Comments on: Prevent Autorun-driven Virus Infections

By: Terry Guerrero

Terry Guerrero — Wed, 20 Oct 2010 08:11:20 +0000

Please visit my site: adwords

By: ruben

ruben — Fri, 12 Dec 2008 18:04:27 +0000

Excellent, it worked with autorun.inf but it can also work with the virus itself, svchost.exe in the s-4…..-9… folder (inside driver folder, it’s hidden), though it can be tricky.
You have to create a folder named the same in other place, let’s say your desktop, and two subfolders named svchost.exe and Desktop.ini, configure them as Read-only. Delete the “original” folder s-…. (usually looks like the recycle bin), and VERY quickly drag and copy the folder you just created for preventing overwriting (remember Read-only!).

By: Christopher

Christopher — Sat, 01 Nov 2008 12:05:48 +0000

sometimes the autorun.inf file is HIDDEN. they mostly infect USB drives. To counter this strategy,

goto the command prompt.
type "dir /ah" this will list ALL HIDDEN FILES.
you can't delete them yet coz they're hidden. most of the time the AV detects them, but to be surem you can do this manually.
type "attrib -filename here- -s -h -r"
they will be visible now after you type "dir"
delete the previously files. remember them of course!
warning: don't go deleting hidden files on windows folders haphazardly. before doing so, make sure that it is malware if you are suspicious about it.

cheers

By: Mohit

Mohit — Wed, 06 Aug 2008 17:25:58 +0000

To prevent these kinds of viruses on infecting your PC, you need to disable autorun function in your computer, unfortunately, just shutting down autoplay is not a fix. You might think that you could protect yourself from AutoRun by adding two (2) keys to your Registry (NoDriveAutoRun and NoDriveTypeAutoRun) but these keys can be overridden by some programs.

Solution is here:

1. Start Notepad [Start Menu-All Programs-Accessories-Notepad] or right-click any empty space in your desktop then select New-Text Document
2. Copy the following text. (note: Everything in between the square brackets should be in one line)

REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@=”@SYS:DoesNotExist”

3. Save the file with a name (anything) like DisableAutoRun.reg (The extension .reg is the important part)
4. Double Click your newly created registry file. Choose yes or continue to the warning that will appear.

By: JoeAnne70

JoeAnne70 — Thu, 31 Jul 2008 09:53:03 +0000

Thanks for the information, even if I’m an computer geek I’ve never heard of such type of virus infection. But in my opinion a strong firewall will always do the job, but be careful how strong you make it. One time it turned off my whole Internet connection because it was a risky one.

By: linux user (stakis)

linux user (stakis) — Tue, 29 Apr 2008 08:44:18 +0000

edit the registry from Linux? yeah right….
anyway, you can override windows XP autorun feature if you keep shift button pressed while pluging in your portable media (CD-ROM, flash drive…) it will force windows to disable temporarily its autorun feature (while the button is pressed)

autorun.inf is NOT BOOTABLE MALWARE… it’s just a text file with instructions for windows (what to run etc) if windows finds a file at the root directory in a drive it executes the instructions like “set an icon for the drive X:” , run a program and so on…

Bootable is something that can be identified from the BIOS as an OS, and it must reside (partially) in the MBR of the media to put it simply…

hacker is only right on one thing, USE LINUX! (I don’t believe that he/she runs linux by the way)

By: JetMuser

JetMuser — Wed, 21 Nov 2007 22:11:33 +0000

i think hacker right

By: hacker

hacker — Thu, 27 Sep 2007 13:20:51 +0000

it sucks!!!
u said bit correct!
but MIND autorun.inf is bootable malware it just fuks registry u can’t do anything by using xp….
Only way 2 get rid of this sting s 2 use linux and then edit regitry only way 2 kick ass of that bitch “autorun.inf”

By: Dre

Dre — Thu, 23 Aug 2007 15:49:51 +0000

This is totally helpful!

By: da`kid

da`kid — Sun, 19 Aug 2007 13:46:29 +0000

haha. nagkakaburahan na dito ah haha. next bday ulit hehe

By: Aja

Aja — Fri, 17 Aug 2007 15:55:59 +0000

Most users I know run Windows XP that, in my experience, asks the end user first if he/she likes to play media files (if there is any), to view photos in a slideshow (if there is any), to open the folder to view files, or to run the software contained inside (when there is an autorun.inf file), among others—a feature called Autoplay, which is similar to, but different from Autorun.

So, I guess it wouldn’t immediately install the virus from an infected UFD the moment you plug it in. Unless, of course, you double-click the drive icon, and activate the default option of Autorun. My PCs would be infected from a lot of my friends’ UFDs otherwise.

Do your homework.

By: Djanarak

Djanarak — Fri, 17 Aug 2007 13:50:36 +0000

Hmm, your post is half-baked. Not enough homework done I reckon, and not enough testing (although the testing part is understandable, software costs a fortune). I’d like to point out that a clean computer that is introduced to an infected USB flash drive will get infected the moment you plug it in, specifically because of the autorun feature built into Windows. You have to disable autorun prior to plugging in the infected flash drive. Second, most people who use free antivirus programs are unaware that the companies providing such give no assurance that their products work flawlessly. Once a computer is infected with certain flash-drive trojans, those free antivirus programs are useless against preventing the computer from infecting other devices attached to it. Nevertheless, you did try so I’d give you credit for that. By the way, PFD is a more suitable acronym for flash drives. It stands for “prostitute flash drive” hehe, which is pretty much what they are with the careless attitude people have with regards to PC security. I heard from my cousin about that uni were even the moron illiterate lecturers carelessly infect students’ PFDs; and she’s taking a computer course haha!!! At “the most reputable engineering school” at that!!! My point is, regardless of age, we all have a lot more to learn about computers, and will never run out of new things to learn about them. 73′s to you folks!

P.S. I love hatemail, but I never underestimate the power of a fool with spamming software. So i’ll just pop by here regularly to see if anyone repudiates my remarks.

By: Aja

Aja — Wed, 08 Aug 2007 09:58:49 +0000

@Jane: No problem

@July: “piz” ka dyan. LOL

@Ate Lei: Print nang print from UFDs na infected? Ganyan din kami nung may formal report.

@Tala: Cold proof? Well, I’d say your expensive thong is worth every buck. Heh

By: Talamasca

Talamasca — Wed, 08 Aug 2007 09:08:33 +0000

As I have nothing beneficial to contribute to this entry and since I just feel like, well, bitching, allow me to say that you just missed me wearing my expensive waterproof thong! It’s only a one-day thing, dont ya know!? And hell no, I didn’t feel cold or anything. I guess the thong rendered my entire system cold proof or something. It isn’t expensive without the extra perks!!! Ktnxbai!!! ;-p

By: lei

lei — Tue, 07 Aug 2007 11:32:50 +0000

naalala ko tuloy ang paper season nung college! hehehe!

gagawin ko na yang tips mo ngayon na. hehehe!