A thorough solution to autorun. inf viruses and Trojans

From: Network
Autorun. inf-type viruses and Trojans are believed to have been marked in the standard form. The Downloader-type Trojans are more obvious. The following ZZ Methods hope to be useful to you. You can test them by yourself.

Reference Iamcj original

In the previous make a anti-Autorun batch, we discussed how to disable the Shell Hardware Detection Service to prevent the automatic operation of the disc/USB flash drive during insertion, there are also a considerable number of discussions, removing the question of no nutrition in the middle, which puts forward three points worth noting:

Through RD/S/Q, you can directly Delete the autorun. inf directory containing the dot directory;
You can also rename the autorun. inf directory that contains the vertex directory;
Disabling Shell Hardware Detection will make the system unable to recognize the drive type of CD/DVD;
Most importantly, even if auto-running is disabled, most users still "manually call auto-Execute" because of double-clicking the drive letter in my computer to infect the virus ...... OK, the main character is playing today!

According to the opinions of cnlong friends on cnbeta, the test passes and uses Registry Editor + permission control to completely prevent autorun. inf calls when you double-click the drive letter. The specific method is as follows:

1. Start -- run -- Regedit;
2. Locate HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \
CurrentVersion \ Explorer \ mountpoints2;
3. Right-click mountpoints2 -- permission;
4. Add -- enter everyone -- check name -- OK;
5. Select the deny option in the "full control" column. The answer to the security warning is;

It should be a perfect solution: after such permission settings, the Autorun. INF calls will be blocked. By default, the directory will be opened when the discs and USB flash disks with Autorun are loaded. Double-click the drive letter to open the directory rather than execute the program, at the same time, the right-click menu will not display any form of Automatic Running menu.

For analysis, the key value should be used by windows to record and manage the right-click menu on the double-click drive letter and drive letter, find it in it, and then decide what operations to perform. If you look at it carefully, you will find more content. After we shield the operation permission of this key value from everyone, the system will not be able to access the corresponding table, so only the open operation will be available.

The combination of the content mentioned in the two articles should completely solve the problems caused by automatic running and double-click drive letters!

Test, available.

Comments:
Advantage: Autorun operation is eliminated to prevent spreading of the USB flash drive virus;
Disadvantages:
The CD Autorun does not work, and the U3 USB Flash Drive Autorun does not. ReferenceMy method is to directly modify all autorun. inf strings in the system shell32.dll, for example, to change to runauto. inf, so that the autorun function is still used, and the virus is not broken.