Senior Network Management teaches you how to thoroughly prevent USB flash drive viruses

Author:Beijing little witchThe first reaction to the network administrators of small and medium-sized enterprises is the USB flash drive virus. In actual work, many viruses are spread through the USB flash drive, generally, the computer system of employees will be installed by professional network administrators, and all patches will be installed completely. The Windows update service must also be enabled and automatically updated, therefore, vulnerability viruses cannot easily intrude into employee computers. Therefore, the most common cause of virus infection on employees' computers is USB flash drives. Because our network administrators cannot remove USB flash drives from their computers, infection with the USB flash drive virus has become a common problem in the enterprise intranet. I believe the above problems have plagued many enterprise network administrators, today, I will introduce you to the readers of the IT168 Security channel the insights on preventing the USB flash drive virus from multiple perspectives based on my experience.

　　I. USB flash drive virus infection mechanism:

For most USB flash drive viruses, they use the system's automatic playback function and AUTORUN file to enable the USB flash drive and automatically run the virus program to spread the virus to the normal operating system. Therefore, to prevent the USB flash drive virus, you must first process the automatic playback and AUTORUN files and block these two transmission channels.

2. Disable automatic playback and block virus propagation:

Generally, when we insert a CD or USB flash disk into the employee's computer, the system will immediately display an automatic playback dialog box. Let's select the open mode. This automatic playback function can easily cause virus intrusion, first, we need to disable the automatic playback function of the system to block virus transmission channels. (1)

Step 1: Go to "start"> "run"> "Enter gpedit. msc" in the lower left corner of the system, and click "OK" to open the "Group Policy" window. (2)

Step 2: In the "local computer policy" on the left pane, expand "Computer Configuration"> "manage template"> "system", and then under the "Settings" title in the right pane, double-click "Disable automatic playback ". (3)

Step 3: click the "Settings" tab, select the "enabled" Check button, click "All Drives" in the "Disable automatic playback" box, and click "OK, close the "Group Policy" window. Of course the mode is a CD-ROM drive, if only keep the default, we will not be able to prevent the automatic playback of the U disk. (4)

So far, we have completed the task of disabling automatic playback and blocking virus propagation. After a USB flash drive is inserted into the system, the system will not display a dialog box for automatic playback, making the system safer.3. Start with AUTORUN to solve the problem of spreading the USB flash drive virus:

In addition to automatic playback, another way to infect the USB flash drive virus is the AUTORUN file in the USB flash drive. Many viruses will create an autorun in the root directory of the USB flash drive. inf file, in which the specific path of the program automatically loaded and run when the USB flash drive is opened is written, so as to spread and infect. So how can we solve the system intrusion caused by the AUTORUN. inf file? The procedure is as follows.

First, create a folder under the root directory named autorun. inf. Because Windows requires that files and folders of the same name cannot coexist in the same directory, the virus cannot automatically create the autorun. ini file, and the virus does not run even if you double-click the drive letter. (5)

　　TIPS:

Create autorun. the inf directory method is only applicable to the prevention work when the USB flash drive is not infected with viruses. If the USB flash drive is infected with viruses, then autorun. if the inf file already exists, we cannot create a directory with the same name. What we can do is to first Delete the autorun. the inf file then performs the above operations.4. Disable the hardware detection service to make the USB flash drive lose intelligence:

In Windows XP, we have the plug-and-play function. All hardware connections can automatically detect and automatically install drivers. If we want to prohibit employees from using USB flash drives, the most direct way is to disable the hardware detection service, so that even if someone tries to plug the USB flash disk into the computer interface, no hardware device will be found, and the USB flash disk cannot be used.

The specific instructions and operation steps are as follows: Go to "start"> "run"> "Enter CMD" and press enter to enter the Command Prompt window, then, Run "SC config ShellHWDetection start = disabled" in the window to disable the hardware detection service. The changeserviceconfig success prompt indicates that the command is valid. (6)

Similarly, you can directly use the "SC config shellhwdetection start = auto" command to recover the system from automatic hardware detection. (7)

This method completely eliminates the access to the USB flash drive. No matter whether it is a secure USB flash drive or a USB flash drive with viruses, it cannot be used smoothly.

5. Modify the Registry to shut up the USB flash drive:

In actual work, many network administrators will find that even if the automatic playback function is disabled, the USB flash drive virus will still intrude into your system when double-clicking the drive letter, in my personal experience, you can modify the Registry to completely shut up the USB flash drive virus.

Step 1: Go to "start"> "run"> "Enter REGEDIT" and press enter to enter the Registry Editor.

Step 2: Open the registry and find the following registration item hkey_current_usersoftwaremicrosoftwindowscurrentversionpolicermountpoints2.

Step 3: Right-click the MountPoints2 key and select a permission to restrict the access to the key value. (8)

Step 4: Set the full control of the Administrators group and the SYSTEM group to block, so that these high-Permission accounts with SYSTEM operations will not perform operations on this key value, thus, the intrusion of viruses is cut off. (9)

In this tutorial, after Windows reads Autorun. inf, the sub-key under MountPoints2 is modified to add a new right-click menu item. Set the permission of this key to block. The menu item pointing to the virus cannot appear, and the virus cannot be activated.6. Use a utility to block the USB flash drive virus:

Of course, for most users who do not have much security experience, it is most convenient and direct to use tools to block the USB flash drive virus. After years of testing and use, I found that there is a name called autorun. inf immunity tool is good. Let's take a look at its usage.

Step 1: run the main program autorunvaccine.exe directly after the software is downloaded.

Step 2: In the pop-up software application dialog box, select the USB flash drive to be immune from the drop-down menu. (10)

Step 3: Finally, click the inject button on the right to enable automatic USB flash drive immunity. the "the vaccine for drive f: is injected" indicates that the USB flash drive is immune successfully, after processing the USB flash drive, it will no longer be infected with the USB flash drive of the automatic playback type. (11)

Step 4: After immunization, you can see the AUTORUN. INF file automatically generated by the software in the USB flash drive. (12)

Step 5: when you open the autorun. inf file, a "Access Denied" prompt will appear, which fundamentally prevents the virus from modifying the autorun. inf file. (13)

　　TIPS:

In fact, there are many gadgets in the network that have the USB flash drive virus protection function. In addition to the software described above, the Zbshareware of the USB device is monitored. USB. disk. security is also quite good. Currently, the latest version is v5.1.0.0. Interested readers can download and use it on their own.

But it does not run automatically when it is inserted into the system ). Of course, if the target disk already has a folder named AutoRun. inf, all the files in the AutoRun. inf folder will become lost clusters after immunization. You can use chkdsk/f to restore the lost cluster to the FOUND. xxx folder. All files can be recovered, but the file name and folder structure cannot be recovered.

　　VII. Summary:

There are various types of USB flash drives and different transmission methods. However, the methods described in this article can prevent most USB flash drives from intruding into the virus. Methods 1, 4, the fifth is to solve the problem of loading the USB flash drive virus from the local system. The second, third, and sixth are the immune operations performed when the USB flash drive is not infected with the virus, I hope this article will help more network administrators solve the actual security problems of the enterprise intranet.