There are several viruses that uses the autorun.inf to spread itself such as the Bacalid (hides itself in ctfmon.exe) and the RavMon.EXE. These viruses set its file attributes to System+Hidden+Read-Only attributes so some anti-viruses will have a hard time detecting or finding them. These viruses save itself in the root directory of every available drives of the current infected computer and runs itself every time you Double-Click the drive. In USB Sticks and CDs that are infected by the virus runs automatically especially if drive autorun is enabled for the current drives (which is usually by default, autorun for drives are enabled).
Autorun.INF is usually used by CD Installers to autoplay their installations but Hard disks by default should not have AUTORUN.INF in the drive.
Now, it is possible that your computer is infected by those viruses if you try to display the content of the your computer through command prompt, using the dir /ah command. You will see the following window if you try this:
You will see from this window that drive C contains a hidden file autorun.inf, this is a possibility that the computer is infected. Now to erase this, restart your window to Safe Mode Command Prompt. (Do this by rebooting your computer and pressing F8 before windows go out and select from the boot menu). On drive C and other drives type the following commands: 1. attrib -h -r -s autorun.inf 2. del autorun.inf
Do this steps to other drives to disable the autorun.inf .
Disable AUTORUN from Registry
Now you can disable the AUTORUN for all drives by configuring the registry. Open the registry by typing regedit.exe to the command prompt (if your still at the command prompt) or execute it in Run. Look for the HKEY_CURRENT_USER\Software\ Microsoft\Windows\CurrentVersion\Policies\Explorer as shown below:
Double-click the NoDriveAutorun DWORD entry and type the value HEX: FF (255 in Decimal). (If the NoDriveAutorun does not exists, you can creat it by right-clicking the right side area of the regedit window, then click New->DWord Value -> type NoDriveAutorun) Close the registry and restart the computer. This procedure will disable all the autorun for all drives of your computer and at least will prevent the autorun function of infected USB drives or CDs and avoid the infection of viruses like the Bacalid and RavMon.exe.
Update:
If you want to prevent viruses that uses autorun.inf to infect your USB flash drive, try to do this:
1. Open your flash drive via Command Prompt (do this via Start->Run->cmd.exe)
2. Change your logged drive to your USB flash drive (e.g. if your drive is at drive E: then type E: on the command prompt then press enter)
3. Create a folder named: AUTORUN.INF on the root directory of your flash drive. (to do this type the command: MD\AUTORUN.INF). If an error: a subdirectory already exists… shows, try to follow the instruction above to remove existing autorun.inf before doing this instruction.
The reason why this will avoid future infection is that autorun.inf viruses usually generates a file autorun.inf. Having an AUTORUN.INF folder on the root directory of your drives will make virus programs unable to create their own autorun.inf file, virus can’t even overwrite..
Try also New fake Anti-Spyware removal
Please dont forget to leave a comments.. thanks and have fun
1 Comment:
Have used Kaspersky security for a couple of years, I'd recommend this anti-virus to all you.
Post a Comment