Virus infections using the file autorun.inf
USB devices are the main route of infection and transmission in the timeliness of malicious programs.
Due to the overwhelming popularity and growth of all kinds of memories, flash drive, memory cards, cell phones, cameras and video, all using popular this connection, are a target for all manufacturers of viruses, Trojans, spyware and all the malware.
An autorun.inf file is just a small text file that contains instructions that Windows runs automatically. Malware developers include within it the path to the executable virus, so that a useful function becomes a dangerous tool.
Windows runs the autorun.inf file, if found in any removable media, such as memory cards, or any other device and issue this command it brings writing.
So to introduce a USB device on a computer infected, the virus quickly copy the necessary files to your interior and use it as means of transport, later when you connect this device on another computer, quickly penetrate and infest and so on.
Therefore it is very rapid spread of the virus today, taking advantage of the carelessness, ignorance of users and lack of protective equipment. To avoid the above there are a number of measures that can help prevent any infection.
Measures to prevent infection through USB devices
Disable Autorun in Windows Media
If you are using Windows 7, it is necessary to disable auto play removable media by default because the system is configured to prevent these conflicts, but if you are using an older operating system, you must do it manually.
can be done in several ways. 1 - Add entry to the Windows registry, pointing to interpret the values wrongly autorun.inf files that you have to add a registry entry with the following value:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ IniFileMapping \ Autorun.inf]
@ = "@ SYS: DoesNotExist"
2 - Modify the registry settings for autoplay media
several settings that can be modified in the registry that enable automatic playback of certain media types or not depending on the value you set the table for all of them can read:
How to modify registry values manually autoplay
Registry values to regulate the auto play are the following key:
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer]
On the right side must be DWORD value NoDriveTypeAutoRun , if there believe it and assign the hexadecimal value can be calculated by looking at the list and adding the values you need:
0 × 1 Disables Autoplay on unknown devices.
0 × 4 Disables Autoplay on floppy.
0 × 8 Disables AutoPlay on fixed drives.
0 × 10 Disables AutoPlay on network devices.
0 × 20 Disables AutoPlay on CD-ROM.
0 × 40 Disables Autoplay on removable media.
0xFF Disables AutoPlay on all kinds of devices.
most commonly used values are:
28 (40 decimal) disable removable media (USB)
3c (60 decimal) CDROM disable removable media and
FF (255 decimal) disables Autoplay
In Windows XP the default is 0 × 95 (149)
In Vista 0 × 91 (145) the same but without the floppy
Removing the value NoDriveTypeAutoRun indicated in the key enables all executions are automatically.
Batch to disable autoplay on removable media and CD-ROM
This script disables the autorun for removable media and CD-ROM in all units or flash memory, CD and DVD.
autorun_mextcdrom.vbs
On Error Resume Next
Dim nret1, nret2
Wscript.Echo "There shall be disable autorun for removable media and CD-ROM on all drives"
September geekside = WScript.CreateObject ("WScript.Shell")
nret1 = geekside.Run ("cmd / C reg add HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ / v NoDriveTypeAutoRun / t REG_DWORD / d 60 / f", 0, TRUE)
nret2 = geekside.Run ("cmd / C reg add HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ policies \ Explorer \ / v NoDriveTypeAutoRun / t REG_DWORD / d 60 / f", 0, TRUE)
WScript.Echo "You must restart your PC to make the changes"
Batch to disable autorun completely on all units
This script completely disable autorun on all drives for all types of media, but gives you the option to enable it later. Always to make any changes you have to reboot.
With these options we are disabling the autorun execution of legitimate, such as CD or DVD, we always have the option to double click in the browser to launch the application to bring, but it's worth the small inconvenience this entails, whether with thus avoid the infection of our systems.
autorun_2opciones.vbs
On Error Resume Next
Dim nret1, nret2
September geekside = WScript.CreateObject ("WScript.Shell")
Value = InputBox ("To Enable Autorun type (1) and disable (0)")
If value = "1" Then
Wscript.Echo "There shall be ENABLE autorun on all drives"
nret1 = geekside.Run ("cmd / C reg add HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ / v NoDriveTypeAutoRun / t REG_DWORD / d 145 / f", 0, TRUE)
nret2 = geekside.Run ("cmd / C reg add HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ policies \ Explorer \ / v NoDriveTypeAutoRun / t REG_DWORD / d 145 / f", 0, TRUE)
End If
If value = "0" Then
Wscript.Echo "You shall disable the autorun on drives"
nret1 = geekside.Run ("cmd / C reg add HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ / v NoDriveTypeAutoRun / t REG_DWORD / d 255 / f", 0, TRUE)
nret2 = geekside.Run ("cmd / C reg add HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ policies \ Explorer \ / v NoDriveTypeAutoRun / t REG_DWORD / d 255 / f", 0, TRUE)
End If
WScript.Echo "You must restart your PC to make the changes"
Prevent infection of the USB devices
A method of creating the USB device is commonly used, a autorun.inf "legitimate", created by us that does not point to any executable, and created with the attributes of "Read Only", " Hidden "and" System. "
This way to enter the USB on a PC infected, the virus residing there while trying to create the autorun.inf in the memory and find it, assume that the memory is already infected, or if it is , it becomes impossible due to the attributes of the file read-only ours.
You can do it this way by the CMD console:
• Open a shell window by typing CMD Enter Start and press the Enter PAD or by the key combination Windows + R opens the Run command and type CMD.
• When you open the console black window type the following: Unit: and press Enter (replace drive with the drive letter is assigned your USB) • Write: copy con autorun.inf hit Enter • Type: Hi (or text you want) CTRL + Z then press Enter • I created the file autorun.inf if you want to check this in your memory, here we will change the attributes for that type in the command window: ATTRIB + R + A + S + H UNIT: \ autorun.inf Done
Prevent copying files from our PC to USB
A measure we can take to prevent copying files from our PC to any removable media and inversely, this ensures that in our absence there is no danger of infection, useful if our computer several people have access and we have enough confidence in them.
Batch to prevent the copying of files from our PC to USB devices
bloquear_copia.reg , registry key to run it and block any file copy
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ StorageDevicePolicies]
"WriteProtect" = dword: 00000001
permitir_copia.reg , registry key to the run and allow the copying of files del_SDP.cmd , batch that deletes the registry entries you created if there is a conflict
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ StorageDevicePolicies]
"WriteProtect" = dword: 00000000
del_SDP.cmd
@ Echo off
reg delete HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ StorageDevicePolicies
Temporarily disable USB devices on your system
by modifying the following Windows registry branch can disable USB devices on your system.
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ services \ USBSTOR]
"Start" = dword: 00000003
Setting the key "Start" in 3 (default), are enabled devices and changing the value in 4 of you disable.
Write 1 in order to use USB flash drives on this computer
Write 2 for not being able to use USB flash drives on this computer
@ Echo off
: Start
echo Program to allow or prevent the use of USB drives on a computer
To miss the changes to take effect the computer must be restarted
echo.
write miss
echo 1 to use USB flash drives on this computer
echo 2 for failing to use the USB on this computer
set / P miva =
miva% if% EQU 1 (goto veteabrir)
miva% if% EQU 2 (goto vetecerrar)
miss errors
course you must enter 1 or 2
miss ...
goto start
: Veteabrir
USB miss opening
REG ADD "HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Services \ usbstor" / v Start / t REG_DWORD / d 3 / f
goto end
: Vetecerrar
USB closing cast
REG ADD "HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Services \ usbstor" / v Start / t REG_DWORD / d 4 / f
: End
echo.
msg * Made
msg * You can find more useful scripts in http://www.gratisprogramas.org
Install a USB portable antivirus software
can install a portable antivirus software such as Mx One Antivirus, USB module in the version you have it permanently on your device and protect you from viruses, Trojans, Worms, Spyware, Hackers Tools and Software Risk.
His you can download the latest version free here:
Mx One Antivirus Clean infested flash memory without affecting documents containing
Further down the batch file, run it in the dialog that opens enter the drive letter of your USB device and press Enter. You can recover intact all documents containing your USB.
nohiddenflash.cmd
@ Echo off
Color 0F
Now cast will see all that it contains hidden the flash or the flash drive
pause
cls
set / p drive = Enter the drive letter that is assigned the memory and press ENTER
if% drive% == E goto E
if% drive% == F goto F
if% drive% == G goto G
if% drive% == H goto H
if% drive% == I goto I
if% drive% goto J == J
if% drive% goto K == K
if% drive% == L goto L
if% drive% goto M == M
if% == N goto drive% N
if% drive% == Exit goto Z
: E
cls
@ Echo off
ATTRIB-R-A-S-H E :/ *. * / S / D
exit
: F
cls
@ Echo off
ATTRIB-R-A-S-H F :/ *. * / S / D
exit
G
cls
@ Echo off
ATTRIB-R-A-S-H G :/ *. * / S / D
exit
: H
cls
@ Echo off
ATTRIB-R-A-S-H H :/ *. * / S / D
exit
: R
cls
@ Echo off
ATTRIB-R-A-S-H I :/ *. * / S / D
exit
: J
cls
@ Echo off
ATTRIB-R-A-S-H J :/ *. * / S / D
exit
: K
cls
@ Echo off
ATTRIB-R-A-S-H K :/ *. * / S / D
exit
: L
cls
@ Echo off
ATTRIB-R-A-S-H L :/ *. * / S / D
exit
: M
cls
@ Echo off
ATTRIB-R-A-S-H M :/ *. * / S / D
exit
: N
cls
@ Echo off
ATTRIB-R-A-S-H N :/ *. * / S / D
exit
: Z
exit
Delete files and folders runauto autorun.inf on all drives of your PC.
Further down the batch file, run it and automatically delete files and folders runauto autorun.inf on all drives of your PC
delrunauto.cmd
@ Echo off
REM Created by cu-32 August 2010
To remove autorun cast and folders on all drives runauto
pause
cls
RMDIR C: \ runauto \ / S / Q
DEL C: \ autorun. * / F / Q / ARHSA
RMDIR D: \ runauto \ / S / Q
THE D: \ autorun. * / F / Q / ARHSA
RMDIR E: \ runauto \ / S / Q
THE E: \ autorun. * / F / Q / ARHSA
RMDIR F: \ runauto \ / S / Q
THE F: \ autorun. * / F / Q / ARHSA
RMDIR G: \ runauto \ / S / Q
OF G: \ autorun. * / F / Q / ARHSA
Rmdir H: \ runauto \ / S / Q
The H: \ autorun. * / F / Q / ARHSA
RMDIR I: \ runauto \ / S / Q
THE I: \ autorun. * / F / Q / ARHSA
RMDIR J: \ runauto \ / S / Q
THE J: \ autorun. * / F / Q / ARHSA
RMDIR K: \ runauto \ / S / Q
THE K: \ autorun. * / F / Q / ARHSA
cls
Done miss
echo.
For more commands miss gratisprogramas.org visit
pause