Difference between revisions of "Sandisk U3 Flash Drive Virus"

From Free Knowledge Base- The DUCK Project: information for everyone
Jump to: navigation, search
 
(22 intermediate revisions by one user not shown)
Line 1: Line 1:
U3 is a USB flash storage app that lets you carry and run Microsoft Windows applications directly from the flash drive. For some people, this is a useful tool. However, it is also an extremely invasive piece of software that automatically installs itself on a Windows PC without asking permission or providing the option not to install as soon as you plug in the USB flash drive.
+
U3 is a USB flash storage application that lets you carry and run Microsoft Windows applications directly from the flash drive. For some people, this is a useful tool. However, it is also an extremely invasive piece of software that automatically installs itself on a Windows PC without asking permission or providing the option not to install as soon as you plug in the USB flash drive.
  
[http://www.realtechnews.com/posts/4540|U3 _is_ a virus] because ScanDisk allows it to INSTALL without first ASKING the user if they want it. Software that modifies your computer system without your permission is a virus.
+
[http://www.realtechnews.com/posts/4540 U3_is_ a virus] because ScanDisk allows it to INSTALL without first ASKING the user if they want it. Software that modifies your computer system without your permission is a virus.
 +
 
 +
All USB Flash Drives that support the new U3 standard have a locked, non-deletable, 2nd drive emulating a CD-ROM drive which is setup to auto-install the U3 software on any windows PC you plug the Flash Drive into. If you don't disable [[autorun]], or hold down the shift key anytime you plug one of these drives into someone's Windows, this malware is automatically installed.  It will even prompt the user to reboot windows XP after the install is complete.  But it will not prompt the user prior to installing the malware.
 +
 
 +
* U3 Launchpad uses the autorun.inf file on the thumbdrive root.  The U3 program is stored on a special read-only partition of the thumbdrive and cannot be manually removed by simply formatting or deleting.
 +
 
 +
Hold down the <big><big><big>'''SHIFT KEY'''</big></big></big> when inserting a thumbdrive to prevent autorun.inf from launching and installing U3.
 +
 
 +
* '''Installs software without permission:''' When you plug in the drive, it uses a hack to take advantage of the CD-ROM [[autorun]] vulnerability to install U3 software without your permission. 
 +
 
 +
* When SanDisk first released their Cruzer drives with U3 technology, they did NOT include an uninstall utility.
 +
* Under pressure from support callers, SanDisk provided an uninstall utility on their web site
 +
* SanDisk started to include the uninstall utility on newer Cruzer drives, however, U3 will still auto-install.
 +
* The uninstall utility does not do a 100% removal and restoration, orphaned files remain and alterations to the windows registry.
  
 
The potential for replacing the U3 LaunchPad with something nasty is
 
The potential for replacing the U3 LaunchPad with something nasty is
 
rather obvious.  One could envision a "U3 virus" passing just like an
 
rather obvious.  One could envision a "U3 virus" passing just like an
old-style floppy virus.  Disabling U3 autorun is by disabling CD autorun
+
old-style floppy virus.  Disabling U3 [[autorun]] is by disabling CD autorun
via the registry - http://support.microsoft.com/?id=155217 A quick
+
via the registry - <del>http://support.microsoft.com/?id=155217</del>* A quick
 
Google search got me a number of items by people who've changed the
 
Google search got me a number of items by people who've changed the
 
content of the CDFS.
 
content of the CDFS.
 +
 +
''*. You cannot count of Micro$oft maintaining a link location.''
  
 
U3 software can conflict with other popular software — especially all varieties of CD/DVD burning software.   
 
U3 software can conflict with other popular software — especially all varieties of CD/DVD burning software.   
  
== Uninstall U3 ==
+
=== Uninstall U3 ===
 
note:  does not do a total 100% uninstall of U3, but does remove the primary components and set an inactive registry flag.
 
note:  does not do a total 100% uninstall of U3, but does remove the primary components and set an inactive registry flag.
  
1) Download the U3 software: [http://www.sandisk.com/Retail/Default.aspx?CatID=1415|U3 Launchpad Removal Tool]  
+
# Download the U3 software: [http://www.sandisk.com/Retail/Default.aspx?CatID=1415 U3 Launchpad Removal Tool]  
2) Remove any files that you have loaded and want to retain.
+
# Remove any files that you have loaded and want to retain.
3) Plug in your SanDisk drive.
+
# Plug in your SanDisk drive.
4) Run the U3 tool that you downloaded in step 1.
+
# Run the U3 tool that you downloaded in step 1.
5) If the above does not work you might try this: http://www.u3.com/uninstall/default.aspx
+
# If the above does not work you might try this: http://www.u3.com/uninstall/default.aspx
 +
 
 +
U3 will add the following to your PC:
 +
 
 +
# A hidden folder: C:\Documents and Settings\<username>\Application Data\U3\temp
  
 
There is an open source solution called Portable Apps that does what U3 will do, unlike U3, it is not a virus.
 
There is an open source solution called Portable Apps that does what U3 will do, unlike U3, it is not a virus.
  
More on U3: http://www.hoystory.com/?p=3864
+
'''More on U3''':  
 +
* http://www.hoystory.com/?p=3864
 +
* [http://techrepublic.com.com/5208-11183-0.html?forumID=5&threadID=187062&start=0 Disable U3 on flash drive]
 +
* [http://sublimesoftware.blogspot.com/2006/10/u3-usb-drive.html?showComment=1164664620000 U3 USB drive]
  
 +
=== Boycott Sandisk ===
 +
One should not exchange money for products and services from unethical businesses that violate consumer privacy rights, and spread unwanted malware/virus/infectious software.
  
&nbsp;
+
* [http://www.oddco.ca/zeroth/zblog/2008/05/27/boycott-sandisk-cruzer-drives/ Boycott SanDisk Cruzer drives]
 +
 
 +
=== Prevent Installation ===
 +
Take your new Sandisk Cruzer flash drive back to the retailer where you purchased it and demand a refund.  Yet, if you still wish to use this product from a sleezy company, here is how to format it without the U3 virus infecting your system.
 +
 
 +
# Hold down the SHIFT key and insert the flash drive.  Keep holding down SHIFT
 +
# Once the flash drive is recognized you may release the SHIFT key
 +
# goto My Computer and format the flash drive with FAT32
 +
 
 +
Holding down the shift key will prevent autorun from launching the U3 malware.  Formatting the new flash drive will get rid of the U3 malware so that you may use it as a normal flash drive in the future.  Defeat the auto-install by keeping the shift key held down when you plug in the drive.
 +
 
 +
== What about other USB Thumb Drive Bundled Software? ==
 +
 
 +
It is best to purchase only USB Thumb Drives that do not include any bundled software.  When you get your new thumb drive, the first thing you should do is format it prior to using it.
 +
 
 +
=== Lexar JumpDrive Secure II Plus ===
 +
 
 +
Function:  Allow user to assword-protect multiple areas on the drive (known as Encrypted Vaults) and utilise 256-bit AES encryption.
 +
Installing Lexar JD software disables video DVD support on a Macintosh system.  Lexar encryption software can't be used on a Windows domain machine, can't be used on an Intel Mac, and breaks the DVD on a PPC Mac.  Users report that Secure II has bugs that can make your encrypted data inaccessible. 
 +
 
 +
The Secure II Plus software will not auto install like U3 ('''unverified''') as most of this type of encryption software bundled with some flash drives tends not to auto-install.  The only known bundled flash drive software that auto-installs like a virus is the U3 software included with new SanDisk brand flash drives.
 +
 
 +
== Related ==
 +
 
 +
* [[Autorun|Autoplay, Autorun, and Auto-insert notification]]
 +
* [[Turn off Autoplay With Group Policy Editor]]
 +
* [[Sandisk U3 Flash Drive Virus]]
 +
* [[Sony DRM Rootkit]]
 +
 
 +
For Linux Users:
 +
* [[How_Do_I:_A_Linux_Q%26A#.5BDISABLE_ANNOYING_KDE_Autorun_WHEN_CDROM_IS_IN_DRIVE_WHEN_KDE_STARTS.5D|KDE Autorun]]
  
 
&nbsp;
 
&nbsp;
Line 33: Line 87:
 
[[Category:Desktop Software]]
 
[[Category:Desktop Software]]
 
[[Category:Software]]
 
[[Category:Software]]
 +
[[Category:Hardware]]
 +
 +
<small><small>keywords: usb flash virus drive thumb stick memory security</small></small>

Latest revision as of 12:43, 31 March 2016

U3 is a USB flash storage application that lets you carry and run Microsoft Windows applications directly from the flash drive. For some people, this is a useful tool. However, it is also an extremely invasive piece of software that automatically installs itself on a Windows PC without asking permission or providing the option not to install as soon as you plug in the USB flash drive.

U3_is_ a virus because ScanDisk allows it to INSTALL without first ASKING the user if they want it. Software that modifies your computer system without your permission is a virus.

All USB Flash Drives that support the new U3 standard have a locked, non-deletable, 2nd drive emulating a CD-ROM drive which is setup to auto-install the U3 software on any windows PC you plug the Flash Drive into. If you don't disable autorun, or hold down the shift key anytime you plug one of these drives into someone's Windows, this malware is automatically installed. It will even prompt the user to reboot windows XP after the install is complete. But it will not prompt the user prior to installing the malware.

  • U3 Launchpad uses the autorun.inf file on the thumbdrive root. The U3 program is stored on a special read-only partition of the thumbdrive and cannot be manually removed by simply formatting or deleting.

Hold down the SHIFT KEY when inserting a thumbdrive to prevent autorun.inf from launching and installing U3.

  • Installs software without permission: When you plug in the drive, it uses a hack to take advantage of the CD-ROM autorun vulnerability to install U3 software without your permission.
  • When SanDisk first released their Cruzer drives with U3 technology, they did NOT include an uninstall utility.
  • Under pressure from support callers, SanDisk provided an uninstall utility on their web site
  • SanDisk started to include the uninstall utility on newer Cruzer drives, however, U3 will still auto-install.
  • The uninstall utility does not do a 100% removal and restoration, orphaned files remain and alterations to the windows registry.

The potential for replacing the U3 LaunchPad with something nasty is rather obvious. One could envision a "U3 virus" passing just like an old-style floppy virus. Disabling U3 autorun is by disabling CD autorun via the registry - http://support.microsoft.com/?id=155217* A quick Google search got me a number of items by people who've changed the content of the CDFS.

*. You cannot count of Micro$oft maintaining a link location.

U3 software can conflict with other popular software — especially all varieties of CD/DVD burning software.

Uninstall U3

note: does not do a total 100% uninstall of U3, but does remove the primary components and set an inactive registry flag.

  1. Download the U3 software: U3 Launchpad Removal Tool
  2. Remove any files that you have loaded and want to retain.
  3. Plug in your SanDisk drive.
  4. Run the U3 tool that you downloaded in step 1.
  5. If the above does not work you might try this: http://www.u3.com/uninstall/default.aspx

U3 will add the following to your PC:

  1. A hidden folder: C:\Documents and Settings\<username>\Application Data\U3\temp

There is an open source solution called Portable Apps that does what U3 will do, unlike U3, it is not a virus.

More on U3:

Boycott Sandisk

One should not exchange money for products and services from unethical businesses that violate consumer privacy rights, and spread unwanted malware/virus/infectious software.

Prevent Installation

Take your new Sandisk Cruzer flash drive back to the retailer where you purchased it and demand a refund. Yet, if you still wish to use this product from a sleezy company, here is how to format it without the U3 virus infecting your system.

  1. Hold down the SHIFT key and insert the flash drive. Keep holding down SHIFT
  2. Once the flash drive is recognized you may release the SHIFT key
  3. goto My Computer and format the flash drive with FAT32

Holding down the shift key will prevent autorun from launching the U3 malware. Formatting the new flash drive will get rid of the U3 malware so that you may use it as a normal flash drive in the future. Defeat the auto-install by keeping the shift key held down when you plug in the drive.

What about other USB Thumb Drive Bundled Software?

It is best to purchase only USB Thumb Drives that do not include any bundled software. When you get your new thumb drive, the first thing you should do is format it prior to using it.

Lexar JumpDrive Secure II Plus

Function: Allow user to assword-protect multiple areas on the drive (known as Encrypted Vaults) and utilise 256-bit AES encryption. Installing Lexar JD software disables video DVD support on a Macintosh system. Lexar encryption software can't be used on a Windows domain machine, can't be used on an Intel Mac, and breaks the DVD on a PPC Mac. Users report that Secure II has bugs that can make your encrypted data inaccessible.

The Secure II Plus software will not auto install like U3 (unverified) as most of this type of encryption software bundled with some flash drives tends not to auto-install. The only known bundled flash drive software that auto-installs like a virus is the U3 software included with new SanDisk brand flash drives.

Related

For Linux Users:

 

keywords: usb flash virus drive thumb stick memory security