Home > Computer > Prevent Spread of Viruses through Removable Drives with iKill

Prevent Spread of Viruses through Removable Drives with iKill

Posted By Raymond In Category: Computer

Sep
14
2008
Donate

Removable drives are one of the most simple, hassle free and effective means of data transfer in working environments like offices, schools, colleges. But, it has become like a simple boat ride for viruses to propagate. In general a USB drive of any kind, a pendrive, ipod, mp3 Players, mobile phones, all may contain viruses, they just act as carriers, the viruses/trojans exploit the autorun.inf file to execute themselves whenever you try to open the drive by double clicking. They even may
shadow the Open, Explore, Search, etc, other features using the shell commands such as the example below:

shell\Explore\command = virus.exe

When you right click on the drive icon and click on Explore, virus.exe would be launched,
infecting the whole system, and then it will start spreading by any means possible…

Just few days ago I borrowed a friend’s memory card to copy some of the photos out. One of my other friend brought a laptop along. We were all anxious to see the photos so I insert the memory card into his card reader and double click the drive letter. Then I noticed that there is a hidden autorun.inf file with MS32DLL.dll.vbs at the root of the memory card drive. I immediately knew that it was some sort of virus. I opened the autorun.inf file with Notepad and true enough, it runs MS32DLL.dll.vbs whenever we access the drive by double clicking on the drive letter. I then checked the MS32DLL.dll.vbs file and it is a virus that adds “Hacked By Godzilla” in Internet Explorer. Luckily it was an easy virus to remove…

So no matter how careful we are, there are times when we will be careless and we need tools that can protect us from autorun.inf threat when we slack off. So here’s iKill, a tool that can prevent spread of viruses through removable drives.


iKill application works by scanning the drives for the presence of removable drives. If found, it parses the autorun.inf file for the executables it may run.

iKill Remove Autorun.inf exe virus

If AutoProtect is enabled, it will automatically delete the harmful files present on the drive. Otherwise, it will prompt you for your permission to delete the virus.

Notify autorun.inf found

If iKill found an autorun.inf file at the root of your drive, it will first prompt you if you’d like to delete the executable file. If you’re sure that the executable file is a virus, then click Yes, if not, click No. The second warning will then appear asking you if you’d like to delete the autorun.inf file. Actually there is no use of the autorun.inf in you removable drive. (It is rarely used by some applications to provide some added functionality, like the Wireless Config tool to help setup a home network. But, the applications are limited.) , you can safely delete it.

iKill works on Windows 98, 2000, XP, 2003 and Vista. The minimum hardware requirements to run iKill is 400MHz processor and 96MB of Ram. For Windows operating system that is lower than Vista, Microsoft .NET Framework 2.0 is required. You can download .NET Framework 2.0 from this link.

iKill is very similar to what USB FireWall does and it takes up very little memory usage (4MB). Try it, and if you don’t like it, just use a simple registry tweak to totally disable Windows from processing autorun.inf file.

[ Download iKill v1.2 ]


Related posts:
  • How to disable removable storage devices such as USB drives
  • Protect Windows from USB Flash Drive Viruses with USB Antivirus Mx One
  • How to Make Windows Autorun USB Flash Drives
  • Protect Windows From USB Autorun.inf Virus With USB Firewall
  • How to REMOTELY disable removable storage devices
    • utkarsh30june

      Great Find Raymond. Many Thanks!!!

    • Deyaa Addeen Fahmy Shedeed

      I’m trying it, thank you very much.

    • Cristi

      But if I already have Kaspersky Antivirus do I need this tool? A few days ago Kaspersky detected a virus on my usb pendrive and easily removed him so do I really need this?

    • http://starboykb.blogspot.com Starboykb

      i have some problem using it. seems like the ikill slow down every few seconds whenever i tried to open and minimize it.

    • Sandeep

      This tool looks good, but installing it in corporate network has many glitches of permissions etc, moreover its one more programm running on users computers…
      I will go with the registry tweak mentioned in this post

      http://www.raymond.cc/blog/archives/2008/04/22/stop-windows-from-executing-instructions-found-in-autoruninf/

    • http://starboykb.blogspot.com starboykb

      I also found another problem on ikill, it seems like it kept on scanning the the floppy drive and never stop. Even i set to 10 sec, ikill wont stop scanning. I afraid it might annoy the users pc who got a floppy drive. i guess the programmer need to do something about it.

    • ina

      I think i just more like this tool : http://host-a.net/anggiawan/USBToolSetup.zip

      There are additional tweaks.

    • Miguel Sebastian

      I think this can cause false positive if you have autorun.inf for a menu on your flashdrives which you can accidentally delete. I recommend turning autorun via group policy editor via gpedt.msc.

      Another neat thing I do is to create a autorun.inf folder at the root of every drive and make it readonly/system/hidden to prevent worms also called immunization but found software doing it so credit goes to anyone.

      1. Click start menu then run.
      2. Type cmd click ok
      3. at the prompt type \\\”cd\\\\\\\” without the quotes then press enter.
      4. again type \\\”md autorun.inf\\\” press enter
      5. type \\\”attrib +h +r +s autorun.inf\\\”

      do this to every drive regardless of being removable or fixed and it\\\’ll immunize your system from autorun worms.

      autorun is a microsoft feature that is also used maliciously by worm creators.

      never like autorun so I never used it IMHO

    • sunkumar kothari

      thi s is new to me i will be installing it

    • Christophe

      Moi j’utilise Anti-Autorun.inf, c’est un petit programme que j’allume à chaque fois que je branche un clé USB qui a été connecté sur un autre pc que le mien, il est gratuit, ne nécessite pas d’installation et se trouve ici : http://delphiblog.site.voila.fr/pages/programme_135_anti_autorun_inf.html
      Il renome autorun.inf dès qu’il le détecte et ensuite le virus ne se lance plus quand je clique sur ma clé. Depuis que je l’utilise, j’ai plus de problème.

    • Ahmad

      Thank u a lot man very helpful .

    • rAmbo

      the antivirus is something other stuff.
      But this tool specialy focus on USB drives so it is diffrent from antivirus..
      Antivirus is good but it is diffrent so use it also

    • http://www.removethatvirus.com Virus Removal

      Hey, hopefully someone can make use of this :)

      If you are having issues running virus scanners whilst your computer is turned on, try to start into ‘Safe Mode’.

      If you’re using a version of Windows, you’ll be able to do this. (Windows XP, Windows Vista & Windows 7)

      Safe Mode:
      Turn computer off
      Turn computer on whilst tapping F8. When prompted select ‘safe mode with networking’
      When prompted, click Yes & start into Windows as normal.

    • rakesh

      just create folder named “autorun.inf” in your pendrive the virus will not over right this and u will be safe…….

    Copyright © 2005-2012 - Raymond.CC Blog