Need advice on protecting field computers

Discussion in 'Malware Help (A Specialist Will Reply)' started by headala, Oct 22, 2015.

  1. headala

    headala Private E-2

    Hi, everyone, thanks in advance for the help.

    I work for a nonprofit and we do language translation projects all over the world, mainly in developing countries. We often distribute computers to our local consultants in these areas in order to use our software (32-bit Windows application).

    We often encounter these computers infested with malware. They are almost never connected to the web, but instead by sharing files via usb drives. It has been very difficult for our staff because they need to get a few files off of these computers via USB drive without getting infected themselves.

    Most of what we encouter are older malware (vb scripts, autorun stuff, etc.). Not much zero-day at all.

    Do you guys have any advice on how we can retrieve files from these computers safely? I've thought of several solutions, but they all have some issue:
    1- obviously cleaning the computer before pulling the files off is ideal, but our staff don't have the necessary time or expertise. Also, there isn't an internet connection in most places to ask for help.
    2- using a Linux boot disk to retrieve the files without getting infected. Again, the lack of tech knowledge of our staff is the issue. I could script it, but it is still quite a cumbersome solution.
    3- allowing the USB drive to be infected but cleaning it by our staff before reading the contents - tried this last trip but the files we needed were infected and deleted by the antimalware tool.

    What am I not seeing? What other options do we have? It has to be reasonably user-friendly and usable without an internet connection. Thanks for your help.
     
    headala, Oct 22, 2015
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Since cleaning the originating computers is not a viable option, you need to make sure that the destination computers that the USB drive will be plugged into are properly protected PCs. They must have full antivirus, antispyware, and firewall protection and it would be a good idea to have autoruns protection. See the below link:

    How to Protect yourself from malware!


    You should than immediately run scans on the USB drive after it has been inserted into the destination PC. While this is not likely going to find all possible problems and may even come up with some false detections, it hopefully this can block or at least limit the infection of the destination PC.

    The possibility of false detections could have been why some of the files you needed were deleted in the past. The naming of the files and the location of the files on the USB drive could be part of the issue. You should try putting them into well named folders on the USB drive and be careful that you don't make gibberish names for any files or folders.
     
    chaslang, Oct 24, 2015
    #2
  3. headala

    headala Private E-2

    Thanks. The names of the files/folders on the USB drive are actually quite "gibberish" to English speakers, because they are the name of the language (third world languages, not anything anyone has ever heard of), the the ISO code for the language, then the abbreviation of the translation type. And the file type is a proprietary type that is used with our proprietary software, so I'm guessing the typical AV software is unaware of it.

    So I guess all that is a perfect storm for false positives! Eek!
     
    headala, Oct 26, 2015
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    It's possible that the characters being used are just unicode characters ( See >> http://unicode.org/charts/ ) to represent text in the local language. Your protection software may or may not have a problem with them.
     
    chaslang, Oct 27, 2015
    #4
  5. headala

    headala Private E-2

    We do use some unicode in our documents, but normally we type the filenames without accents and special characters using normal ansi encoding.

    Do you have any experience with the USB Vaccine (Panda) or USB Immunizer (Bitdefender) products? They create a tamper-proof autorun on the USB drive to cut down on autorun-enabled malware. Might be useful for this situation.
     
    headala, Oct 27, 2015
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes I mentioned addressing autoruns issues in my first message where I linked you to How to Protect yourself from malware!

    In step 8 of this link it mentions another tool named Autorun Eater


    You can try these to see if they help at least block the autoruns type infections. You need this on all of your PCs. But you also still need to scan all the files before using them to catch other types of infections.
     
    chaslang, Oct 28, 2015
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds