Knowledge Encyclopedia: U disk Transmission virus principle

U disk to the spread of the virus to the aid of Autorun.inf files, the virus first copy to the U disk, and then create a Autorun.inf file, when you double-click the U disk, will be based on the Autorun.inf set to run the virus in the U disk.

If we double-click on a U disk, not open in the current window, but in a new window open, then there may be poisoning. At this point in the "My Computer" in the right click on the letter, see the top of the command is what, if it is "Auto", rather than the normal "open", then the possibility of poisoning further increase.

At this time we do not easily open U disk, because this time U disk root directory of the Autorun.inf file has been created and tampered with the implementation of the virus program.

We'll figure it out. Analysis of virus files: We can set the System folder properties to "Show All files and folders" through the "Tools---Folder Options---View" in the system. See the root directory of U disk Autorun.inf file, in fact, pure Autorun.inf file itself is a system file, often used for the automatic operation of the CD, content and structure as follows:

[AutoRun]

Icon=mm.ico

Open=mm.exe

Shell1= Open Mm.txt

Shell1command=notepadmm.txt

Then the system to find the Autorun.inf, U disk icon will be shown as Mm.ico, double-click will be executed Mm.exe, when the right key to the menu when you icon a line of "open mm.txt" option, click on the system with the Notepad (Notepad) The program opens the Mm.txt.

Finally, let's take a look at the general approach: when inserting a U disk, hold down the SHIFT key until the system prompts "the device can be used" to prevent the U disk from running automatically and execute the virus program, and then open the U disk do not double-click Open, also do not use the right menu open options open, and to use the resource Manager to open it, Or, after you open Explorer with the shortcut key win+e, open the removable device through the tree directory in the left column. Then open the Autorun.inf file, determine the location of the virus file, and then autorun.inf with the virus file (usually *. EXE hidden file) can be deleted.