0

I downloaded Rufus and Win32 Disk Imager from Sourceforge and used them on a flash drive to boot another operating system. I'd like to know if it's possible that one of these infected my OS or firmware and how to find out if the firmware or OS are infected besides Antivirus for the OS?

user240532
  • 1
  • 1
  • No I'd like to know if there is any way to find out now (after the fact) if the OS or firmware are infected or if the.exe files are infected with OS or firmware malware, whichever is easier – user240532 Aug 03 '20 at 05:07
  • 2
    @user240532 - In the worst case, you can't - For instance, it's possible that any malicious files you downloaded also included a "clean" copy, and after they infected the OS overwrote themselves with the clean copy. Anything you could attempt to use inside the OS is potentially compromised, which means you have to use something outside (And have to download pretty much the entire OS, meaning you may as well just nuke it and install from a trusted source). Infected firmware is likely impossible to detect (or remove) in most cases, although such viruses are currently rare. – Clockwork-Muse Aug 03 '20 at 05:34
  • @Clockwork-Muse if it isn't the worst case with the files that overwrite themselves, are the only ways to detect .exe files that are infected with Antivirus and Antimalware softwares? Would that detect firmware malware too or is there no way to detect that in an .exe file? – user240532 Aug 03 '20 at 06:18

1 Answers1

0

The way to find out if you have a virus is to use an antivirus. Basically, in the question you ruled-out the only real workable solution.

A second idea would be to make a reference system that you know is safe. You can compare the real system with the reference system. Use other tools than Rufus & disk imager. If the reference system is different, you still are not sure that the problems are caused by Rufus or Win32 Disk Imager.

If you want to know if one of the two specific programs has given you malware, you must compare them with known-good versions. You can do that after they have been used, but theoretically, they could have changed themselves when they ran.

Ljm Dullaart
  • 2,125
  • 6
  • 11