These days USB is being used by everyone for data transferring due to it’s affordable price and portability, but it also became the fastest and major source for malware infection. Worms used it to replicate faster, once your external drive(pen drive) come in contact with an infected system it gets infected automatically by the malicious services running in that infected system, one of the first task done by malicious services is to create AUTORUN information file(AUTORUN.INF) into removable drive for further propagation of the worm.
How it does?
Actually AUTORUN file contains the code for executing the infected file or worm instantly as soon as it is connected to a healthy system through USB.
[ad#Google Adsense 728]
The code in AUTORUN information file looks something like this:
In the above script ‘example’ is a folder in removal drives which contain infected executable file that uses AUTORUN file for it’s propagation.
How to play safe?
- Step1: Create four folders in the root directory of your Removable drive(USB) with names Autorun.inf, Recycle, Recycler and Recycled(these folders are created by viruses to complete their process in every drive).
- Step2: Go to Start>Run and type cmd to open Command Prompt. If USB drive is ‘G‘ then type G: and press Enter or if you are trying this on any disk partition then specify that drive letter in place of ‘G‘
- Step3: Now type the following commands one after the other.While you are executing these commands console may ask you like this “Are you sure(Y/N)” then type Y and press Enter.
G:\>attrib -h -a -r -s G:\autorun.inf
G:\>cacls autorun.inf /c /d administrators
- Step4: Repeat above Step for Recycle, Recycler and Recycled also.
Here in the above procedure attrib command is used to set the folder attributes and cacls is used to set the privilege label to deny access for members of administrators group.
[ad#Google Adsense 468]
Once you have completed this task successfully you won’t be able to delete, rename, modify, copy or open these folders and this also prevent Malicious services running in any system to modify or copy infected files into Removable Drives.
- To avoid autorun menu when USB is inserted, hold shift key while it is being detected by the system.
- Always use safely remove option while removing pen drive.
- If you are not sure about the condition of the pen drive then don’t take chances scan it using a good antivirus before accessing the data inside it.