collapse collapse

* Who's Online

  • Dot Guests: 114
  • Dot Hidden: 0
  • Dot Users: 0

There aren't any users online.

* Board Stats

  • stats Total Members: 88
  • stats Total Posts: 11164
  • stats Total Topics: 1700
  • stats Total Categories: 4
  • stats Total Boards: 76
  • stats Most Online: 1470

Author Topic: Safedrv.exe  (Read 9620 times)

0 Members and 1 Guest are viewing this topic.

Offline ifyoudearthis

  • Jr. Member
  • **
  • Posts: 94
  • Reputation 118
    • View Profile
Safedrv.exe
« on: October 24, 2012, 10:05:08 pm »
The computer is infected with a virus is there a way that when I insert my flashdrive the virus/SafeDrv.exe can't get into my flashdrive without using an antivirus?   :-\




Offline Celestialkey

  • Administrator
  • Hero Member
  • *
  • Posts: 3962
  • Reputation 4874
  • Gender: Male
  • Its Alive!!
    • View Profile
    • www.CelestialCoding.com
Re: Safedrv.exe
« Reply #1 on: October 25, 2012, 12:28:15 am »
Are you asking
1. How to use a flash drive without having the virus copy itself over onto it.
or
2. How to use a antivirus off a flash drive to somehow get it on your computer.
Created By: Eczuo
Quote
I have noticed that people who claim that everything is predestined, and we can do nothing to change it, look both ways before they cross the road.
Quote
I'd prefer to die standing, than to live on my knees - Che Guevara
Quote
If you change the way you look at something, does that something change in any way?
- Quantum Theory

Hacking
Quote
Never in the field of human conflict was so much owed by so many to so few. - Winston Churchill


Quote from: Revelations 12:4
And his tail drew the third part of the stars of heaven, and did cast them into the earth; and the dragon stood before the woman which was ready to be delivered, for to devour her child as soon as it was born.

Quote
It takes skill to build an empire. It takes an idiot to maintain it.

Offline ifyoudearthis

  • Jr. Member
  • **
  • Posts: 94
  • Reputation 118
    • View Profile
Re: Safedrv.exe
« Reply #2 on: October 25, 2012, 03:20:59 am »
both  ;)

Offline Nathan

  • Administrator
  • Hero Member
  • *
  • Posts: 1437
  • Reputation 1768
  • Gender: Male
  • woof woof
    • View Profile
Re: Safedrv.exe
« Reply #3 on: October 25, 2012, 08:51:41 pm »
You could format it as NTFS and then add a permission of Everyone with read and your user on clean computer as full control.

More simply you could just use a CD-R(W). What I would do is boot with a live CD and run the anti-virus from there.
Projects:
[ Axios Engine ] [ sourcehub ]
Compilers: Microsoft Visual Studio 2008, GNU C++, FASM, MASM, VB 6/.Net.
Languages: C++, PHP, ASM, JS, VB6/.Net, BASIC, HTML, MySQL
Please buy me some books: Amazon Wishlist

Offline Celestialkey

  • Administrator
  • Hero Member
  • *
  • Posts: 3962
  • Reputation 4874
  • Gender: Male
  • Its Alive!!
    • View Profile
    • www.CelestialCoding.com
Re: Safedrv.exe
« Reply #4 on: October 25, 2012, 09:51:13 pm »
Well, there is no real way of doing #1. Best bet is to use safe mode, if that does not work, then you pretty much are forced to risk the chance, and put the anti virus on the computer and infect that flash drive as well. After you do that, you can always disable auto launch (should be done already) and plug it into another computer, then format the drive.


EDIT:
You could format it as NTFS and then add a permission of Everyone with read and your user on clean computer as full control.

More simply you could just use a CD-R(W). What I would do is boot with a live CD and run the anti-virus from there.

Nathan beat me, or do that. But live CD's for windows? Or is there a nix live CD that lets you run antivirus on windows systems? If so, does it work with bitlocker, if it does, you are a God.
Will setting permissions on the clean one to full and "Everyone" to read only really matter? The admin account that is infected on the compromised computer should still be able to overwrite that with the local admin. Pretty sure it lets you take ownership and do whatever you want to the file system after it is connected.
« Last Edit: October 25, 2012, 09:56:27 pm by Celestialkey »
Created By: Eczuo
Quote
I have noticed that people who claim that everything is predestined, and we can do nothing to change it, look both ways before they cross the road.
Quote
I'd prefer to die standing, than to live on my knees - Che Guevara
Quote
If you change the way you look at something, does that something change in any way?
- Quantum Theory

Hacking
Quote
Never in the field of human conflict was so much owed by so many to so few. - Winston Churchill


Quote from: Revelations 12:4
And his tail drew the third part of the stars of heaven, and did cast them into the earth; and the dragon stood before the woman which was ready to be delivered, for to devour her child as soon as it was born.

Quote
It takes skill to build an empire. It takes an idiot to maintain it.

Offline Nathan

  • Administrator
  • Hero Member
  • *
  • Posts: 1437
  • Reputation 1768
  • Gender: Male
  • woof woof
    • View Profile
Re: Safedrv.exe
« Reply #5 on: October 25, 2012, 10:58:56 pm »
Well, there is no real way of doing #1. Best bet is to use safe mode, if that does not work, then you pretty much are forced to risk the chance, and put the anti virus on the computer and infect that flash drive as well. After you do that, you can always disable auto launch (should be done already) and plug it into another computer, then format the drive.


EDIT:
You could format it as NTFS and then add a permission of Everyone with read and your user on clean computer as full control.

More simply you could just use a CD-R(W). What I would do is boot with a live CD and run the anti-virus from there.

Nathan beat me, or do that. But live CD's for windows? Or is there a nix live CD that lets you run antivirus on windows systems? If so, does it work with bitlocker, if it does, you are a God.
Will setting permissions on the clean one to full and "Everyone" to read only really matter? The admin account that is infected on the compromised computer should still be able to overwrite that with the local admin. Pretty sure it lets you take ownership and do whatever you want to the file system after it is connected.

BartPE has been out forever:
http://www.nu2.nu/pebuilder/

DART could be useful:
http://technet.microsoft.com/en-us/library/ee532075.aspx

I would be surprised if DART didn't support bitlocker - but I wouldn't be so sure about BartPE.

As far as the USB idea:
The theory is that is Windows does not use usernames to identify users - at least not for permissions. It uses a kind of numeric ID (described here http://en.wikipedia.org/wiki/Security_Identifier ) - which has certain information such as computer ID and user ID. Just because you create the same username on two different computers - they will have different SIDs. This is supported by the fact when you delete a user it warns you that if you don't back up the user's key that you will never be able to restore their encrypted documents - EVEN IF you create it identically.
So on clean computer A if you assign a permission for "nathan" as full control - that SID won't resolve on computer 2 and thus you shouldn't have any rights (unless specified by the group "Everyone"). There are a few "well known" SIDs such as "Everyone", "Users" ect that will work on any system. (See a list here: http://support.microsoft.com/kb/243330 ).
In theory no two systems should have the same SID unless they were imaged or specifically set to that SID.

Side note: different SIDs sound like a problem in an enterprise environment - but that is what Active Directory is for. Using AD the user/computer/group/other accounts are stored in a central location.

Edit:
For a pre packaged ultimate BartPE - http://www.ubcd4win.com/
« Last Edit: October 25, 2012, 11:00:49 pm by Nathan »
Projects:
[ Axios Engine ] [ sourcehub ]
Compilers: Microsoft Visual Studio 2008, GNU C++, FASM, MASM, VB 6/.Net.
Languages: C++, PHP, ASM, JS, VB6/.Net, BASIC, HTML, MySQL
Please buy me some books: Amazon Wishlist

Offline ifyoudearthis

  • Jr. Member
  • **
  • Posts: 94
  • Reputation 118
    • View Profile
Re: Safedrv.exe
« Reply #6 on: October 26, 2012, 11:21:27 pm »
Is it possible?  Preventing viruses from entering a USB drive.

The Scenario:  I've rented a computer in a internet cafe and all of the sudden the computer was infected with a virus. when I download and transfer the file into my Flashdrive the virus copy itself into it. When I've got home and put my Flashdrive into my own computer the file that I've download and transfer into my Flashdrive became 0-bytes. I think the virus was the reason.

What I want to do is insert a Flashdrive into a infected computer and copy a file , without virus copy itself into it.

I don't want to remove the virus from the infected computer.

The infected computer have a Deepfreeze that's why I can't reboot the computer and I can't boot in safemode.


Offline Celestialkey

  • Administrator
  • Hero Member
  • *
  • Posts: 3962
  • Reputation 4874
  • Gender: Male
  • Its Alive!!
    • View Profile
    • www.CelestialCoding.com
Re: Safedrv.exe
« Reply #7 on: October 27, 2012, 01:49:05 am »
Any chance it is in the file that you are trying to download?
Created By: Eczuo
Quote
I have noticed that people who claim that everything is predestined, and we can do nothing to change it, look both ways before they cross the road.
Quote
I'd prefer to die standing, than to live on my knees - Che Guevara
Quote
If you change the way you look at something, does that something change in any way?
- Quantum Theory

Hacking
Quote
Never in the field of human conflict was so much owed by so many to so few. - Winston Churchill


Quote from: Revelations 12:4
And his tail drew the third part of the stars of heaven, and did cast them into the earth; and the dragon stood before the woman which was ready to be delivered, for to devour her child as soon as it was born.

Quote
It takes skill to build an empire. It takes an idiot to maintain it.

Offline ifyoudearthis

  • Jr. Member
  • **
  • Posts: 94
  • Reputation 118
    • View Profile
Re: Safedrv.exe
« Reply #8 on: October 27, 2012, 03:43:02 am »
I'm sure it was not, It's just a movie  ;D

SafeDrv.exe and autorun.inf keep's popping in my flashdrive even though I've deleted it.

Offline Nathan

  • Administrator
  • Hero Member
  • *
  • Posts: 1437
  • Reputation 1768
  • Gender: Male
  • woof woof
    • View Profile
Re: Safedrv.exe
« Reply #9 on: October 27, 2012, 03:49:49 pm »
I'm sure it was not, It's just a movie  ;D

SafeDrv.exe and autorun.inf keep's popping in my flashdrive even though I've deleted it.
Sounds like one of those USB hopping viruses. What you can do is create a folder called SafeDrv.exe and autorun.inf on your flash drive. This way the virus can't write the file to the flash drive and they aren't usually smart enough to figure this out. I would also set the permissions on those files assuming you formatted your flash drive NTFS. If your flash drive is FAT32 you can't set permissions on files.
Projects:
[ Axios Engine ] [ sourcehub ]
Compilers: Microsoft Visual Studio 2008, GNU C++, FASM, MASM, VB 6/.Net.
Languages: C++, PHP, ASM, JS, VB6/.Net, BASIC, HTML, MySQL
Please buy me some books: Amazon Wishlist

Offline Celestialkey

  • Administrator
  • Hero Member
  • *
  • Posts: 3962
  • Reputation 4874
  • Gender: Male
  • Its Alive!!
    • View Profile
    • www.CelestialCoding.com
Re: Safedrv.exe
« Reply #10 on: October 27, 2012, 11:59:32 pm »
I'm sure it was not, It's just a movie  ;D

SafeDrv.exe and autorun.inf keep's popping in my flashdrive even though I've deleted it.
Sounds like one of those USB hopping viruses. What you can do is create a folder called SafeDrv.exe and autorun.inf on your flash drive. This way the virus can't write the file to the flash drive and they aren't usually smart enough to figure this out. I would also set the permissions on those files assuming you formatted your flash drive NTFS. If your flash drive is FAT32 you can't set permissions on files.
That's a good idea for the folders to be named that. We did the same back when that massive virus was rampant.
Created By: Eczuo
Quote
I have noticed that people who claim that everything is predestined, and we can do nothing to change it, look both ways before they cross the road.
Quote
I'd prefer to die standing, than to live on my knees - Che Guevara
Quote
If you change the way you look at something, does that something change in any way?
- Quantum Theory

Hacking
Quote
Never in the field of human conflict was so much owed by so many to so few. - Winston Churchill


Quote from: Revelations 12:4
And his tail drew the third part of the stars of heaven, and did cast them into the earth; and the dragon stood before the woman which was ready to be delivered, for to devour her child as soon as it was born.

Quote
It takes skill to build an empire. It takes an idiot to maintain it.

 

Donate


* Search


* Recent Posts

I miss the chatbox by Shishka
[August 27, 2019, 11:52:39 pm]


Image Comparison by Shishka
[May 15, 2017, 01:18:02 pm]


Re: srchub - free source code hosting by Nathan
[December 14, 2015, 11:37:02 pm]


Re: srchub - free source code hosting by Celestialkey
[November 27, 2015, 08:51:42 am]


Updates by Nathan
[October 30, 2015, 08:27:36 pm]