 |
 | Do you know how to protect yourself against autorun.inf ? |  |
|
wisely
|
|
autorun.inf is a file use by Windows to autorun a setup program.
However, it is currently exploit by virus writer to launch virus. As Clamwin doesn't have an on-access scanner. You need to know how to protect your PC. One method I learn from other forum is to create a FOLDER called autorun.inf at C:\ and D:\ If the virus try to infect your PC, they cannot create the autorun.inf file at this location because of same name conflict. You can do the same on your USB drive. If you have problem create the FOLDER, you may already be infected by the virus. The solution is to unhide the autorun.inf file and delete it. Then create the folder. attrib -r -s -h autorun.inf del autorun.inf mkdir autorun.inf |
|||||||||||
|
|||||||||||||
 |
| |
|
NiveusLuna
|
|
or you can just disable autorun for CDs and DVds, then never use autorun on flash drives (since those ask you about it on windows xp and have to be manually executed on vista)
|
|||||||||||
|
|||||||||||||
|
| |
|
wisely
|
|
If the autorun.inf and the virus.exe already exist in your USB flash drive.
The moment you plug it in, windows will run the autorun.inf and trigger the virus. Unless you use my method to create a folder at c:\ or disable autorun in the registry. Most of the viruses are spread by USB flash disk and network drives but not by CD/DVD. In my company, share network drives are also affected. For example if your network drive is H: The moment you connect to H drive, you will be infected. The file is hidden and need to unhide using the attrib command to unhide. |
|||||||||||
|
|||||||||||||
|
| |
|
sherpya
|
|
I've made an explorer extension that disables autorun.inf parsing, yes there is a registry key but windows likes to reset the value often
I'll make it available as soon I can make a little setup |
|||||||||||
|
|||||||||||||
|
| |
|
wisely
|
|
Here is a VBscript to disable the autorun in registry
' removing registry keys set rg = CreateObject("WScript.Shell") ' disabling autoplay on all disks rg.regwrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\explorer\NoDriveTypeAutoRun",255,"REG_DWORD" rg.regwrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\explorer\NoDriveAutoRun",255,"REG_DWORD" rg.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\explorer\NoDriveTypeAutoRun",255,"REG_DWORD" rg.regwrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\explorer\NoDriveAutoRun",255,"REG_DWORD" |
|||||||||||
|
|||||||||||||
|
| |
|
sherpya
|
|
I've already tested these reg keys, but windows was always re-enabling o partially re-enabling them
so I've decided to mem patch explorer to avoid parsing autorun.inf files |
|||||||||||
|
|||||||||||||
|
| |
|
wisely
|
|
Can Clamwin developer a feature to disable autorun ?
I find that this kind of feature it is more effective than trying to find all the autorun virus signiture that exist. |
|||||||||||
|
|||||||||||||
|
| |
|
akar
|
|
https://davisr.com/cgi-bin/content/products/flashguard.htm - this program is very good after autoruns
 |
|||||||||||
|
|||||||||||||
|
| |
|
wisely
|
|
Thanks for your info
I am also aware of other freewares that can do the job 
a) Ninja pendrive. https://www.softpedia.com/get/Antivirus/Ninja-Pendisk.shtml b) iKill https://www.softpedia.com/get/Antivirus/iKill.shtml The NASA spent millions $ to invent a pen that could write in zero gravity. The Russian spent $0 and use a pencil to do the same thing. I prefer simple solutions that works and do not need to use additional system resources. My method do not requires any software. Just need to create a few empty folders. I have also use this method to immune some of the PC in my office. Once there was a worm that keep infecting a PC. Symantec cannot detect it so I install Clamwin and do a schedule scan everyday and remove the worm. But the worm keep coming back to the c:\windows\system32 folder everyday. So I created a FOLDER using the worm's name at the c:\windows\system32. From that day onwards, the PC is free from infection. |
|||||||||||
|
|||||||||||||
|
| |
|
calande
|
|
I have also been infected by a USB flash drive from a friend of mine, although my ClamWin is updated on a daily basis. The virus was located in an autorun.inf file. I think these problems will be solved once we have on-access scanning.
|
|||||||||||
|
|||||||||||||
|
| |
|
GuitarBob
|
|
I suggest running a behavior blocker alongside ClamWin. They work in different ways and are complimentary to each other. Both ThreatFire (from PC Tools) and WinPatrol (from BillP Studios) have free versions that are fairly "quiet" and are proven products.
Regards, |
|||||||||||
|
|||||||||||||
|
 | Do you know how to protect yourself against autorun.inf ? | |
|
||
|
|
|
Powered by phpBB © phpBB Group
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.