Datastick: lost and found and ?

But I did drop in the next day to see if I could find it - left some details with the staff and thought; 'That's the end of that'. Not a huge loss - a gigabyte data-stick is cheap as and there wasn't any really juicy stuff on it for identity thieves and the like.

But, during the week - I got a call. 'We have your datastick'. Great! I retrieved it and thought; "OK, there are nice people in the world......

... or are there?"

There was plenty of opportunity to load it up with all sorts of nasties. If I am just dumb enough to plug it back into the PC and use it, Christ knows what sort of malware I could get.

What to do?


Should I just junk it? Crush it and toss it in the bin - there isn't anything I haven't already back-up at some point.
Should I cautiously plug it in and try to scan for nasties? Will just plugging it in ADD THEM?
Should I take it to a third party (Internet Cafe or work), plug it in and just format it? Will this make sure that nothing will compromise my home PC?


Your thoughts folks.

Yeah, try it on someone else's computer and see what happens.

Not mine.

Just plugging in a usb device won't cause it to run programs to my knowledge.

If you are overly concerned, just create a new restricted user on your computer and use that user to plug the device in. That way it can't affect your normal account.

That a certainty? Whenever I plug it in, it always opens a window asking what sort of action I want to perform with the data. That's a bit more 'active' than 'passive' to me.

Like you, I am guessing that if I just shred all the data - overwrite - then shred again, I'm safe. Still.....

Asking you what action to take is not the same thing as taking an action without your knowledge. The computer recognizes that new hardware was installed and wants to know what to do with it. It doesn't read anything from the new hardware until you tell it to.

I suggested a new user with restricted access because even if it corrupts that user, it can't corrupt the system. You can just delete the user and eliminate anything on the usb that got moved to your computer.

Create user with restricted access. Make sure that user has access to your updated virus software. Sign on with that user. Put in USB. Scan the USB for viruses. Done.

Actually it can, if you have Autorun enabled.

How to disable Autorun

(I didn't vet the commands in the link; use with caution.)

This is supposed to be true, but there are exploits that can cause privilege elevation.

Also, I'm not sure most users know how to create a user with restricted access.

That's me. OK - Plan B. Off to Roger's place. Might take most of the stuff in the refrigerator too - mine's a little bare right now....

I'm sure Roger will be h-a-p-p-y to see you.

I know you love cats!

There seems to be a reason, why the U.S. military bans USB-sticks ...

Yeah, tell Poss that was a heck of a blow-out last weekend!

..been there, little furry dude.

With all due respect... you are being awfully paranoid. There is practically zero chance that anyone put anything harmful on your datastick.

There are 6 billion of us humans-- and most of us are pretty nice people. A very very small percentage of us are malicious hackers.

The odds that the kind person who found, and returned your datastick was (by sheer coincidence) malicious hacker with the desire and wherewithal to take the time to put something on your datastick is very very improbable. People who put viruses on computers are targeting tens of thousands of computers. Targeting one computer is hardly worth their while.

Just accept the kindness that you have received. There is no real danger.