Learn about USB flash drive virus prevention and control

Welcome to the network security forum and interact with 3 million technical staff to access the USB flash drive virus, which is a tough thing for many people. Once a trick is made, it may lead to the loss of important files, next, rising experts will analyze it in detail! USB flash drive virus principle USB flash drive viruses are usually transmitted using the automatic playback function of Windows. Automatic playback is Wind

Welcome to the network security forum, and interact with 3 million technical staff> accessing the USB flash drive virus is a tough thing for many people. Once a trick is made, it may lead to the loss of important files, next, rising experts will analyze it in detail! USB flash drive virus principle USB flash drive viruses are usually transmitted using the automatic playback function of Windows. Automatic playback is Wind

Welcome to the network security forum and interact with 3 million technical staff> enter

The USB flash drive virus is a tough thing for many people. Once a trick is made, it may lead to the loss of important files. The rising experts will analyze it in detail!

Principle of USB flash drive Virus

The USB flash drive virus is usually transmitted using the automatic playback function of the Windows system. Automatic playback is a convenient function provided by Windows. However, it is exploited by hackers to increase the possibility of virus transmission.

: After the USB flash drive is inserted, the Windows system will automatically ask the user about the operation.

Automatic playback is implemented by hiding the Autorun. inf file in the root directory of the drive. Autorun. the inf file is not a virus, but is easily exploited by viruses. the inf file points to the virus program. When you double-click the USB flash drive, Windows can immediately activate the specified virus. To more intuitively describe the implementation process of Autorun. inf, the following is a simple demonstration.

First, write an Autorun. inf

Export autorun‑open‑notepad.exe shell \ open = open (& O) shell \ open \ command+notepad.exe shell \ open \ Default = 1shell \ lead E = Resource Manager (& X) shell \ lead e \ command+notepad.exe icon = rising. ico

Copy the notebook program notepad.exe and rising. ico from windows to the root directory of the USB flash drive, as shown in.

: Put the autorun.inf、notepad.exe and rising. ico files in the USB flash drive root directory.

. After the USB flash drive is re-inserted, the icon changes. No matter you double-click, right-click, or right-click Resource Manager, only the notepad is displayed, but the USB flash drive cannot be opened. What if I replace notepad.exe with a virus file?

: Users can use the USB flash drive to activate the USB flash drive and use the notepad.exe file stored in the USB flash drive as the resource manager.

Away from USB flash drive Virus

A simple way to prevent the USB flash drive virus is to use double-click to open the USB flash drive with caution. You are advised to right-click the USB flash drive and choose, but now there is a virus that spoofs "open" and "Resource Manager" in the right-click menu, such as Autorun. inf. So how should we prevent the USB flash drive virus? The following provides several simple and effective methods to defend against the attack of the USB flash drive virus.

Method 1: Create the Autorun. inf immune File

Create an empty folder named Autorun. inf in the root directory of the USB flash drive. As a result, the virus cannot create the Autorun. inf file in the same directory to infect the USB flash drive.

Note: If the USB flash drive has been infected with a virus, the method for setting up the Autorun. inf immune file becomes invalid. Because the infected USB flash drive already has the Autorun. inf file, it is very important to "start first.

Method 2: Disable automatic playback in Group Policy

Take Windows XP as an example. The procedure is as follows: click "start"> "run" and enter gpedit. msc and press Enter. In the displayed Group Policy window, select "Computer Configuration"> "management template"> "system", open the "Disable automatic playback" attribute, and click "enabled, select All Drives from the drop-down list and click OK to exit.

: Disable automatic playback on all local drives in Group Policy

[1] [2]