0

Okay I don't know if this is a smart question and I found this answer here How do I clear everything (data, viruses) from a thumbdrive?, and didn't understand it fully. I thought formatting a drive was enough to get rid of all data.

I used my usb drive in a computer that is clearly messed up. So when I got home I formatted it, and then did a scan (it's Ubuntu but I have avast installed) to make sure files transferred between my desktop and laptop are clean, and well there wasn't much to scan seeing as I just formatted it, but I understand that apparently you can have hidden files and stuff still?

The scan doesn't show anything when I click show hidden files and it also says that its only using 4.1kb; it always says that; I'm guessing that's for something.

So Question 1, is it possible that the virus is still there?

And Question 2 if formatting does clean a drive, although it's Linux, would it have infected it, like the way someone can be a carrier of a cold and not be sick.

Community
  • 1
Vikashx1
  • 21
  • 1
    A lot of effort went into the answer you linked to. Just saying they lost you or whatever isn't really a good reason to ask essentially the same question again. –  Feb 27 '13 at 00:50
  • Um I know that a lot of effort went into that answer ,I can tell by the fact that its that detailed and I think its awesome the community has people who do things like that ,but do you honestly think for someone who has very little familiarity with ubuntu etc that its a good idea for them,granted I am all for learning and id be damned to stay at this level of understanding (half of the technical terms you all use I havent the slightest clue of )but I thought part of why ubuntu is even gaining this much momentum is that its doing exactly that and trying to start you from scratch ? – Vikashx1 Mar 01 '13 at 11:58
  • Also thank you for editing my question ,the formatting sucked,I need to work on that ,thing is I really dont do asking questions online and this is the possibly first month ,I usually prefer just looking for question (you can literally find almost everything already )but I was particularly worried here and also I figured I might as well start . – Vikashx1 Mar 01 '13 at 12:00
  • Don't worry about the formatting. When you've been around for a while you'll get the hang of it. One way to understand it is to click on the "edited" button and see how people format their posts. I think you'll find that Ask Ubuntu has a relatively decent signal-to-noise ratio! –  Mar 01 '13 at 12:18

2 Answers2

2

If you told Ubuntu to format the flash drive, and it did indeed format the partition(s), the flash drive will no longer be able to infect a windows computer.

Technically, yes, infected files can still physically exist on the drive, but there is no file descriptor pointing to that file, so you will never even be able to read the file, unless you randomly guessed the location of it and used a tool to copy the raw data [like dd].

If you want to wipe the flash drive of all its previous files, just fill up the drive, either with a blank file [in command line dd if=/dev/zero of=/PATH/TO/flashdrive/bigfile then delete it after it fills up all the way. If you're using fat32 you will have to do multiple files as it has a small max filesize] or pick a file and keep copying over and over.

tl;dr Do not worry about it, it is safe.

Matt
  • 9,993
  • Whoa thanks I mean ,whoa I didnt expect id get a response this quickly (but I was hoping for it) And dont worry if I can reply to other people I will ,just I have like very little knowledge on the subject at the moment ,im actually going to to attempt this https://www.coursera.org/course/malsoftware to get a better idea even though I probably wont complete it ,because I would like to actually know and understand the non english stuff you said haha .But again thanks . – Vikashx1 Feb 26 '13 at 23:16
  • Actually that's a fallacy. A bootkit could well still be active and reactivate itself in some cases. This may seem contrived, but in order to be sure the thumb drive should have its partitions wiped and the first few megabytes zeroed. – 0xC0000022L Feb 27 '13 at 01:42
  • @0xC0000022L If you have a formatted flash drive that was formerly infected, and you plug it into a clean Windows PC..I do not see how anything on the drive could come to life. Enlighten me? And yes if you fill up the drive with infinity zeroes [like my dd suggestion] it will also wipe the first few MB. – Matt Feb 27 '13 at 02:55
  • I guess to be completely safe, if you're that paranoid [of bootkits] you can be sure to wipe the MBR clean: be VERY careful which device you write to: dd if=/dev/zero of=/dev/sdc bs=1M count=10 if your flash drive is /dev/sdcX. I would probably suggest using gparted instead to partition/format the MBR/write a new partition table. – Matt Feb 27 '13 at 03:04
  • @Matt: well, I deduce from your second comment that you got what I referred to. Let's put it this way, working as malware researcher I am indeed a little more paranoid than the layman ;) ... it helps, too. – 0xC0000022L Feb 27 '13 at 12:15
  • Well thanks now am actually worried ,ah ,I guess I should try that (how in the blazes ,oh well I dont need my flash drive this second ,ill see to it later when I have more time I guess),thanks though everyone ,now im paranoid a bit (but its 4 kb ,can that really be anything ,I mean really ? what could possibly be left ,I really underestimated these things ) – Vikashx1 Mar 01 '13 at 12:04
  • Do you mean 4GB? Look at the 1st answer: http://askubuntu.com/questions/185815/how-do-i-clear-everything-data-viruses-from-a-thumbdrive It explains how to completely wipe everything [including the MBR] – Matt Mar 02 '13 at 19:27
1

Formating a USB drive is mostly the best way to get rid of viruses. That 4.1 kb is, I think, the MFT (master file table) of your drive. So nothing to worry about.

Showing hidden files on Ubuntu is Ctrl + h in Nautilus.

http://en.m.wikipedia.org/wiki/NTFS#Internals

Seth
  • 58,122
Thomas15v
  • 1,593
  • Oh so the 4.1 kb is for the drive then right .And whoa this was quick ,thanks a lot ,and ill read up on that now – Vikashx1 Feb 26 '13 at 23:18