Summary of automatic operation methods for disallow CDs or USB flash drives
Source: Internet
Author: User
How to determine whether a USB flash drive or a mobile hard drive is infected: Do not double-click the USB flash drive or mobile hard drive if it is recognized by the system, this will cause a virus attack on the infected USB flash drive/mobile hard disk. Right-click the icon of the USB flash drive or mobile hard disk and check whether the menu item "Auto" is displayed. If yes, this indicates that the mobile device has been infected with the virus. The above two methods should be used to clear and prevent the virus: USB flash drives such as sxs.exe0000rose.exe are transmitted to a computer without any virus, double-click the drive letter of the USB flash drive to open the USB flash drive. Because the virus creates two files on the USB flash drive, one is the virus file sxs .exeor rose.exe, and the other is Autorun. INF. When you double-click the drive letter of the USB flash drive to open the USB flash drive, run Autorun. I nf,while autorun.inf refers to the virus file sxs.exeor rose.exe. We can create an Autorun on the USB flash drive. I NF empty folder (if it cannot be created on the graphic interface, enter the MD USB drive letter \ autorun on the Character interface. in F) when we use such a USB flash drive on a virus-infected machine, although the virus file is imported into the USB flash drive, we cannot establish Autorun on the USB flash drive. INF file. When using the USB flash drive, the two viruses will not be infected by double-clicking the USB flash drive Drive. Use group policies to disable automatic playback all at once: ① click Start and select Run, and type gpedit. MSC, run, and open the "Group Policy" window; ② Under "Local Computer Policy" in the left column, open "Computer configuration_management template_system ", next, under the "Settings" title in the right column, double-click "Disable automatic playback". ③ select the "Settings" tab and check the "enabled" Check button, select "All Drives" in the "Disable automatic playback" box and click "OK" to exit the "Group Policy" window. Solution: I have found many solutions on the Internet, which are generally the same idea: you can disable automatic playback through the Group Policy or modify the Registry to disable automatic playback. However, this method only Prevents viruses from automatically running. To enable the USB flash drive, you have to right-click it and choose to enable it. If you accidentally double-click the USB flash drive, a virus will occur. I thought for a long time to find a way to permanently prevent the automatic spread of the USB flash drive virus: first, describe the principle of spreading the USB flash drive virus. Create an Autorun under the root directory of the USB flash drive. when you insert a USB flash drive into the INF file system. the inf file is associated with a USB flash drive in the registry [HKEY_CURRENT_USER \ softwa re \ Microsoft \ Windows \ CurrentVersion \ Explorer \ mountpoints2 ]. Program (For example, virus programs). Therefore, you only need to prohibit the creation of subkeys in this registry location (I use the permission modification method) the following describes how to prevent viruses. Click Start> run enter regedit.exe press enter to open the Registry Editor and then expand the entry [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ current version \ Explorer \ mountpoints2] Right-click mountpoints2 select permissions in turn click Security users and groups in the following permissions are changed to refuse to refresh side after that even if the U disk has a virus will not activate Double-click U disk will normally enter the U disk automatically modify the Registry prohibit CD or U Disk to prevent the autorun virus when the disc is inserted into the optical drive, or you can connect a mobile device (such as a USB flash drive) to the system to automatically run the content in the CD/mobile device. At present, the popular Autorun virus enters the system through mobile devices. If the automatic operation function is enabled, the virus is activated through autorun. inf to enable computer recruitment. What is the autorun virus? What is its operating principle? How to manually clear it? The autorun virus is also known as the USB flash drive virus. [Principle] the USB flash drive virus mainly depends on removable devices such as the USB flash drive to survive. When users download files from the Internet and copy them to the USB flash drive, the USB flash drive virus may occur. When users double-click the USB flash drive, the hidden Autorun. INF and other system files, Autorun. INF is an installation information file, which can be used to automatically run a mobile device. The format of this document is [Autorun] open‑virus .exe (this is to enable the virus to be opened when the udisk is automatically run in double-click mode. EXE) icon = *. icon (if there is an icon file *. icon .) [Prevention] Step 1: Open notepad and edit as follows: Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer] "NoDriveTypeAutoRun" = DWORD: 000000b5 [HKEY_USERS \. default \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer] "NoDriveTypeAutoRun" = DWORD: 000000b5 save it as file name: Disable Automatic Running of USB flash drives. select "all files" for the reg save type and double-click the file to import it to the Registry. Step 2: Display All files. (If you have already set the file, go to the next step) my computer → tools → Folder Options → check and check "show all files and folders", and cancel "hide protected operating system files (recommended)" Step 3: delete the Virus File autorun.infy.toy.exe under the U disk to disable the automatic operation of the USB flash drive and the pop-up of the USB flash drive or mobile hard drive. Solution: Disable the automatic operation of the USB flash drive and choose run> gpedit. MSC> Computer Configuration> management template> system> Find "Disable automatic playback"> double-click> select "enabled"> disable automatic playback (select your own) PS: This Anti-Virus is a good measure. Generally, after a USB flash drive is infected with viruses, once you play it automatically or double-click it, it will spread to your computer, however, if you right click to open it, the virus will not infect the files on your hard disk and disable automatic playback. Another way is to press the Shift key when inserting the USB flash drive, and then you need to disinfect the USB flash drive. USB flash drives or mobile hard disks cannot pop up. Many of you have encountered this problem when using USB flash drives or mobile hard disks, you cannot pop up a device from the system taskbar in the lower-right corner of the desktop. After you click the pop-up button, the system will prompt that you cannot stop the 'general volume 'device. Please stop the device later. This is because there are still open files or programs on the USB flash drive or mobile hard disk, or some local programs are still accessing these mobile devices. At this time, you should first close all windows and programs related to mobile devices, and then pop up the devices. If the problem persists, click "start"-"run" and enter fsutil volume dismount X: Press enter, where, X: is the drive letter that the system assigns to your mobile devices. The function of this command is to forcibly uninstall the volume, and then you can click the icon in the system taskbar to pop up the mobile device. PS: to execute the pop-up device command, the left-click mobile device icon requires fewer steps than the right-click icon. Disable Automatic Start of USB flash drive ~~ Run -- enter regedit and open it down -- [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer] Find NoDriveTypeAutoRun and change it to 91. Method 1: This method is relatively simple, that is, when the user puts the USB flash drive, hold down the Shift key until the USB flash drive indicator is out, and then release the Shift key. This method is a temporary method. This method is suitable if it supports the occasional disable auto-playback function. Method 2: Right-click the device in "My Computer" (the device here refers to the optical drive, USB devices, and other mobile storage devices. The hard disk partition is not listed here ), click "properties"-select the "automatic playback" tab. Here you can customize the automatic playback mode or simply disable it! Method 3: Enter "Regedit" in the "run" box to open the Registry Editor, in the following HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer branch, find the "NoDriveTypeAutoRun" key value (if not, you can create a new one). The data type is REG_DWORD, modify the key value to the hexadecimal "FF" and then restart the computer. Alternatively, use NotePad to create a new file and copy the following content to the file: Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer] "NoDriveTypeAutoRun" = DWORD: 000000ff "classicshell" = DWORD: 00000001 the storage disk is allautorundisabled. reg, and then double-click to import the registry and download it directly: Disable the udisk to automatically open and run the registration table file. Zip in fact, most anti-virus software now has a USB flash disk for monitoring. You can set it up, such as rising, click "Settings"> "Detailed Settings"> "other settings" and select "USB flash disk Settings". It is OK to unconditionally prohibit all disks from automatically running features to prevent the establishment of Automatic Running viruses, including the following Code (BAT or cmd type). Run the following command directly: rem unconditionally disables automatic running of all disks to Prevent Automatic Running of viruses Reg Add "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer"/V nodriveautorun/T REG_BINARY/d ffffff03/F> NUL 2> NUL Reg Add "HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer"/V NoDriveTypeAutoRun/T REG_DWORD/d 0x000000ff/F> NUL 2> NUL Reg add "HKEY_CURRENT_USER \ Software \ Microsoft \ Windo WS \ CurrentVersion \ Policies \ Explorer "/V NoDriveTypeAutoRun/T REG_DWORD/d 0x000000ff/F> NUL 2> NUL Reg Add" HKEY_USERS \. default \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer "/V NoDriveTypeAutoRun/T REG_DWORD/d 0x000000ff/F> NUL 2> NUL Reg Add" HKEY_USERS \ S-1-5-18 \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer "/V NoDriveTypeAutoRun/T REG_DWORD/d 0x000000ff/F> NUL 2> N Ul Reg Add "HKEY_USERS \ S-1-5-19 \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer"/V NoDriveTypeAutoRun/T REG_DWORD/d 0x000000ff/F> NUL 2> NUL Reg Add "HKEY_USERS \ S-1-5-20 \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer "/V NoDriveTypeAutoRun/T REG_DWORD/d 0x000000ff/F> NUL 2> nul rem prevents file hiding in Resource Manager reg Add "HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ exp Lorer \ Advanced \ Folder \ Hidden \ showall "/V checkedvalue/T REG_DWORD/D 0x00000001/F> NUL 2> eliminate the USB flash drive virus and disable automatic disk operation. Disable automatic playback, disable Autorun and Select Start> run on the system desktop ". (2) In the "open" column in the pop-up window, type regedit and click "OK" to run the Registry Editor. (3) Expand HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ CDROM in sequence. Change the autorun string value from 1 to 0. Select the string name with the mouse, select "Edit> modify" in the menu, and change the value from 1 to 0 in the "value data" column in the window that appears. (4) Expand HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ current version \ Policies \ Explorer in sequence, and change the value of the NoDriveTypeAutoRun string to BD, 00. (5) Exit the Registry Editor and restart the operating system. Eliminating the U disk virus [Theatrical Version] disables automatic disk operation and automatic playback. Disabling Autorun can also be disabled in group policies, which is easier. Start-run. Enter gpedit. MSC to open the Group Policy Editor. Open Computer Configuration-manage template-system-disable automatic playback enter Regedit in "run" in the "Start" menu to open the Registry Editor, expand to HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ exploer, and find "NoDriveTypeAutoRun" in the right pane ", this key determines whether to perform the autorun function of the CDROM or hard disk. Double-click "NoDriveTypeAutoRun". By default (that is, you have not disabled the autorun function), the default value of "NoDriveTypeAutoRun" is, and 00 in the pop-up window. The first value "95" is a hexadecimal value, which is the sum of all devices that are disabled to run automatically. Convert "95" to a binary value of 1001 01. Each of them represents a device. In Windows, different devices are represented by the following values: the value 0 in the table listed above indicates that the device is running, and the value 1 indicates that the device is not running (by default, windows prohibits the automatic operation of devices such as 80 h, 10 h, 4 h, and 01h. The value accumulation is exactly 95 h in hexadecimal format. Therefore, NoDriveTypeAutoRun "has a default key value of, 00, 0 ). From the above analysis, it is not difficult to see that by default, the four Reserved devices that will automatically run are drive_no_root_dir, drive_fixed, drive_cdrom:, and drive_ramdisk. Therefore, you must disable Autorun from automatically running the hard disk. in the INF file, the value of drive_fixed must be set to 1, because drive_fixed represents a fixed drive, that is, a hard disk. In this way, the original 1 00101 01 (from bottom to top in the "value" column of the table) is changed to the binary 10011101, And the hexadecimal value is 9D. Now, change the "no drive type Autorun" key value to 9d, 00, 00. Close the Registry Editor and restart the computer to disable the autorun function of the hard disk. How can I disable the optical disc Autorun function? In fact, it is to set drive_cdrom to 1, so that the first value in the "no drive typeautorun" key value is 10110101, that is, the hexadecimal B5. Change the first value to B5 and disable the Registry Editor. After the computer is restarted, the autorun function of CDROM is disabled. If you only want to disable the autorun function of the software disc, but retain the automatic playback capability of the CD audio disc, you only need to change the "no drive type Autorun" key value to: BD, 00. If you want to restore the autorun function of the hard drive or optical drive, perform the inverse operation in the direction. In fact, Autorun is not required for the root H directory of most hard disks. INF file to run the program, so we can completely disable the autorun function of the hard disk, even if there is Autorun under the root directory of the hard disk. windows does not run the specified program to prevent hackers from using Autorun. INF file intrusion.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.