The virus is improving, and the anti-virus method is also improving.
The original virus spread through a USB flash drive usually writes an autorun. inf file under the root directory of the USB flash drive, so that users can accidentally double-click the USB flash drive to directly run the virus. So someone thought of creating an empty Autorun under the root directory of the USB flash drive. INF file, and set the read-only and system attributes, so that early viruses will not be able to create Autorun. the inf file cannot run the virus automatically.
However, it wasn't long before the virus makers became smart. The new virus first checks whether the autorun. inf file already exists. If the file exists, it removes its read-only and system attributes, deletes it, and then writes the autorun. inf file to the virus. This action becomes invalid.
However, some normal people think that Windows does not allow files or folders with the same name, so they create an Autorun. INF folder is an alternative method to prevent viruses from writing to real INF files. However, once this method is known to the public, it will soon lose its role, because the updated virus will also delete the autorun. inf folder.
All right, I have said so much, but I just want to tell you a new method. Although this method may be cracked by new viruses over time, but at least for a while.
The principle of using this method is that if a file with an invalid file name exists in a directory, the parent folder cannot be deleted before the file is deleted.
We can use this principle in autorun. the INF folder specifically creates a file with an invalid file name, And you can retrieve the file name by yourself. Even if the virus knows that this strange file exists, it does not know its original file name, it cannot be deleted, and autorun cannot be deleted. INF folder.
Since it is a file with an invalid file name, it cannot be created normally in windows. You can only create new folders in DOS.
Specific Method:
1. Select "run" from the "Start Menu" and enter "cmd" and press enter to open the command prompt.
2. Input in sequence in the Command Prompt window ('is followed by a comment without entering ):
X: 'Enter the drive letter of the USB flash drive for anti-virus processing.
MD autorun. inf 'creates the autorun. inf folder.
CD autorun. inf
MD bt_novirus .. \ 'creates a folder with an invalid file name. You can modify it by yourself, but keep the last ".. \"
CD ..
Attrib autorun. inf + R + A + H + s 'adds various attributes for autorun. inf, just in case, it does not actually work.
After this processing, we can effectively prevent the virus from automatically running, so that we can go to the USB flash drive to delete the files that can be used. When entering the preceding command, note that the folder name must be kept in mind when creating the second folder. Otherwise, we cannot delete this directory by ourselves.
After that, we enter Autorun. INF directory, you will see the name "bt_novirus. "directory, but its real name is" bt_novirus .. \ "because" \ "is a character that is not allowed in Windows naming rules, an error occurs when it is displayed in windows, at this time, you will find that no matter what operations you perform on the folder, the error message "unable to read the source file or disk" will appear.
If you need to delete this folder in some special circumstances, you only need to use "RD bt_novirus .. \ "command to delete the folder. If you do not remember the original file name, it is troublesome. This is also the intention of keeping this folder name in mind.
Of course, this method also has a method of cracking, but it has not been figured out yet. In fact, if the virus is tough enough, you can directly format the USB flash disk. Therefore, we still need to develop good usage habits of USB flash drives and make full use of USB flash drives. In addition to the methods described in this article, we should be able to basically eliminate the automatic operation of viruses.
This article is reproduced from the "BT blog", the original address: http://www.billtec.cn/blog/article.asp? Id = 86