One day I found a USB thumbdrive and I plugged into my computer. After that
I couldn’t do most of the stuff on my computer, I couldn’t open Help and
support center, run MSN, Yahoo messenger, other installed programs, system
restore, Internet Explorer. Do I have malware or something of that sort?
Yes, I’ll bet you do.
I wanted to address this question because it’s not all that obvious to most
people that plugging in an unknown USB device can be dangerous, to say the
And it’s one of the reasons I almost always turn off “autoplay”.
Become a Patron of Ask Leo! and go ad-free!
I vaguely remember an anecdote about a security test performed where USB
thumbdrives were left outside around a corporation, as if they’d been
mistakenly left behind somehow. Each was infected with some relatively benign
malware that would alert some remote site that the drive had been picked up and
Something like over 50% of the thumbdrives were plugged in and their malware
The lesson is clear: if you want to infiltrate a random corporation, put
malware on a number of thumbdrives and drop them around the company’s
On the other hand, if you’re that corporation, you want to make sure that at
a minimum your employees are alert to the danger.
So what’s happening here? What is that danger?
In a nutshell: autorun.
You’ve probably seen it: when you insert a CD-ROM, for example, quite often
a program will run automatically. You’ll typically see this in product setup
CD-ROMs. Encoded on the CD-ROM are a couple of special files that say, in
effect, “when the disk is inserted, run this program”.
The same is true for USB thumbdrives. They, too, can have auto-run
And to make matters worse, autorun can happen silently.
So it’s very simple: a malware author simply creates a USB thumbdrive with
malware, and sets it up to auto-run and install the malware silently when the
thumbdrive is plugged in. You’d never know until you scanned for viruses or
spyware or, as in your case, things stop working as they should.
Lesson: don’t plug in thumbdrives (or any “removable media”) that you’re not
certain of. Treat them just like downloads, if you can and at least scan them
So how do you scan them if you can’t safely plug them in? Turn off auto-play.
Once you’ve done that you can safely insert the device and examine its contents
or run anti-malware scans.
Or you can just decide it’s not worth the risk, and discard the drive.
They’re cheap these days, and a malware infestation can be pretty
Assuming you did decide to look, once you’re satisfied that it’s safe you
can do whatever autoplay would have done by opening the file “autorun.inf” at
the root of the drive in notepad and examining the “open=” line.
Most of the time that’ll be a setup program, also at the root of the
But as a rule of thumb (no pun intended), I disable auto-play on all my
drives. Not only do I find auto-play often annoying, but as you can see there can be
significant security risks if you’re not careful.