Approve the Cookies
This website uses cookies to improve your user experience. By using this site, you agree to our use of cookies and our Privacy Policy.
OK
Index  •   • New posts  •   • RTAT  •   • 'Best of'  •   • Gallery  •   • Gear  •   • Reviews
Guest
New posts  •   • RTAT  •   • 'Best of'  •   • Gallery  •   • Gear  •   • Reviews
Register to forums    Log in

 
FORUMS Community Talk, Chatter & Official Stuff The Lounge 
Thread started 18 Jan 2008 (Friday) 21:35
Search threadPrev/next
sponsored links
(this ad will go away when you log in as a registered member)

WARNING! Virus infection through a card reader

 
rpolitsr
Moderator
Avatar
5,977 posts
Gallery: 5 photos
Likes: 25
Joined Jun 2005
Location: Quito - Ecuador
     
Jan 18, 2008 21:35 |  #1

Some time ago, my computer was infected by a virus (kavo.exe).
I guess it entered through the USB port from a Flash memory that I use to carry my picture files to the photo laboratory, but I am not sure.

A few days ago, I downloaded pictures from a CF card using my card reader and, in the afternoon we downloaded the same pictures to my son’s computer using his card reader.

HIS COMPUTER WAS INFECTED from the Compact Flash card though his card reader. MCAfee antivirus was running, but it was not of any help.

We spent many hours healing our computers with drweb-cureit and some clever instructions and they are fine now, but

I wanted to alert you that some viruses can reproduce themselves though the camera memory cards.

We think that formatting the card in the camera will return it to normal, but we are searching the web to confirm that before swapping cards again.

Any comments on this or about similar experiences are welcome.

P.S.: We use computers running WindowsXP professional.


rafael
Canon EOS Rebel XT, EF-S 18-55mm f3.5-5.6 II, EF 50mm f1.8 II, EF-S 55-250mm f/4-5.6 IS STM, speedlite 430EX, basic filters set.
My photo galleries (external link)
Marketplace: PAYPAL GIFT NO LONGER ALLOWED IN POTN

  
  LOG IN TO REPLY
sponsored links
(this ad will go away when you log in as a registered member)
gkas
Senior Member
511 posts
Joined Nov 2002
Location: Southern California
     
Jan 18, 2008 23:10 |  #2

What's so strange about that? Your card reader looks like any other disk drive.


Gerry Kaslowski
gkas@socal.rr.com (external link)
Gerry's Pics http://MikeKazPhotogra​phy.com/Gerry/ (external link)

  
  LOG IN TO REPLY
CJinAustin
Goldmember
Avatar
2,361 posts
Likes: 1
Joined Jan 2008
     
Jan 18, 2008 23:51 |  #3
bannedPermanent ban

rpolitsr wrote in post #4733382 (external link)
Some time ago, my computer was infected by a virus (kavo.exe).
I guess it entered through the USB port from a Flash memory that I use to carry my picture files to the photo laboratory, but I am not sure.

A few days ago, I downloaded pictures from a CF card using my card reader and, in the afternoon we downloaded the same pictures to my son’s computer using his card reader.

HIS COMPUTER WAS INFECTED from the Compact Flash card though his card reader. MCAfee antivirus was running, but it was not of any help.

We spent many hours healing our computers with drweb-cureit and some clever instructions and they are fine now, but

I wanted to alert you that some viruses can reproduce themselves though the camera memory cards.

We think that formatting the card in the camera will return it to normal, but we are searching the web to confirm that before swapping cards again.

Any comments on this or about similar experiences are welcome.

P.S.: We use computers running WindowsXP professional.

good to keep in mind... thanks


- GEAR -
Canon 1Ds Mark V | Canon 5D Mark IV | Canon 7D Mark II
50 1.0L IS| 85 1.0L IS | EF 10-1000L f/1.0 IS DO USM | 17-4000L IS | 24-7000L IS | 70-2000L 2.8 IS | Canon G12 | 580EXIII | 430EXIII

  
  LOG IN TO REPLY
marie
Cream of the Crop
Avatar
21,057 posts
Joined Jul 2002
     
Jan 19, 2008 03:16 |  #4

rpolitsr wrote in post #4733382 (external link)
Some time ago, my computer was infected by a virus (kavo.exe).
I guess it entered through the USB port from a Flash memory that I use to carry my picture files to the photo laboratory, but I am not sure.

A few days ago, I downloaded pictures from a CF card using my card reader and, in the afternoon we downloaded the same pictures to my son’s computer using his card reader.

HIS COMPUTER WAS INFECTED from the Compact Flash card though his card reader. MCAfee antivirus was running, but it was not of any help.

We spent many hours healing our computers with drweb-cureit and some clever instructions and they are fine now, but

I wanted to alert you that some viruses can reproduce themselves though the camera memory cards.


very sorry to hear what happened to both yours and to your son's computers Rafael

you mention the laboratory and maybe that CF card was used to carry your picture files there.
if so, it seems thats where the card picked up the virus, what with so many others using their laboratory
highly likely , CD's (loaded with shots) could also catch a virus in their machines
:eek:

food for thought
thanks a lot for that information Rafael


regards, Marie
Canon G12, dslr 40D, GIX
Canon lens24-105
Lmm10-22mm,17-40,17-85, 70-300,60mm

  
  LOG IN TO REPLY
gkuenning
Goldmember
Avatar
1,471 posts
Gallery: 1 photo
Likes: 5
Joined Jan 2005
Location: Claremont (near LA), California
     
Jan 19, 2008 05:50 |  #5

rpolitsr wrote in post #4733382 (external link)
We think that formatting the card in the camera will return it to normal, but we are searching the web to confirm that before swapping cards again.

Yes, formatting the card will return it to normal. There are only three ways a removable disk (which, as gkas pointed out, is how a storage card appears to a computer) can carry a virus. The first is as part of its "boot sector"; since you presumably didn't boot from the card, that can't be cause. Depending on how you format, you might not cure a boot-sector virus by formatting. But as I said, it's not likely to be the problem.

The second vector is via an infected JPEG file. Sadly, images can actually carry viruses. The defense is to make sure you are current with your security updates, and to avoid opening unknown images (including opening thumbnails in a browser). Since formatting deletes all JPEGs, it will cure your virus.

The final vector, which is again unlikely, would be an "autorun" file on the card. Again, formatting the card would remove that file and thus get rid of the virus. But autorun is disabled by default for flash cards, so it's probably not the problem.

Bottom line: formatting should cure the problem, and you should make sure you are current on your security updates.


Geoff
All I want is a 10-2000 f/0.5L with no distortion that weighs 100 grams, fits in my pocket, and costs $300. Is that too much to ask?

  
  LOG IN TO REPLY
rpolitsr
THREAD ­ STARTER
Moderator
Avatar
5,977 posts
Gallery: 5 photos
Likes: 25
Joined Jun 2005
Location: Quito - Ecuador
     
Jan 19, 2008 11:21 |  #6

gkuenning wrote in post #4735092 (external link)
Yes, formatting the card will return it to normal ...
Bottom line: formatting should cure the problem, and you should make sure you are current on your security updates.

Thank you Geoff
You encouraged me to format the card in the camera and insert it again in the card reader.

I must confess that there was a little help in your profile:
Occupation: Professor of Computer Science :)

My computer automatically updates itself from Microsoft so I hope I am up to date with security updates.

In a side ‘technical’ note that may be meaningful to you, this specific virus create on every hard drive and removable media, including the CF card two hidden files: autorun.inf and t.exe. They were discovered (too late) by my son’s antivirus.

gkuenning wrote in post #4735092 (external link)
But autorun is disabled by default for flash cards, so it's probably not the problem.

We will re-check those settings, because our thought was that the autorun and t.exe files were the infecting ones.

The fact that .jpg image files can carry viruses is also new for me. Bad news indeed.

Thank you marie for your words. Thinks returned to ‘normal’ now.

I do not want to blame the photo lab. I am not sure the virus came from them.

We are sure that the virus went from my computer to my son’s machine hided in the CF card, though.

I think that recorded and closed CDs can not be infected.


rafael
Canon EOS Rebel XT, EF-S 18-55mm f3.5-5.6 II, EF 50mm f1.8 II, EF-S 55-250mm f/4-5.6 IS STM, speedlite 430EX, basic filters set.
My photo galleries (external link)
Marketplace: PAYPAL GIFT NO LONGER ALLOWED IN POTN

  
  LOG IN TO REPLY
Doug ­ F
Member
146 posts
Joined Sep 2007
     
Jan 19, 2008 12:41 as a reply to  @ rpolitsr's post |  #7

If the virus truly did come from the card, your computer's antivirus should have caught the problem when you connected the reader+card to your computer. Something is wrong with the settings of your AV solution or you just need to buy a better one. This is not a item to skimp on cost. Get a good one such as Kaspersky, NOD32, etc.




  
  LOG IN TO REPLY
rpolitsr
THREAD ­ STARTER
Moderator
Avatar
5,977 posts
Gallery: 5 photos
Likes: 25
Joined Jun 2005
Location: Quito - Ecuador
     
Jan 19, 2008 14:38 |  #8

Doug F wrote in post #4736699 (external link)
If the virus truly did come from the card, your computer's antivirus should have caught the problem ...

Yes. McAfee was on duty, and the one year paid subscription started a few months ago… :(

We will check those antivirus names, thank you.


rafael
Canon EOS Rebel XT, EF-S 18-55mm f3.5-5.6 II, EF 50mm f1.8 II, EF-S 55-250mm f/4-5.6 IS STM, speedlite 430EX, basic filters set.
My photo galleries (external link)
Marketplace: PAYPAL GIFT NO LONGER ALLOWED IN POTN

  
  LOG IN TO REPLY
TTk
Goldmember
Avatar
2,518 posts
Likes: 1
Joined Oct 2007
Location: Langtoft. England.
     
Jan 19, 2008 15:13 as a reply to  @ rpolitsr's post |  #9

Well in 18 years working with alsorts of computers i have never known a virus to be passed by a card, if it's true you learn something new every day..


Terry.:cool:
http://www.terrykirton.co/ (external link)
http://www.ttkphotogra​phy.com/ (external link)
http://www.langtoftpho​tography.com/ (external link)

 (external link)

  
  LOG IN TO REPLY
rpolitsr
THREAD ­ STARTER
Moderator
Avatar
5,977 posts
Gallery: 5 photos
Likes: 25
Joined Jun 2005
Location: Quito - Ecuador
     
Jan 19, 2008 15:46 |  #10

I was surprised, and I never read about that before, that's why I started this thread, just as a warning that it is (or it may be) possible.

I feel comfortable working with computers, but I can not call myself an expert so I can be wrong, but the only contact between the two computers was that CF card.


rafael
Canon EOS Rebel XT, EF-S 18-55mm f3.5-5.6 II, EF 50mm f1.8 II, EF-S 55-250mm f/4-5.6 IS STM, speedlite 430EX, basic filters set.
My photo galleries (external link)
Marketplace: PAYPAL GIFT NO LONGER ALLOWED IN POTN

  
  LOG IN TO REPLY
S.Horton
worship my useful and insightful comments
Avatar
18,051 posts
Gallery: 7 photos
Likes: 117
Joined Dec 2006
Location: Royersford, PA
     
Jan 19, 2008 16:02 |  #11

Here's how it works.
http://www.symantec.co​m …07-082706-1742-99&tabid=2 (external link)

So, if you think your lab is putting a virus on your CF or SD card(s), then format them in the camera.

If you want to see if anything besides pictures are on your card, browse the photos on the CF/SD in the camera, and the unwanted files will be obvious.

Sorry that happened to you.


Sam - TF Says Ishmael
http://midnightblue.sm​ugmug.com (external link) 
Want your title changed?Dream On! (external link)

:cool:

  
  LOG IN TO REPLY
gkuenning
Goldmember
Avatar
1,471 posts
Gallery: 1 photo
Likes: 5
Joined Jan 2005
Location: Claremont (near LA), California
     
Jan 19, 2008 16:51 |  #12

rpolitsr wrote in post #4736325 (external link)
I must confess that there was a little help in your profile:
Occupation: Professor of Computer Science :)

Well, while it's true that security is one of my interests, it's also true that I don't use Windows myself. So when I talk about Windows-specific things, take it with a grain of salt.

rpolitsr wrote in post #4736325 (external link)
In a side ‘technical’ note that may be meaningful to you, this specific virus create on every hard drive and removable media, including the CF card two hidden files: autorun.inf and t.exe. They were discovered (too late) by my son’s antivirus.

In that case, it sounds like your computer has the "autorun" feature enabled for flash cards. Autorun is one of those "it seemed like a good idea at the time" disasters: when you stick a CD in the drive, it automatically runs the installer for your newly purchased software. Only it's just as happy to run the virus you just captured.

If you Google for "disable autorun" you'll find instructions for your version of Windows. Turning off autorun means that when you buy something new and stick in the CD, you'll have to double-click on the installer. But I think that's worth the security you'll get.

rpolitsr wrote in post #4736325 (external link)
The fact that .jpg image files can carry viruses is also new for me. Bad news indeed.

There was a time when we thought all data files were virus-proof. Then somebody found an approach. Fortunately, all data-file malware depends on you having a buggy program, such as a photo viewer with a bug. If you're keeping up to date with Microsoft, the risk is very low.

rpolitsr wrote in post #4736325 (external link)
I think that recorded and closed CDs can not be infected.

CDs can also be infected. Most music CDs aren't, but a couple of years ago Sony deliberately distributed several albums that contained a "rootkit" (which is a type of malware). The good news it that they caught hell for it. The bad news is that you can't even trust big companies.

hortonsl62 wrote in post #4737655 (external link)
If you want to see if anything besides pictures are on your card, browse the photos on the CF/SD in the camera, and the unwanted files will be obvious.

Really? I have to confess I've never tried putting garbage on a CF card. I'd expect the camera to just skip over them. I'll have to do some experimenting.


Geoff
All I want is a 10-2000 f/0.5L with no distortion that weighs 100 grams, fits in my pocket, and costs $300. Is that too much to ask?

  
  LOG IN TO REPLY
Tsmith
Formerly known as Bluedog_XT
Avatar
10,429 posts
Likes: 25
Joined Jul 2005
Location: South_the 601
     
Jan 19, 2008 17:17 |  #13

rpolitsr wrote in post #4737281 (external link)
Yes. McAfee was on duty, and the one year paid subscription started a few months ago… :(

We will check those antivirus names, thank you.

It and Norton are resource hoging junk




  
  LOG IN TO REPLY
txduggan
Goldmember
Avatar
1,005 posts
Likes: 2
Joined Feb 2006
Location: Fishkill, NY, Hudson Valley, NY
     
Jan 19, 2008 18:50 |  #14

Tsmith wrote in post #4738044 (external link)
It and Norton are resource hoging junk

Huzzah on that....hate both of them....

I use AVG Free Edition and have not had
a burp in a few years....knock on wood...

I also run AdAware and SpyBot once a week to clean up cookies and reg entries.

Tom D


Gear: Yes - Rides quads really slow - Likes shiny things...
Wings of Love Photography (external link)
Wings of Love FaceBook Page (external link)
Tom Duggan Photography (external link)

  
  LOG IN TO REPLY
rpolitsr
THREAD ­ STARTER
Moderator
Avatar
5,977 posts
Gallery: 5 photos
Likes: 25
Joined Jun 2005
Location: Quito - Ecuador
     
Jan 19, 2008 19:49 |  #15

Moderators moved my thread from the G-Series forum to here and things are running faster, I have no hope to answer directly to all the posts but I am reading them, and following the links.

Keep posting!

Update:

  • I was unable to detect the added files in the camera.
  • I formatted all my CompactFlash cards in the camera today and then inserted them in the card reader.
  • There are no visible signs of the virus in my computer now; I hope the problem is under control.

rafael
Canon EOS Rebel XT, EF-S 18-55mm f3.5-5.6 II, EF 50mm f1.8 II, EF-S 55-250mm f/4-5.6 IS STM, speedlite 430EX, basic filters set.
My photo galleries (external link)
Marketplace: PAYPAL GIFT NO LONGER ALLOWED IN POTN

  
  LOG IN TO REPLY
sponsored links
(this ad will go away when you log in as a registered member)

11,517 views & 0 likes for this thread
WARNING! Virus infection through a card reader
FORUMS Community Talk, Chatter & Official Stuff The Lounge 
AAA
x 1600
y 1600

Jump to forum...   •  Rules   •  Index   •  New posts   •  RTAT   •  'Best of'   •  Gallery   •  Gear   •  Reviews   •  Member list   •  Polls   •  Image rules   •  Search   •  Password reset

Not a member yet?
Register to forums
Registered members may log in to forums and access all the features: full search, image upload, follow forums, own gear list and ratings, likes, more forums, private messaging, thread follow, notifications, own gallery, all settings, view hosted photos, own reviews, see more and do more... and all is free. Don't be a stranger - register now and start posting!


COOKIES DISCLAIMER: This website uses cookies to improve your user experience. By using this site, you agree to our use of cookies and to our privacy policy.
Privacy policy and cookie usage info.


POWERED BY AMASS forum software 2.1forum software
version 2.1 /
code and design
by Pekka Saarinen ©
for photography-on-the.net

Latest registered member is KopiLuwak
879 guests, 293 members online
Simultaneous users record so far is 15144, that happened on Nov 22, 2018

Photography-on-the.net Digital Photography Forums is the website for photographers and all who love great photos, camera and post processing techniques, gear talk, discussion and sharing. Professionals, hobbyists, newbies and those who don't even own a camera -- all are welcome regardless of skill, favourite brand, gear, gender or age. Registering and usage is free.