Removable drives are one of the most simple, hassle free and effective means of data transfer in working environments like offices, schools, colleges. But, it has become like a simple boat ride for viruses to propagate. In general a USB drive of any kind, a pendrive, ipod, mp3 Players, mobile phones, all may contain viruses, they just act as carriers, the viruses/trojans exploit the autorun.inf file to execute themselves whenever you try to open the drive by double clicking. They even may
shadow the Open, Explore, Search, etc, other features using the shell commands such as the example below:
shell\Explore\command = virus.exe
When you right click on the drive icon and click on Explore, virus.exe would be launched,
infecting the whole system, and then it will start spreading by any means possible…
Just few days ago I borrowed a friend’s memory card to copy some of the photos out. One of my other friend brought a laptop along. We were all anxious to see the photos so I insert the memory card into his card reader and double click the drive letter. Then I noticed that there is a hidden autorun.inf file with MS32DLL.dll.vbs at the root of the memory card drive. I immediately knew that it was some sort of virus. I opened the autorun.inf file with Notepad and true enough, it runs MS32DLL.dll.vbs whenever we access the drive by double clicking on the drive letter. I then checked the MS32DLL.dll.vbs file and it is a virus that adds “Hacked By Godzilla” in Internet Explorer. Luckily it was an easy virus to remove…
So no matter how careful we are, there are times when we will be careless and we need tools that can protect us from autorun.inf threat when we slack off. So here’s iKill, a tool that can prevent spread of viruses through removable drives.
iKill application works by scanning the drives for the presence of removable drives. If found, it parses the autorun.inf file for the executables it may run.
If AutoProtect is enabled, it will automatically delete the harmful files present on the drive. Otherwise, it will prompt you for your permission to delete the virus.
If iKill found an autorun.inf file at the root of your drive, it will first prompt you if you’d like to delete the executable file. If you’re sure that the executable file is a virus, then click Yes, if not, click No. The second warning will then appear asking you if you’d like to delete the autorun.inf file. Actually there is no use of the autorun.inf in you removable drive. (It is rarely used by some applications to provide some added functionality, like the Wireless Config tool to help setup a home network. But, the applications are limited.) , you can safely delete it.
iKill works on Windows 98, 2000, XP, 2003 and Vista. The minimum hardware requirements to run iKill is 400MHz processor and 96MB of Ram. For Windows operating system that is lower than Vista, Microsoft .NET Framework 2.0 is required. You can download .NET Framework 2.0 from this link.
iKill is very similar to what USB FireWall does and it takes up very little memory usage (4MB). Try it, and if you don’t like it, just use a simple registry tweak to totally disable Windows from processing autorun.inf file.
[ Download iKill v1.2 ]
Related posts: