.

sorry… but I disagree with the statement “Zbshareware USB Disk Security is a good product” because it detects every autorun.inf as a threat…
if u want to test out, create autorun.inf from notepad and place it into ur usb… after that insert ur usb in pc installed with Zbshareware USB Disk Security, you will find out that it detects it as a threat…

from my view, i dont recommend this software…

Oh forgive me for not being clear. That was in fact the reason why I had mentioned it. The idea is to keep the autorun functionality without altogether disabling it. I was more concerned with CD’s or DVD’s because USB Disk Security does not or rather cannot delete the autorun.inf in them so the functionality is kept. Likewise, you can disable the automatic deletion of known threats in its configuration which again preserves the functionality of the autorun.inf and selectively choose which autorun.inf to be deleted.

Moreover, most antiviruses (if not all in so far as quarantining autorun.inf’s are concerned) also detect autorun.inf’s as threats. So really the main use of the USB Disk Security would be its immunity feature which by far is more effective than a dummy undeletable unmodifiable text-based autorun.inf (in contrast to USBDS’s folder-based autorun.inf and undeletable “.immunity” folder), the registry restore option which allows me to restore common functionalities such as the command prompt, safe mode and task manager as well as monitoring startup items.

It really is in the preference of the user. It’s good in the sense that it (1) requires no definition updates, (2) good heuristic detection, (3) low memory usage, (4) limited but nonetheless useful tools available (and I mean to say it’s not as bloated as other security products that wanted to be too much), (5) a sensible level of configurability (and not over complicated) and pop-ups, and (7) fast startup.

woW! spainach_12,

The last post of yours was a real surprise, despite of you are the one who participated in so many “USB/Autoruns” topics here and “there”

No! you do not need any additional Software - that’s a simple sham

Autoruns disabled on your own PC / hardware protection of USB re: writing/ (specific) Software protection of USB device bought - that is all you (we can do) & it works(!!!)

...I was more concerned with CD's or DVD's because USB Disk Security does not or rather cannot delete the autorun.inf in them so the functionality is kept....
:o and what? how bad is that? Do you need to delete those from CDs/DVDs? That will simply not be able to run (catching kinda "Sony Rootkit" and alike :) ) & that's all what you need... unless your statement was just a joke

Then (when anything cannot be run automatically) - the only option is - using any AV preferred in order to scan … and that is the only and forever bottleneck & there is no cure and never will be!
You (I mean any user) start unknown Software after all precautions taken re: USB described thousands of times already - any AV can fail / HIPS can fail / Behavioural Blocker (CIS still don’t have it :-TD) can help, but again not 100% …

I do somehow understand the initial poster, who may not have experience yet,
but I cannot possibly get your point (again & again) regarding this particular matter


Perhaps I was not clear. The initial intention of Averno is to cover non-adept computer users:

And the point was to have some level of control with the autorun functionality. CD and/or DVD autoruns cannot be deleted. Disabling autorun altogether will as you have confirmed not automatically run the disk.

I do not encourage the use of third party software but recommended it:

Disabling autorun doesn’t seem so convenient to many users (well, at least in my area even with the use of third party software particularly concerning installations from USB and special USB’s with preinstalled software in them [a sort of write protection/encryption thing that prevents access to the usb]) and I had to re-enable it on the request of the user. In which case is the only time I recommend third party software.

I cannot understand the hostility in your post. I’m sure it’s not intentional and just by way of your use of the language; still, the possibility is not to be neglected.

I assure you I have tested rigorously the methods which you have advised me in the past. I simply stuck to what is more convenient for me and the users who ask for my help. As I understand it, you do not use the autorun functionality, but that doesn’t apply to everyone else. I would agree that precautions ought to be taken when launching unknown software the same way you take precaution when talking to strangers. But not everyone practice that, now do they? nor does everyone have in possession a hardware protection USB. I’m not being stubborn on the topic. I’m just taking into consideration that there are others that does not prefer what has been advised (and by this I refer to the disabling of autorun).

I would disagree that disabling the autorun is the only solution. NTFS file permissions work perfectly fine for me.