Friday, March 21, 2008

Prevent Autorun pendrive/ flashdrive viruses

The usage of a pen drive or a flash drive become a very common thing. Also with the cost of memory chips going down (now you can get a 4GB memory stick for Rs.800) have boosted its usage and also an USB flash drive is compact and very easy to carry around. With the increase in the usage of pen drives, viruses spreading through these memory sticks has increased exponentially.
As such you can't completely prevent the viruses but to minimize these viruses and worms spreading to the PCs we can take some preventive measures.
Turn off the Auto Run:-
Pen drives uses the Autorun feature to load certain files when it is plugged into a USB port. Now, the worms and viruses uses this autorun feature to spread itself from the thumb drives to the computers. You can avoid majority of these worms spreading by turning off the autorun feature. To do is very simple just follow these steps,

If you are using Win XP Professional edition:-
Click Start button
Select Run.
Now type gpedit.msc in Run command .
You will notice the Group Policy Window opening.
Double click Administrative Templates.
Select System in the right pane of the window.
Now,select(double click)Turn Off AutoPlay .
Turn Off Autoplay properties window opens. All Drives from the combo box in that and select Enabled radio button and press OK.

If you are using Win XP Home edition,try these:-
Select Run and type regedit to open the registry editor.
Then navigate as follows

--> Software
--> Microsoft
--> Windows
--> CurrentVersion
--> Policies
--> Explorer.

Now,select NODRIVETYPEAUTORUN and select Modify.
Set the Hexadecimal value to 95 to turn off autoplay in removable drives and use b5 to turn off autorun feature in CD-ROMs and pen drives.
Thus turning off autorun feature just stops many malwares from spreading into a PC from a thumb drive.
Known malwares:
Now you can now delete many worms manually some known viruses are Autorun.inf,iexplore.vbs,ifo.exe,raven.exe,rvhost.exe and NewFolder.exe(a worm looks like folder,but is actually an exe file,a worm).Better to use a nice antivirus and scan for viruses in the plugged in drive before opening it as these files will be hidden or access protected.But however you can view those files in command prompt by first entering into your removable drive(eg: J:)then type the following- attrib -h -r -s -a *.*.After typing that you can view those files.But it is better to use a nice Anti-virus software.
You can also many softwares available(like TrueCrypt) to encrypt your pen drive .In such a case a window Pops Up every time when you plug in the drive.This would also help preventing the viruses from loading automatically into the pen drive. Using such softwares will also prevent unauthorized usage of data your drive, especially when your having sensitive information in your drive.

Use latest anti-virus software (NOD32 is best dealing with auto run virus)

1 comment:

ac54bb1a-42dc-11e0-ada3-000bcdca4d7a said...

This is a really useful post. I’ve found them very useful. Now I can use it like a college boardhelp ;). Thanks