How do I Check a Flash Drive for a Virus or Trojan Horse?
By James Rutter
USB flash drives contain flash memory storage, and connect to a computer or other device via a USB port. Like a computer's hard drive or a piece of software, these drives can become infected with Trojan horses--malware designed to grant a third-party access to your computer and information--or viruses designed to use flash drives as a tool to infect computers. You can detect viruses, Trojans and other forms of malware hiding in your USB flash drive by using the command prompt.
Press the "Shift" key as you insert the USB drive into your computer. Holding down "Shift" will keep the computer from auto-playing the device. Click "Cancel" to exit the auto-run if you do not hold "Shift" down long enough and the auto-play function starts.
Open the Windows Command Prompt by clicking "Start" and then highlighting and clicking "Run." Type "cmd" (without the quotes) in the text box, and press "Enter." If you use Windows Vista, click the Windows icon, then type "cmd" in the "Search" box and hit "Enter."
Switch the Command Prompt to your USB flash drive by typing the letter of the drive followed by a colon--for example, "F:" without the quotes--and pressing "Enter." You can locate the letter that Windows assigns to your flash drive by clicking "Start," then highlighting and clicking "My Computer."
List the directory of files on your flash drive by typing "dir/w/o/a/p" (no quotes) into the Command Prompt and pressing "Enter." This line will tell your USB drive to compile and display a list of all files.
Locate common viruses, Trojan horses, or malicious files in the list. Two of the most commonly reported pieces of USB malware will appear as "Autorun.inf" or "smss.exe" (both without the quotes). Unless you are using your USB to transfer a program from one computer to another, you should be suspicious of any executable file--file types ending ".exe"--that appears in your flash drive's directory. Also, as a general rule of thumb, if you see any files on your USB drive other than ones you have personally stored on it, your flash drive is infected.
Set your USB drive to show all files so that you can delete them. Copy and paste "attrib -r -a -s -h ." (without the quotes) into the command prompt and press "Enter." These letters stand for "Read Only, Archive, System and Hidden File," and entering this line will tell your USB file to recognize them.
Delete any viruses, Trojan horses, malware and suspicious files. Type "del" (no quotes) followed by a space and then the name of the file; for instance, "del smss.exe". Press "Enter" to delete that file from your USB flash drive.
- Viruses and Trojan horses can spread quickly via USB drives, because the auto-run feature in Windows begins reading and opening a USB drive as soon as it's plugged in. You can disable the auto-run or auto-play feature of Windows by holding the "Shift" key when you plug in the USB drive. You can permanently disable auto-run or auto-play by following the steps outlined on Microsoft's website.
Since 2005, James Rutter has worked as a freelance journalist for print and Internet publications, including the “News of Delaware County,” “Main Line Times” and Broad Street Review. As a former chemist, college professor and competitive weightlifter, he writes about science, education and exercise. Rutter earned a B.A. in philosophy and biology from Albright College and studied philosophy and cognitive science at Temple University.