Zlob.DnsChanger, Downandup, Downadup, Kido, Conficker – all those autorun trojans are increasingly becoming quite a bit of a problem, and the numbers in which several their variations have been proliferating a while now are really appalling. What could be done to, at least, slow down their spread and, which is all the more important, keep your own PC safe from them?
To find an answer to this question, we first need to take a look at the way this kind of infection spreads:
- You insert a flash device into an infected PC and the autorun.inf file is created in the root folder of your flash device;
- The infected files are then copied to the flash device (this is called payload);
- You insert the infected flash device into another PC. Here, the autorun functionality is enabled, the autorun.inf file is run, and the payload process starts, thus infecting the target machine.
Unfortunately, no flash devices with a read-only switch currently exist as was the case with floppy disks.
However, your flash device can still be protected and prevented from becoming a carrier of the infection. Surprisingly, that can be done by availing oneself of some of the limitations the modern-day file systems have.
In a modern file system, THE FILE AND THE FOLDER THAT HAVE THE SAME NAME CANNOT CO-EXIST IN THE SAME LOCATION and file names of the file systems FAT/FAT32/NTFS are CASE INSENSITIVE.
This means, that if we create the autorun.inf folder in the root of your flash device, no file with the same name can ever be created. Therefore, based on the existing properties of the modern file systems, we can easily create an insurmountable obstacle for autorun infections that will render their autorun process impossible incidentally.
Luckily, the above method can be applied on absolutely any PC.
Below, you will find some detailed instructions on how to safeguard your flash device from becoming infected with autorun trojans. Prior to proceeding with these instructions, you need to enable the display of hidden files on your PC.
To enable display of hidden files:
Windows Vista
- Click Start;
- Select Control Panel;
- If the Control Panel opens in the Classic View, double-click the Folder Options icon and proceed to Step 3 of the Windows XP instructions below,
- If the Control Panel opens in the Control Panel Home View, click Appearance and Personalization > Show Hidden Files or Folders and proceed to Step 4 of the Windows XP instructions below.
Windows XP / 2003
- Double-click My Computer;
- Go to the Tools menu and select Folder Options.
A dialog box will be displayed. - Select the View tab;
- In the Hidden files and folders section – select the Show hidden files and folders option;
- Clear the Hide extensions for known file types checkbox;
- Clear the Hide protected operating system files checkbox;
- Click Apply.
Upon completion of the above procedure, you can get down directly to securing your flash device against the threat of autorun infections.
To prevent your flash device from becoming an infection carrier:
- Click My Computer;
- Right-click your Flash Drive;
- From the menu, select Open;
- If the file autorun.inf is present in the root of your flash device, delete this file;
- Create the folder named autorun.inf in the root of the flash device by right-clicking the free space and selecting Create > New Folder from the menu;
- Copy some files to the newly created autorun.inf folder;
- To make the autorun.inf folder read-only, right-click the folder name, select Properties, and check the Read-Only mark.
- Click OK.
Now, your flash device is fully protected against any kind of an autorun infection.
However, you should bear in mind, that the above steps prevent only active content from running automatically on your flash drive after its insertion into a PC.
You should always check whether your autorun.inf folder is present on the flash drive. The current-day malware is incapable of overcoming the obstacle of the same-name folder. However, in the future, you may also have to keep an eye on the folder name, as its not ruled out that the future generations of autorun infections will not try to overcome this obstacle by renaming the folder.
thank you for your good advice on flash drive infection prevention.
that really helped me.
best regards
abouzar
— abouzar · Feb 24, 04:02 AM · #
Dear Sir/Madam
My name is Abas. I purchased a software to my PC on April 12 2009. I was trying to activate the software based on the info that has been sent by email ,but I did not work. Basically ,I do not need the software right now and I want my money back as soon as possible.The last four digit of my visa card is 7794.
Thank you and have great day.
— Abas · Apr 15, 09:29 PM · #
I am confused with step 7 of “To prevent your flash device from becoming an infection carrier:”
“7. To make the autorun.inf folder read-only, right-click the folder name, select Properties, and clear the Read-Only mark.
If you clear the read-only mark, doesn’t that do the opposite of what you describe?
— Frank · May 2, 02:00 PM · #
Hey, Frank!
You are absolutely right. Fixed.
2Abas: Please note that contacting support team via Support section is the most fast suitable way to resolve financial/technical and any other questions you might have. If you request the refund please provide your original Serial Order number or Activation Code.
Thanks.
— Eugene · May 9, 07:12 PM · #
Hi. My name is Galvão. I’m Brazilian and I write (and understand) english just a little bit. On my work, the “intranet” (Is that right?) contains a Trojan horse for a very long time, and I created in my flash drive an archive autorun.inf, but using notepad. Is it possible to create in the same root a folder named autorun.inf and an archive named autorun.inf? Is it the same thing?
— Galvão · Jun 9, 10:20 AM · #
first off, license.rtf is not and cannot be a virus, its a text file. Second, some USB flash drives DO indeed have read only switches. Third, it is elementary for a programmer to write code to overwrite an autorun.inf file, it is easily done with just a few lines of code in almost any programming language, and can be done regardless of the file attributes associated with the file. Basically all the advice you give on this site is just droll and you make money off people by lying to them and selling them a product that fixes problems that don’t exist. I actually feel dumber after having read some of your “articles.” Oh, and you are by far not an industry leader.
— Jack · Aug 19, 11:07 PM · #
2 Jack:
first: please provide more detailed information about wrong rtf detection. sometimes rtf can contain the vulnerability.
second: about 80 percents of flash drives doesn’t have readonly switch. when you need to write something to flash drive from infected pc you will be infected.
third: no one trojan present these days uses this ability. checking for the folder presence is much more easier that checking for file presence / it’s contents (file can be hidden).
We can solve the problems where “industrial leaders” fail to help.
I'm sure that your "feel dumber" doesn't relate with our articles reading.
— Eugene · Sep 8, 11:07 AM · #
2 Galvão:
I would recommend you to create the autorun.inf folder on your flash drive instead. This way you can control and see whether your flash drive is infected.
— Eugene · Sep 8, 11:21 AM · #
to install virus protection
— joseph schottenstein · Sep 16, 01:54 PM · #
I hope this is safe
— karen · Sep 19, 03:38 AM · #
There actually are flash drives with a “Read Only” protection switch.
I received one from a software company a couple of years ago, and it has their name and logo on it. So I do not know what brand it is.
But it has a small sliding switch on it, which actually does work.
-a.
— Alex Howard · Oct 12, 09:21 PM · #
I USE HP FLASH DRIVE v125W 16GB; whenever i send or copy something in a folder on it, it keeps the size of the folder after I have deleted it, though the folder doesn’t show on the flash drive. Please, how do I fix it. Thanks
— WILDCHILD · Oct 28, 07:20 PM · #
“Unfortunately, no flash devices with a read-only switch currently exist as was the case with floppy disks.”
OK, so SOME USB memory sticks do have read/write toggles fitted! Very sensible, but not ubiquitous.
A solution which is possibly preferable to the memory stick model is to buy a USB SD card reader, or a multi-format card reader. The first is more compact, and some have the SD card slot enclosed so that the SD card can remain in the device when that is carried in a pocket, pouch, purse, or case.
SD cards have a read/write toggle fitted, and perhaps offer greater versatility than memory sticks which require synchronising with a primary machine, or the deletion of ‘redundant’ files which have to be backed-up elsewhere if they do not actually become redundant.
— John · Nov 30, 08:58 AM · #