how to prevent USB drive viruses from infecting ur PC

[supacheap]

---

Im making this guide based on my own experiences. I have a sister that always gets her usb thumbdrive infected with these nasty stuff. so after much wrestling with the cure for this critters, i decided to focus on prevention.

1. lockdown startup registry keys (backup registry first before editing) and startup folder
-for the startup folder you can find them at these locations: (only applicable to xp pro)

C:\Documents and Settings\%USER%\Start Menu\Programs\Startup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup

%USER%=current logged-in user

to lock this down. disable simple file sharing. go to tools > folder options > view tab> uncheck "use simple file sharing". click ok.

now you would be able to change security permissions. right click on the startup folder > select security tab >click on advanced > uncheck "inherit permissions ..." click copy on the security box that will pop-up> click ok>uncheck full control and modify to all users listed on the security tab. click ok. try to copy any text file to the folder. if it works, the system will tell you that you dont have permission to do that.

-if you are running windows XP (home or pro), you can set permission on "run" keys to make them read only. navigate to these 2 startup keys:

HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run

right click on the "run" key and select permissions. go to advanced. uncheck "inherit from parent..". select copy from the security dialog box that will pop out. click ok. you can now change the permissions for both the admin and system accounts. uncheck "full control" from both users and click ok. this setting will prevent viruses and worms from writing auto-startup keys to the registry

caution: do NOT do the procedure above to the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Viruses also writes to this area specifically the "shell" and "userinit" values. making this key read only can BSOD your PC. i've known only 1 or 2 worms that writes to this key so we can leave this be. besides the next 2 steps will prevent these viruses from being executed at all.

if you want to install an application that needs to run at startup, you can always check "full control" before installing it.

2. stop external drives auto-play

- again this is a registry key that needs to be edited ..so safety first.. backup. locate the following keys:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer

look for the DWORD value "NoDriveTypeAutoRun". change the value from 91 to FF (hex). This will prevent any external drive from being played/run automatically. If this key is not present, create it but remember that key values are case sensitive. since this key is on a per user basis, you have to edit the other users too by logging in to their profile and doing this procedure.

3. deleting the autorun.inf
- autorun.inf is the file on the external drive that tells the computer what to run when the drive is inserted and/or when it is double-clicked. this file is always hidden so it cant be seen when you have not set your explorer to show hidden files. what i did was to make a batch file that i run everytime i insert a usb drive to delete this file before i open the drive. you can copy paste this code (everything between the dotted lines) to notepad and save it as delautorun.bat.

--------------

@echo off
@echo die virus die! by wreckc
del c:\autorun.inf /f /ah
del d:\autorun.inf /f /ah
del e:\autorun.inf /f /ah
del f:\autorun.inf /f /ah
del g:\autorun.inf /f /ah
del h:\autorun.inf /f /ah
del i:\autorun.inf /f /ah
del j:\autorun.inf /f /ah
del k:\autorun.inf /f /ah
del l:\autorun.inf /f /ah
del m:\autorun.inf /f /ah
del n:\autorun.inf /f /ah
del o:\autorun.inf /f /ah
del p:\autorun.inf /f /ah
del q:\autorun.inf /f /ah
del r:\autorun.inf /f /ah
del s:\autorun.inf /f /ah
del t:\autorun.inf /f /ah
del u:\autorun.inf /f /ah
del v:\autorun.inf /f /ah
del w:\autorun.inf /f /ah
del x:\autorun.inf /f /ah
del y:\autorun.inf /f /ah
del z:\autorun.inf /f /ah
pause

-----------------

the switches for DEL command
/f = force delete of read-only files
/ah = delete file with hidden attribute

you can now doubleclick this batch file after inserting a usb drive. make sure the drive shows up in "My Compuer" before running this batch file. there i hope this guide will serve my fellow istoryans. prevention is still better than the cure

[supacheap]

welcome ang comments sa uban pag-add sad mo inyo mga prevention techniques. rampant na kaau ang mga usb drive viruses and worms i hope ma-sticky ni

[kornyedison_143]

nice info... ill try this out... kay akong manghud sige lang ka biktima... flashdrives na purchased in CDR King naa sa virus...

[IT]

it works ...thanks kaayo bro sa info.

[supacheap]

np hehe grabe na mga virus karun makasapot na.

[IT]

np hehe grabe na mga virus karun makasapot na.

virus? or dili virus?... anythings possible.

[supacheap]

inig makakuha ta ug dako karma points ani, buhat na sad ko ug guide para prevent sa email viruses

[IT]

inig makakuha ta ug dako karma points ani, buhat na sad ko ug guide para prevent sa email viruses

sa imong karma minus lagi na... sa ako +2/-7.

[supacheap]

ambot diin na gikan wala man entry inig view nako.

[[DSX]]

welcome ang comments sa uban pag-add sad mo inyo mga prevention techniques. rampant na kaau ang mga usb drive viruses and worms i hope ma-sticky ni

#1: prevention: don't use your thumb drive on infected computers or computers that you do not trust!
#2: if you must use a thumb drive on other computers, make sure you have an antivirus on that drive that would automatically scan the host computer for malware (take advantage of U3 smart software for supported drives -- if not use PortableApps)


for those who don't know what U3 and PortableApps do-- it is a software that would allow you to have applications that would run directly from the thumb drive without having to install anything on the host computer. meaning, you can have your customized browser, email client, anti-virus, office applications like open office run from within the thumbdrive. just insert it on any computer and run the apps without having to install anything on the computer. with this a supported anti-virus can check the host pc first before allowing access to the thumb drive.