Any USB device containing viruses can't just simply affect your system unless you let it. Nearly very USB virus works by a trigger, one that launches and activates it. As long as this trigger is not recieved, any USB device containing virus can be considered safe.
The most commonly found USB viruses gets triggered by a file called 'Autorun.inf' (usually found in an infected USB device). When you insert an USB device into the computer, Windows looks if AUTORUN.INF file is located in the root folder of this drive. If AUTORUN.INF is found, then Windows follows the instructions in this file (this is the case if Autoplay is enabled and by default it is enabled in every system).
The instructions found in this file is usually what to do when you open or explore the drive, which icon and label should be shown against the drive and so on. USB viruses often work by exploiting this file, like programming a virus to be run when you select open through the context menu (the menu you get when you right click a drive or folder).
Steps to fix.
1. Go to 'Run' (shortcut - Win key + R) type 'gpedit.msc'
2. On the Group Policy editor window that opens up, go to 'User Configurations'
Select 'Administrative Templates' and then 'System'. (Explorer like view - click '+' to select)
3. On the right window pane, right click 'Turn off Autoplay' and select 'Properties'
4. Select 'Enabled' radio button and select Turn off Autoplay on: All drives
5. Select 'Apply' then 'Ok' and close the 'Group Policy' window
The above procedure Disables Autoplay on USB drives (and CD/DVD drives) on a Windows XP machine. By turning off autoplay, Windows does not automatically run applications when you insert a USB device (and CD/DVD). So you are now protected against viruses that run immediately upon insertion of infected USB devices.
To open an infected USB device.
1. Plug in your USB device.
2. Open 'My Computer'. Here you see the USB drive (assume drive letter J:).
DO NOT RIGHT CLICK AND SELECT ANY OF THE CONTEXT MENU ITEMS NOR DOUBLE CLICK THE DRIVE ICON.
3. Go to Tools > Folder Options
Select 'View'. Enable 'Show hidden files and folders', untick 'Hide extensions for known file
types' and untick 'Hide protected operating system files'. (A warning window will appear,
select 'Yes'). Click 'Apply' and 'OK'.
(Autorun.inf usually have hidden and system attributes set).
4. Go to the Address bar and type 'J:\' (without quotes).
5. DELETE 'AUTORUN.INF' FILE (INFECTED DRIVES WILL HAVE ONE) AND ANY OTHER SUSPICIOUS EXE OR COM FILES THAT YOU DID NOT TRANSFER TO YOUR DEVICE.
VOILA!! Your USB device is now free of virus. Stop the USB drive, unplug and reinsert for use.
NB: To reset 'Folder Options' select 'Restore Defaults' (in View). Hidden and System files are only visible if the system is already free of virus infection. It is advisable to restore the View settings to default to prevent accidental deletion of system files.
No comments:
Post a Comment