jueves, 14 de abril de 2011
When formatting a flash drive doesn't erase a virus
USB viruses are very common and one of the solutions that Windows users resort to when facing one of those bothersome thingies is formatting.
Yes, the complete destruction of data on the device should be enough to get rid of any virus, right? After all, nothing can survive a nuclear bomb...except cockroaches, scorpions, and who knows what else.
Yesterday, a proud user of Windows 7 came to my office with an infected USB drive and, since he knew that Linux is more efficient to deal with those infections than Windows is, he used Mandriva to erase the virus and all the folders it created. However, when he tried to copy his files back into the drive, he got several error messages.
I took his pen drive and checked: some files were still masked and Mandriva would not let me erase them, so I opened Mandriva Control Center and formatted the drive as a FAT32 Windows partition. Yet, files still refused to be copied into this rebellious device, that was apparently clean, or should have been, as it had undergone a formatting operation.
THE VIRUS SURVIVED A FORMATTING OPERATION!
I suspected that the virus might have been hiding somewhere else. After all, there are computer viruses that allocate themselves in the boot sector, so you only waste your time formatting the HD to eliminate them.
I opened Mandriva Control Center again and reformatted the pen drive, but this time I did as a Linux EXT3 partition. When I finished,I could see a nice folder named "lost+found", which I tried to delete manually. I had no luck; the folder was locked.
THE TERMINAL: THE TRUE POWER OF LINUX!
I opened the terminal, typed SU, entered my root password and executed the command
rd --ignore-fail-on-non-empty lost+found
With that powerful spell, the folder was gone!
RESTORING THE WINDOWS PARTITION
After that, I reformatted the drive again as a Windows FAT32 partition and we got no problems copying information to it.
It's good to have the Linux terminal to handle viruses that resist GUI removal...