Prevent Spread of Viruses through Removable Drives with iKill
Author: Raymond14 Sep
Removable drives are one of the most simple, hassle free and effective means of data transfer in working environments like offices, schools, colleges. But, it has become like a simple boat ride for viruses to propagate. In general a USB drive of any kind, a pendrive, ipod, mp3 Players, mobile phones, all may contain viruses, they just act as carriers, the viruses/trojans exploit the autorun.inf file to execute themselves whenever you try to open the drive by double clicking. They even may
shadow the Open, Explore, Search, etc, other features using the shell commands such as the example below:
shell\Explore\command = virus.exe
When you right click on the drive icon and click on Explore, virus.exe would be launched,
infecting the whole system, and then it will start spreading by any means possible…
Just few days ago I borrowed a friend’s memory card to copy some of the photos out. One of my other friend brought a laptop along. We were all anxious to see the photos so I insert the memory card into his card reader and double click the drive letter. Then I noticed that there is a hidden autorun.inf file with MS32DLL.dll.vbs at the root of the memory card drive. I immediately knew that it was some sort of virus. I opened the autorun.inf file with Notepad and true enough, it runs MS32DLL.dll.vbs whenever we access the drive by double clicking on the drive letter. I then checked the MS32DLL.dll.vbs file and it is a virus that adds “Hacked By Godzilla” in Internet Explorer. Luckily it was an easy virus to remove…
So no matter how careful we are, there are times when we will be careless and we need tools that can protect us from autorun.inf threat when we slack off. So here’s iKill, a tool that can prevent spread of viruses through removable drives.
iKill application works by scanning the drives for the presence of removable drives. If found, it parses the autorun.inf file for the executables it may run.
If AutoProtect is enabled, it will automatically delete the harmful files present on the drive. Otherwise, it will prompt you for your permission to delete the virus.
If iKill found an autorun.inf file at the root of your drive, it will first prompt you if you’d like to delete the executable file. If you’re sure that the executable file is a virus, then click Yes, if not, click No. The second warning will then appear asking you if you’d like to delete the autorun.inf file. Actually there is no use of the autorun.inf in you removable drive. (It is rarely used by some applications to provide some added functionality, like the Wireless Config tool to help setup a home network. But, the applications are limited.) , you can safely delete it.
iKill works on Windows 98, 2000, XP, 2003 and Vista. The minimum hardware requirements to run iKill is 400MHz processor and 96MB of Ram. For Windows operating system that is lower than Vista, Microsoft .NET Framework 2.0 is required. You can download .NET Framework 2.0 from this link.
iKill is very similar to what USB FireWall does and it takes up very little memory usage (4MB). Try it, and if you don’t like it, just use a simple registry tweak to totally disable Windows from processing autorun.inf file.
Technorati Tags: ikill, autorun.inf, virus, spread, worm
: Copying this article to your website is strictly NOT allowed. However, if you like this article, you can use the HTML code below to directly link to this article.
Related Articles
Disable Write Access to Removable Storage Devices Have Your Missing or Lost USB Flash Drive Returned Back To You How to REMOTELY disable removable storage devices Create Fake Dummy File on USB Flash Drive to Enable Write Protect and Prevent Modification Stop Windows From Executing Instructions Found In AUTORUN.INF How to disable removable storage devices such as USB drives Latest ESET NOD32 Antivirus v4 and Smart Security v4 Review
Top incoming search terms for this post
a.net autorun.inf - How is INF/Autorun spread? - how to stop viruses spreading via removable drives - autorun a.net - a.net autorun - prevent spread viruses through removeable drive - "a.net" virus autorun - md cd con autorun - ウイルス 'Cannot create file' Autorun.inf - ウイルス Cannot create file Autorun.inf - kaip panaikinti virusa mp3 grotuve - How To Prevent Virus from USB KEy - no autorun.inf for removable starage - virut - virus spread through flash disks - disable autorun.inf functionality in vista home basic in ikill - automatically delete autorun.inf from usb - can you spread viruses through usb flashdisk - prevent viruses entering through usb - hidden removable disk - memory card virus autorun.inf - using a USB flash drive could you spread virus - autorun virus - autorun virus speard - prevent spread viruses - can virus spread through RAM - disable removable storage using group policy - autorun.inf vista - how to remove worm/autorun.el from laptop with ikill - accidentally removed autorun.inf file from card reader - prevent card reader from autorun - autorun.inf uin.vbs - cannot create autorun.inf in drives - how to remove autorun virus that will create - CANYOU SPREAD VIRUSES WITH YOUR IPOD - how to remove worm/autorun.el - how does autorun.inf spread? - Autorun inf.exe virus - How to prevent a virus from spreading using the 'AutoRun' feature - prevent virus autorun folder permissions - do flash drives pas virus through different computers - how to prevent virus from usb - can some viruses start with autorun removable storage - ANTIVIRUS GRATUIT CONTRE AUTORUN.INF - le virus autorane - immunize usb key autorun.inf - antivirus sur cle usb gratuit - autorun a.net virus - how do viruses on flash disk propagate - Stop "Cannot Create Autorun" -
Categories
Recent Comments
- tomasson: I see many people use
- Anonymous: Thany you soo much
- Tebas': Muito obrigado, solucionou o problema
- twinkle tyagi: where i can learn to
- Amit: usb not recognized error windows
- thami: plz raymond send me a
- kadidi: Hi people!!!! How do i remove
- sunny jain: thanks umair...
- RONIL: where did you get the
- Suvi: Thank you so much!! I
Have computer technical problems? Get FREE help from Raymond.CC FORUM
12 Responses for "Prevent Spread of Viruses through Removable Drives with iKill"
Great Find Raymond. Many Thanks!!!
I’m trying it, thank you very much.
But if I already have Kaspersky Antivirus do I need this tool? A few days ago Kaspersky detected a virus on my usb pendrive and easily removed him so do I really need this?
i have some problem using it. seems like the ikill slow down every few seconds whenever i tried to open and minimize it.
This tool looks good, but installing it in corporate network has many glitches of permissions etc, moreover its one more programm running on users computers…
I will go with the registry tweak mentioned in this post
http://www.raymond.cc/blog/archives/2008/04/22/stop-windows-from-executing-instructions-found-in-autoruninf/
I also found another problem on ikill, it seems like it kept on scanning the the floppy drive and never stop. Even i set to 10 sec, ikill wont stop scanning. I afraid it might annoy the users pc who got a floppy drive. i guess the programmer need to do something about it.
I think i just more like this tool : http://host-a.net/anggiawan/USBToolSetup.zip
There are additional tweaks.
I think this can cause false positive if you have autorun.inf for a menu on your flashdrives which you can accidentally delete. I recommend turning autorun via group policy editor via gpedt.msc.
Another neat thing I do is to create a autorun.inf folder at the root of every drive and make it readonly/system/hidden to prevent worms also called immunization but found software doing it so credit goes to anyone.
1. Click start menu then run.
2. Type cmd click ok
3. at the prompt type \\\”cd\\\\\\\” without the quotes then press enter.
4. again type \\\”md autorun.inf\\\” press enter
5. type \\\”attrib +h +r +s autorun.inf\\\”
do this to every drive regardless of being removable or fixed and it\\\’ll immunize your system from autorun worms.
autorun is a microsoft feature that is also used maliciously by worm creators.
never like autorun so I never used it IMHO
thi s is new to me i will be installing it
Moi j’utilise Anti-Autorun.inf, c’est un petit programme que j’allume à chaque fois que je branche un clé USB qui a été connecté sur un autre pc que le mien, il est gratuit, ne nécessite pas d’installation et se trouve ici : http://delphiblog.site.voila.fr/pages/programme_135_anti_autorun_inf.html
Il renome autorun.inf dès qu’il le détecte et ensuite le virus ne se lance plus quand je clique sur ma clé. Depuis que je l’utilise, j’ai plus de problème.
Thank u a lot man very helpful .
the antivirus is something other stuff.
But this tool specialy focus on USB drives so it is diffrent from antivirus..
Antivirus is good but it is diffrent so use it also
Leave a reply