Preventing viruses to enter USB drive in Windows

from Praveen Kullu  codeproject 

Almost everyone who owns a USB drive has sometime formatted his drive because of the virus that gets transmitted through USB. In this tip/trick I will tell you how to prevent viruses from entering your USB.

I know most people would say “that can be easily done by disabling autorun of USB in the computer” . Some programs allow you to set your USB as read-only. That can be done through messing with registry (there are a lot of articles on the internet explaining that). Some USBs have a Write-lock mechanism available like SanDisk . Also there are programs like Panda USB vaccine which disallow permission to modify or open Autorun.inf file. What I would tell you can easily do without downloading any program.

Most common places where viruses hide themselves in the USB are RECYLER folder,MSOCACHE folder, and by executing through Autorun.inf file. To disallow Autorun.inf file being created in USB, Create a folder , rename it to Autorun.inf. Add any new file within the “Autorun.inf” folder(new ->Text document). Add a new text file within USB(within USB root, not within any folder in USB) and rename it to RECYCLER without the .txt extension. Similarly create another text file and rename that to MSOCACHE without extension. [Note: Remove the extension ,i.e – >New Text Document.txt to RECYCLER].

Setting Attributes

Now that the files and folder have been created, it is necessary to modify their attributes so that they can’t be deleted without your asking for permission. This can be done by setting attribute to read-only, System and Hidden.

Open up command prompt, type:

 Collapse | Copy Code
ATTRIB +r +s +h  full path of file or folder

i.e.:

 Collapse | Copy Code
ATTRIB +r +s +h I:\Autorun.inf
attrib +r +s +h I:\RECYCLER
attrib +r +s +h I:\MSOCACHE

Rules for creating file or folder

If there are some other files or folder that get infected, then for every folder that you want to prevent virus from penetrating, create a file and for every file, create a folder. I have done just like that. MSOCACHE and RECYCLER are folders so i created a file to replace them . Autorun.inf is a file, so I created a folder to replace it. The rule is, if there is an existing file or folder, then it can’t be replaced without deleting existing one.

Case

Some time before, I had helped someone disallow new shortcut virus from penetrating the USB. He was complaining that whenever he inserted his USB drive in his system, some files by name of new shortcut got inside the USB. Antivirus had not been installed in the system because the system was low on memory. I checked the USB and found that viruses had penetrated in the RECYCLER folder, so I deleted the folder and replaced it with an empty file with above attributes. For every new shortcut file, i replaced them with a folder with same name and set the attributes mentioned above. After that when he inserted the same USB in the infected system, the virus didn’t enter!

One more point to be noted. Remove the existing Autorun.inf file and RECYCLER folder or any any other file/folder that you want to replace from your USB before adding new file/folder.(Note: If you have used Panda Usb Vaccine to immunize your USB, it will disallow any modification to Autorun.inf, so it won’t be deleted. It’s Okay, you don’t need to delete the file). Most of the time these files are hidden so you will need to unhide them by going through explorer->tools->folder options ->view ->Show Hidden files and folders (WinXP).

Bonus

Sometime before I had created an application called file attribute changer and submitted that to the codeproject. It allows you to change the attributes of the files and folders at once . Source code and a working demo is available here.http://www.codeproject.com/KB/files/FileAttributeChanger.aspx[^].

Advertisements
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s