What should I do if I encounter a USB flash drive virus?

The autorun. inf file helps spread viruses. The virus first copies itself to the USB flash drive, and then creates an autorun. inf. When you double-click the USB flash drive, the virus in the USB flash drive runs according to the settings in autorun. inf. As long as we can prevent the creation of the autorun. inf file, even if there is a virus on the USB flash drive, we can only lie down and sleep.

 

You may also think of this, but no matter what attributes are set for autorun. inf, the virus will change it. The method I mentioned is to delete the autorun. inf file under the root directory. Create a folder under the root directory named autorun. inf. In this way, because files and folders with the same name cannot coexist in the same directory, the virus cannot do anything, And the autorun. inf file cannot be created. In the future, will there be a new virus? I still don't know whether to automatically delete folders and create files again, but at least this method is very effective at this stage.

Use a USB flash drive to right-click and check whether the first item is "open". If it is not "open", it is "open", but "open", auto, or automatically play the video, it must have won the bid, but do not press right-click to open and change the display property to display all files to delete autoruninf and then use the following method:

 

The autorun. inf file helps spread viruses. The virus first copies itself to the USB flash drive, and then creates an autorun. inf. When you double-click the USB flash drive, the virus in the USB flash drive runs according to the settings in autorun. inf. As long as we can prevent the creation of the autorun. inf file, even if there is a virus on the USB flash drive, we can only lie down and sleep.

 

You may also think of this, but no matter what attributes are set for autorun. inf, the virus will change it. The method I mentioned is to delete the autorun. inf file under the root directory. Create a folder under the root directory named autorun. inf. In this way, because files and folders with the same name cannot coexist in the same directory, the virus cannot do anything, And the autorun. inf file cannot be created. In the future, will there be a new virus? I still don't know whether to automatically delete folders and create files again, but at least this method is very effective at this stage.

 

 

How to Prevent USB flash drive poisoning

 

Computer users develop good habits of using USB flash drives, mobile hard drives, and other mobile storage devices. For example, when an external USB flash drive is connected to a computer system, do not double-click it to open it. Therefore, the computer must first undergo anti-virus processing, or Use anti-virus software with the USB flash drive Virus Immune Function to scan and kill the virus, and then access the computer system. In addition, disable Microsoft's "automatic playback" function.

 

Detailed methods include:

 

Method 1. when you insert a USB flash drive, press and hold the shift key to prevent the virus from automatically running with the USB flash drive (about 5 seconds). After the drive letter appears, right-click the drive and choose open USB flash drive and adjust the options, display hidden files. If autorun. INI file, open autorun. INI file, which involves several dll and exe files removed from the USB flash drive, and finally disabled autorun. and delete the INI file. Exit the USB flash drive! OK!

 

Method 2: Use rabbit magic to disable the automatic operation of the USB flash drive and CD. Manually clear the virus by using method 1.

 

Method 3 prevent the USB flash drive from being infected with autorun. ini viruses. You can create a folder named autorun. ini on the USB flash drive, drive C, drive D. If you find the C drive, D Drive,... excellent autorun. ini file, and several related dll and exe files, the trojan is infected. Do not double-click the drive letter to prevent virus attacks.

 

Method 4 Use a dedicated antivirus Tool

 

(1) http://down.hnmaths.com/soft/rjxz/wlsd/1507.html

 

(2) AUTO virus exclusive

 

(3) A tool dedicated to killing the ROSE Virus

 

During use of windows xp, by default, once a removable disk is connected to a computer (when a CD is inserted into the optical drive or a USB flash drive or a mobile hard drive) the automatic playback function of Windows XP reads the drive, and then displays a dialog box asking you to select whether to open the video, audio, and image files. This automatic function may not be required. If you want to disable it, you can use the following method:

 

1. Set Properties for a mobile device.

 

Disable the automatic playback function of a single mobile storage device. you can disable the function directly through the properties page of the Mobile storage device. (This requires that the mobile storage device already exists on the computer .)

 

1. Right-click the Mobile storage device on my computer or resource manager to disable the automatic playback function. Select properties.

 

2. Click the automatic playback tab in the window that opens. In the action box, select the single button before "select an operation to execute" and select "do not execute ". Finally, click "OK ".

 

In this way, the device will not automatically open the folder.

 

Ii. Disable the automatic playback function of windows xp at one time using the Group Policy:

 

If you want to disable the automatic playback function of Windows XP at one time, you can use the Group Policy.

 

1. Click "start", select "run", type "gpedit. msc", and run the command to open the "Group Policy" window;

 

2. Under "Local Computer Policy" in the left column, open "Computer Configuration _ manage template _ System", and then under the "Settings" title in the right column, double-click "Disable automatic playback ";

 

3. Select the "Settings" tab, check the "enabled" Check button, select "All Drives" in the "Disable automatic playback" box, and click "OK, exit the Group Policy window.

 

In "user configuration", you can also customize this "Disable automatic playback ". However, the settings in computer configuration are wider than those in user configuration. This helps multiple users to use this setting.

 

Note: The "Disable auto-play" setting can only stop the system from listing the CD and mobile storage directories, and cannot prevent auto-playing of the CD disk. To prevent automatic playback of music CD, you only need to change the properties of mobile devices.

 

Autorun. inf file details and immunization methods-help you prevent USB flash drive poisoning

 

There have been too many viruses using the file autorun. inf recently. The most famous one is pandatv. As a result, some people have called on you not to double-click to open the hard disk, but to right-click and select "open" to open the hard disk. However, will the autorun. inf file be affected? Let's take a look at the following code:

 

[AutoRun]

 

Opentracing eager.exe

 

Shellopen = open (& O)

 

ShellopenCommand=eager.exe

 

ShellopenDefault = 1

 

Shellexplore = Resource Manager (& X)

 

ShellexploreCommand=eager.exe

 

　

 

This is copied from an autorun. inf file. You can try to copy the above Code to notepad and save it as "autorun. inf ", save it to drive D, and then modify the volume label of drive D (the purpose is to make the right-click menu update immediately ). Right-click the drive D and check it. Well, the right-click menu is the same as the original one. Right-click and select "open" or "Resource Manager ". How is it? Cannot open drive D. Then you will ask, if my computer is infected with this virus, no matter how it is operated, even if I reinstall the system, will it be infected again if I open the hard disk? Don't worry, there are still solutions. You can open the disk by selecting "Local disk (D :)" in the drop-down list in the address bar, or directly entering "D:" in the address bar. Of course, there are other methods.

 

Next I will introduce the format of the autorun. inf file.

 

I. [AutoRun] Keys

 

1. action

 

Specify the name of the program that runs open and shellexecute.

 

2. icon

 

Specify the drive icon

 

3. label

 

Specify the drive volume label

 

4. open

 

Automatically run and open the specified file

 

5. shellexecute

 

Automatically run and open the specified file (unlike open, you can use file association information to open the file)

 

6. UseAutoPlay

 

The value can only be equal to 1. It is used to use the V2 feature of autoplay and only supports Xp sp2 and later versions.

 

7. shell

 

Specify the default right-click menu name

 

8. shellverb

 

Add custom right-click menu

 

Ii. [DeviceInstall] Keys

 

Used to specify the search driver directory

 

DriverPath = directorypath

 

It's very easy. You can understand it at a glance, so you don't have to talk about it.

 

Next, we will briefly introduce an immune method for autorun. inf virus.

 

The principle is as follows:

 

Create a folder that cannot be deleted in the root directory of the drive, called "autorun. inf ", because windows files in the same directory cannot be renamed, the virus cannot be written to autorun. inf, destroys the startup of the virus. That's simple.

 

For example, now we are immune to d: disk, the following operations:

 

1: Open the cmd window

 

2: d:

 

3: md autorun. inf (create the "autorun. inf" folder)

 

4: cd autorun. inf (go to the "autorun. inf" folder)

 

5: md eager .. (create a folder that cannot be deleted)

 

In this way, d: A folder named autorun. inf appears in the disk, which contains a sub-folder named "eager." And cannot be deleted. Successful.

 

We recommend that you use immunization for each drive.

 

In addition, disabling the hard disk AutoRun function is also an effective way to prevent hacker intrusion. Enter Regedit in "run" in the "Start" menu, open the Registry Editor, expand to the HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExploer primary key, and find "NoDriveTypeAutoRun" in the right pane ", this key determines whether to perform the AutoRun function of the CDROM or hard disk.

 

Double-click NoDriveTypeAutoRun. By default, the AutoRun function is disabled.