Jump to content

ESET cannot detect this strange virus on USB flash drive


Recommended Posts

ESET Smart Security 9 can't detect this strange virus on USB flash drive  :huh:

This virus creates some strange files with big file size, even bigger than the drive size.

I full-formatted it many times but it appeared again some days later and ESET can't detect it.



Link to comment
Share on other sites

  • 3 weeks later...

Think I found the issue:

Last post: hxxp://answers.microsoft.com/en-us/windows/forum/windows_7-files/only-a-folder-on-a-flashdrive-had-a-very-strange/cde4ac03-3712-42d4-817a-ef55c394403c



Firstly, this is NOT a virus, it is due to corruption of the flash.


The detailed explanation is thus: Flash memory has terrible yield rates, but in order to remain in business manufacturers must use all the flash dies they create. They do so by placing a small computer inside the SD/USB flash drive to do "bad block" management and error correction.

Unfortunately, blocks can (and do) "go bad" while the device is sitting idle or even powered off. In the normal use-case for flash memory, a user may not notice these bad blocks (they tend to occur in the huge areas of memory that sit unused). 

You were unlucky in that a block holding part of the filesystem (the FAT table) went bad. The problem is the entire block will now contain "random" flipped bits, trashing the tree structure. Conventional disk recovery tools may not be able to fix this - as the failure mode is quite unusual in a conventional mechanical hard disk. Your best option is a tool that reconstructs the files from their own metadata, rather than attempting to 'repair' the FAT. In other words, do not use CHKDSK or other windows 'disk recovery' options.


I saw exactly this kind of issue on an SD card located in some equipment that sat "in the field" for a few months. Parts of the static (unchanging) data stored on the drive had 'random' errors (one bit in a byte), and one directory was full of 'junk' files, just like in the screenshot. In my case I had to copy all readable data from the drive and do an erase-format to return the card to a sensible state. In this particular case, the only corrupted files were those which were not written to for a long space of time. logs from the device, (written frequently) did not contain any corruption.


I have a particular interest in not having data on my equipment become corrupted, and contacted the manufacturer (We made sure our sourcing used genuine brand-name parts, rated for the required environmental conditions). So far, they have not provided an answer on how to reduce the likelihood of data corruption (other than admitting that it can occur). The advice I can provide is to make sure the 'disk' is ejected / not mounted before removing power from (or unplugging) a memory card or USB drive.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...