Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Can a Thumb Drive Carry Malware?

Question: Hi. I work at a public school and was told today that my computer has a virus. I don’t know how this came to be. Could my flash drive have created this virus? I’m constantly inserting and ejecting my flash drive from one computer into another. Can a flash drive transfer viruses? It makes me feel as if I’ve done something really bad.

First, getting malware doesn’t necessarily mean you’ve done anything bad. Unfortunately, it happens. People let their guard down.

USB thumb drives and flash drives absolutely can transfer viruses. From the situation you’re describing, yes, you may have passed one on to a computer you used.

Become a Patron of Ask Leo! and go ad-free!

Malware and flash drives

Malware can be written to use USB drives to transfer themselves to other computers. It’s a common mechanism some forms of malware use to infect other machines.

It’s important to understand that when you transfer a flash drive from one machine to another, it can carry malware with it.

USB BombTo avoid this in the future, I suggest you do two things.

  1. Make sure any machine into which you plug your flash drive into has up-to-date security software and is running periodic scans.
  2. Turn off Autoplay or Autorun. This is the function that causes programs to run automatically when you insert a drive. While it’s convenient for some things, it can be a simple way malware is allowed to propagate.

Turning off “auto” features may make things a little inconvenient. You’ll have to manually start playing your CDs or DVDs, or running whatever program you intended to get from the USB stick.

But you won’t have to worry about flash drives automatically infecting you.

But you still have to worry.

Always be on the lookout for malware

Flash drives can still carry malware.

In many ways, they’re similar to email attachments: they’re a way for files, both legitimate and malicious, to make their way to your computer.

You need to take the same level of precautions as you do for other file transfer methods: don’t attach thumb drives from unknown origins, don’t open files from thumb drives you don’t know are legitimate, don’t even copy files from a thumb drive unless you know the files are safe.

If your security software allows you to do so, run a scan on the thumb drive before you do anything else with its contents.

It’s all an important part of keeping your flash drives, and your computer, safe.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

Podcast audio


7 comments on “Can a Thumb Drive Carry Malware?”

  1. Back in the days before the IBM PC and networks became popular, the hot bed of virus spreading were the Apple IIs and Macs because many schools had them in labs for anyone to plug their floppy disks in and use. The viruses would use the floppy disk the same way current ones can use a memory stick so that they would infect the next computer that it was plugged into.

    If you work at a school (assume that students and many teachers are not careful at all about viruses) check with your IT people to find out if they are doing anything to block viruses. You live in a dangerous environment for them.

  2. Sure, turning off autoplay, autorun, or any auto features may make things a little bit more inconvenient. You actually have to manually start playing your CDs or manually start playing your DVDs.

    Note that newer versions of Windows (at least 7 and 8 — I don’t recall about Vista) allow you to select the types of disks which will have autorun enabled. In other words, you can tell Windows to auto-play a music CD, or a movie DVD, but to “do nothing” or “ask what to do” for anything else.

  3. If you’re able to, sometimes you can set the drive to read-only. If the drive’s already infected it won’t stop it from spreading to machines, but it can prevent drive from getting infected in the first place, especially plugging into unknown machines. (Of course, only if there’s no need to actually write to the drive.)

  4. When I used to use AVG, I noticed that buried in the preferences there was an option to scan removable media. By default, it is turned off.

    I turned it on and believe me, it’s the best security decision I ever made. It saved my bacon several times after I plugged in a USB flash drive and it scanned it automatically.

  5. I got plenty of diskettes with viruses in the old DOS days. More even than now with the Internet. I used to run McAfee Av every time I’d insert a diskette. Almost all the diskettes I got from others were infected (unless McAfee just did that on every diskette to show how much you needed them :-) Don’t take that seriously, it’s something people used to say at the time.)

    Leo said:

    “Turning off “auto” features may make things a little inconvenient. You’ll have to manually start playing your CDs or DVDs, or running whatever program you intended to get from the USB stick.”

    I always turn Autoplay off because I don’t always want the default and I wanted more control over what happens, like for example, I don’t want it to start playing music. I want to play the songs I want to hear in the order I want to hear themand not always start at the beginning and having to stop the song and start somewhere else.

    Having all media open in Windows/File Explorer can be helpful. Then you can see everything on the drive and work on the files, or play the songs, videos, view photos etc. from there.

  6. Hi, Can anyone share with me how and where to turn auto-run off? I recently obtained a Windows 8.1 netbook and it came with AR turned on so anything you load or attach just takes off with reckless abandon. Ironically, it came from a school.

    • Mikel, for Win 8.1, go to Settings, open Control Panel, and click on AutoPlay near the top of the list of options. From there you can change the automatic options individually on every type of media or device you might insert or connect.


Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.