Malicious code is found inside some initialization tools found on several IBM USB sticks, here's how to get rid of the malware
The warning is the kind that worries: "We've sent malware to our users." The message is from IBM. The US company informed that some USB drives that provided a tool for initialization of IBM Storwize V3500, V3700 and V5000 systems actually contained malicious code.
The USB Flash Drive initialization tool with partnumber 01AC585, may have infected these system models: IBM Storwize V3500 - 2071 models 02A and 10A; IBM Storwize V3700 - 2072 models 12C, 24C and 2DC; IBM Storwize V5000 - 2077 models 12C and 24C; IBM Storwize V5000 - 2078 models 12C and 24C. While Storwize systems that have a serial number starting with 78D2 are not affected by this vulnerability and malware. Therefore, the data stored on these IBM systems is currently safe and will not be attacked by the malicious code. Encryption systems not on the list are also safe.
When the initialization tool is started from the USB flash drive, the tool copies itself to a temporary folder on the hard drive of the desktop or laptop computer during normal operation. With this step, the malicious file is copied with the initialization tool to the following temporary folder: On Windows systems: % TMP% initTool, while on Linux and Mac systems: / tmp / initTool. IBM has recently taken steps to prevent other USB sticks with this problem from being shipped to users.
What to do
If you have used the initialization file present on one of the IBM products listed above, then we should check that our antivirus has not already removed the virus. If not, we can do it manually. To remove the malicious file manually, delete the temporary directory: on Windows systems: % TMP% / initTool and on Linux and Mac systems: / tmp / initTool. On Windows systems make sure that everything is deleted and not moved to the Recycle Bin. To do that just do Right-click>delete directory.
We can do two things with the USB stick, either destroy it or repair it. To repair it we need to delete the folder named InitTool. Then we need to download the initialization tool from FixCentral: https://www.ibm.com/support/fixcentral. Now unzip the package on the USB flash drive and finally scan the USB flash drive manually with antivirus software. The malicious file is recognized by the main antivirus software available.