Categories
Attacks Tech

Prevent Autorun-driven Virus Infections

USB flash drives and portable hard disk drives are commonplace today as PCs and digital media are conquering the market. But, while ease of use and portability of the UFD and HDD [as well as their digital content] increases, the spread of malware[1] on them also increases. There are several ways to prevent this from happening,[2] with or without the help of an AV product.

Case 1: Clean PC+AV, Infected UFD/HDD; Automatic

This is the easiest, though not necessarily the best solution[3] to detect and clean autorun-driven malware.

  1. Update the anti-virus product on your computer before plugging in the portable drive.
  2. Do not open your drive contents after plugging.
  3. Scan your portable drive for malware immediately.
  4. Clean all infections found by your anti-virus.

Case 2: Clean PC, Infected UFD/HDD; Manual

In some cases, an anti-virus product or an update is not available, or the anti-virus product is just not strong or smart enough.[4] We could do a manual search and destroy for the malware.

  1. Plug on the drive to your computer.
  2. Use the Folders Explorer Bar[5] to open the drive contents on Windows Explorer, instead of double-clicking the drive icon on the main window; or
  3. Right-click on the drive icon on the main window, and select Explore or Open, and not Autoplay or Autorun
  4. Look for the file named autorun.inf.
  5. Open the file using Notepad or the text editor of your choice.
  6. Take note of the line that says, open=<path\filename.ext>, where <path\filename.ext> is the location of the malware itself.
  7. Locate the malware and delete it along with the autorun.inf file.

Case 3: Infected PC

You would know if your PC is already infected when it copies the malware and the autorun files to your portable drives automatically. If your AV software couldn’t handle cleaning your system from it, or if you have none, consider browsing the Web for manual detection and cleaning procedures as different variants and, therefore, locations of them would be hard to summarize in this post. Try Trend Micro‘s Virus Encyclopedia.

Case 4: Clean PC and UFD/HDD; Prevention

Here’s the nifty part, this is based on a hack from a friend who works on an anti-virus company.

  1. Create a folder on the root of your portable drive.
  2. Rename it as autorun.inf.
  3. Right-click on the folder, and click Properties. Alternatively, select the folder, then go to the File menu, and select Properties. KB shortcut: [Alt]+F, R
  4. Under the General tab, on the Attributes section, check Read-only and Hidden. KB shortcuts: [Alt]+R, and [Alt]+H, respectively

The above instructions would prevent other infected computers from copying an autorun directive to your portable drive. It doesn’t necessarily mean an instance of the malware itself would be prevented from being copied as well. It just protects you from your own muscle memory of instantly double-clicking the drive icon to open the contents, but instead, running the malware to be installed on your clean PC.

Footnotes:

  1. ^ malicious software; collective term for viruses, worms, trojan horses, spyware, et al.
  2. ^ Cases assume you’re on the virus-prone Microsoft Windows platform.
  3. ^ Your AV would probably delete only the instances of the malware and not the autorun.inf file for it is intended as a convenience feature for legitimate software manufacturers. You could safely delete the autorun file manually.
  4. ^ This pertains to my experience with a fully-updated AVG Anti-Virus Free Edition on my classmate’s notebook, which was not able to detect a simple autorun-driven malware.
  5. ^ If not visible by default, go to View on the menu bar, locate Explorer Bar, and then check Folders. KB shortcut: [Alt]+V, E, O