Exterminate It! Antimalware

blog

Known threats:700,085 Last Update:August 24, 10:09

Testimonials

WOW!

Real people who answer queries within an hour!

Please don't get bought out by some large, impersonal company. Your customer service is amazing.

I am recommending your product to everyone I meet.

Ainsley
Jan 24, 04:14 am

How to Prevent Your Flash Drive from Being Infected

Zlob.DnsChanger, Downandup, Downadup, Kido, Conficker – all those autorun trojans are increasingly becoming quite a bit of a problem, and the numbers in which several their variations have been proliferating a while now are really appalling. What could be done to, at least, slow down their spread and, which is all the more important, keep your own PC safe from them?

To find an answer to this question, we first need to take a look at the way this kind of infection spreads:

  1. You insert a flash device into an infected PC and the autorun.inf file is created in the root folder of your flash device;
  2. The infected files are then copied to the flash device (this is called payload);
  3. You insert the infected flash device into another PC. Here, the autorun functionality is enabled, the autorun.inf file is run, and the payload process starts, thus infecting the target machine.

Unfortunately, no flash devices with a read-only switch currently exist as was the case with floppy disks.

However, your flash device can still be protected and prevented from becoming a carrier of the infection. Surprisingly, that can be done by availing oneself of some of the limitations the modern-day file systems have.

In a modern file system, THE FILE AND THE FOLDER THAT HAVE THE SAME NAME CANNOT CO-EXIST IN THE SAME LOCATION and file names of the file systems FAT/FAT32/NTFS are CASE INSENSITIVE.

This means, that if we create the autorun.inf folder in the root of your flash device, no file with the same name can ever be created. Therefore, based on the existing properties of the modern file systems, we can easily create an insurmountable obstacle for autorun infections that will render their autorun process impossible incidentally.

Luckily, the above method can be applied on absolutely any PC.

Below, you will find some detailed instructions on how to safeguard your flash device from becoming infected with autorun trojans. Prior to proceeding with these instructions, you need to enable the display of hidden files on your PC.

To enable display of hidden files:

Windows Vista

  1. Click Start;
  2. Select Control Panel;
    • If the Control Panel opens in the Classic View, double-click the Folder Options icon and proceed to Step 3 of the Windows XP instructions below,
    • If the Control Panel opens in the Control Panel Home View, click Appearance and Personalization > Show Hidden Files or Folders and proceed to Step 4 of the Windows XP instructions below.

Windows XP / 2003

  1. Double-click My Computer;
  2. Go to the Tools menu and select Folder Options.
    A dialog box will be displayed.
  3. Select the View tab;
  4. In the Hidden files and folders section – select the Show hidden files and folders option;
  5. Clear the Hide extensions for known file types checkbox;
  6. Clear the Hide protected operating system files checkbox;
  7. Click Apply.

Upon completion of the above procedure, you can get down directly to securing your flash device against the threat of autorun infections.

To prevent your flash device from becoming an infection carrier:

  1. Click My Computer;
  2. Right-click your Flash Drive;
  3. From the menu, select Open;
  4. If the file autorun.inf is present in the root of your flash device, delete this file;
  5. Create the folder named autorun.inf in the root of the flash device by right-clicking the free space and selecting Create > New Folder from the menu;
  6. Copy some files to the newly created autorun.inf folder;
  7. To make the autorun.inf folder read-only, right-click the folder name, select Properties, and check the Read-Only mark.
  8. Click OK.

Now, your flash device is fully protected against any kind of an autorun infection.

However, you should bear in mind, that the above steps prevent only active content from running automatically on your flash drive after its insertion into a PC.

You should always check whether your autorun.inf folder is present on the flash drive. The current-day malware is incapable of overcoming the obstacle of the same-name folder. However, in the future, you may also have to keep an eye on the folder name, as its not ruled out that the future generations of autorun infections will not try to overcome this obstacle by renaming the folder.