Removable drives are one of the most simple, hassle free and effective means of data transfer in working environments like offices, schools, colleges. But, it has become like a simple boat ride for viruses to propagate. In general a USB drive of any kind, a pendrive, ipod, mp3 Players, mobile phones, all may contain viruses, they just act as carriers, the viruses/trojans exploit the autorun.inf file to execute themselves whenever you try to open the drive by double clicking. They even may
shadow the Open, Explore, Search, etc, other features using the shell commands such as the example below:
shell\Explore\command = virus.exe
When you right click on the drive icon and click on Explore, virus.exe would be launched,
infecting the whole system, and then it will start spreading by any means possible…
Just few days ago I borrowed a friend’s memory card to copy some of the photos out. One of my other friend brought a laptop along. We were all anxious to see the photos so I insert the memory card into his card reader and double click the drive letter. Then I noticed that there is a hidden autorun.inf file with MS32DLL.dll.vbs at the root of the memory card drive. I immediately knew that it was some sort of virus. I opened the autorun.inf file with Notepad and true enough, it runs MS32DLL.dll.vbs whenever we access the drive by double clicking on the drive letter. I then checked the MS32DLL.dll.vbs file and it is a virus that adds “Hacked By Godzilla” in Internet Explorer. Luckily it was an easy virus to remove…
So no matter how careful we are, there are times when we will be careless and we need tools that can protect us from autorun.inf threat when we slack off. So here’s iKill, a tool that can prevent spread of viruses through removable drives.
iKill application works by scanning the drives for the presence of removable drives. If found, it parses the autorun.inf file for the executables it may run.
If AutoProtect is enabled, it will automatically delete the harmful files present on the drive. Otherwise, it will prompt you for your permission to delete the virus.
If iKill found an autorun.inf file at the root of your drive, it will first prompt you if you’d like to delete the executable file. If you’re sure that the executable file is a virus, then click Yes, if not, click No. The second warning will then appear asking you if you’d like to delete the autorun.inf file. Actually there is no use of the autorun.inf in you removable drive. (It is rarely used by some applications to provide some added functionality, like the Wireless Config tool to help setup a home network. But, the applications are limited.) , you can safely delete it.
iKill works on Windows 98, 2000, XP, 2003 and Vista. The minimum hardware requirements to run iKill is 400MHz processor and 96MB of Ram. For Windows operating system that is lower than Vista, Microsoft .NET Framework 2.0 is required. You can download .NET Framework 2.0 from this link.
iKill is very similar to what USB FireWall does and it takes up very little memory usage (4MB). Try it, and if you don’t like it, just use a simple registry tweak to totally disable Windows from processing autorun.inf file.
[ Download iKill v1.2 ]
Related posts:
just create folder named “autorun.inf” in your pendrive the virus will not over right this and u will be safe…….
Hey, hopefully someone can make use of this :)
If you are having issues running virus scanners whilst your computer is turned on, try to start into ‘Safe Mode’.
If you’re using a version of Windows, you’ll be able to do this. (Windows XP, Windows Vista & Windows 7)
Safe Mode:
Turn computer off
Turn computer on whilst tapping F8. When prompted select ‘safe mode with networking’
When prompted, click Yes & start into Windows as normal.
the antivirus is something other stuff.
But this tool specialy focus on USB drives so it is diffrent from antivirus..
Antivirus is good but it is diffrent so use it also
Thank u a lot man very helpful .
Moi j’utilise Anti-Autorun.inf, c’est un petit programme que j’allume à chaque fois que je branche un clé USB qui a été connecté sur un autre pc que le mien, il est gratuit, ne nécessite pas d’installation et se trouve ici : delphiblog.site.voila.fr/pages/programme_135_anti_autorun_inf.html
Il renome autorun.inf dès qu’il le détecte et ensuite le virus ne se lance plus quand je clique sur ma clé. Depuis que je l’utilise, j’ai plus de problème.
thi s is new to me i will be installing it
I think this can cause false positive if you have autorun.inf for a menu on your flashdrives which you can accidentally delete. I recommend turning autorun via group policy editor via gpedt.msc.
Another neat thing I do is to create a autorun.inf folder at the root of every drive and make it readonly/system/hidden to prevent worms also called immunization but found software doing it so credit goes to anyone.
1. Click start menu then run.
2. Type cmd click ok
3. at the prompt type \\\”cd\\\\\\\” without the quotes then press enter.
4. again type \\\”md autorun.inf\\\” press enter
5. type \\\”attrib +h +r +s autorun.inf\\\”
do this to every drive regardless of being removable or fixed and it\\\’ll immunize your system from autorun worms.
autorun is a microsoft feature that is also used maliciously by worm creators.
never like autorun so I never used it IMHO
I think i just more like this tool : host-a.net/anggiawan/USBToolSetup.zip
There are additional tweaks.
I also found another problem on ikill, it seems like it kept on scanning the the floppy drive and never stop. Even i set to 10 sec, ikill wont stop scanning. I afraid it might annoy the users pc who got a floppy drive. i guess the programmer need to do something about it.
This tool looks good, but installing it in corporate network has many glitches of permissions etc, moreover its one more programm running on users computers…
I will go with the registry tweak mentioned in this post
raymond.cc/blog/archives/2008/04/22/stop-windows-from-executing-instructions-found-in-autoruninf/
i have some problem using it. seems like the ikill slow down every few seconds whenever i tried to open and minimize it.
But if I already have Kaspersky Antivirus do I need this tool? A few days ago Kaspersky detected a virus on my usb pendrive and easily removed him so do I really need this?
I’m trying it, thank you very much.
Great Find Raymond. Many Thanks!!!