02 December 2007

How will you know if your Removable Drive ("USB" | "flashdrive") has worm (virus)

If you're just a standard user of Windows Operating System, Basically you don't!

One way of doing it is to:
(important!)
1. Read the difference between file types (specially EXE or COM)
---
(make sure you have a clean Windows Operating System "no virus!")
(this is very basic)

Read
"Show Hidden or System Files & Folders"


How those crazy worms get inside your computer?? and how to prevent it.

Now do this as a PRACTICE!!

If you try to insert your Removable Drive. Always click the Cancel Button from the Window which was looking for autoruns.



Then click Cancel Button again from the Window which was asking you on what to do with your Removable Drive.



Now if you want to open your Removable Drive, using Windows Explorer or in My Computer

DON'T DOUBLE CLICK YOUR REMOVABLE DRIVE ICON!!! or if you renamed it in your own name, just dont!

Click "Folders" button in Windows Explorer or My Computer Toolbar (just after the "Search" button) so you'll notice a the Left Panel which was the Folder View. Click your Removable Drive from there!

ALWAYS DO THAT! as i've said, DO IT AS A PRACTICE!

Why do you have to do that??
Because if you double-click your Removable Drive (not in Folder View Panel) Windows will automatically look for
"autorun.inf" system file.

Where can you find the "autorun.inf"
(Remember to click your Removable Drive in Folder View Panel.)
Now in your Removable Drive.
You will see a faded "autorun.inf" file (which means, it was hidden or system file).

Inside the "autorun.inf" file
Basically "autorun.inf" can also be found in CDs such as Installers.
This are Auto-Executed if you inserted and loaded. But don't worry, it's safe!
Well, how will you know if it's safe!?

This is what's inside the "autorun.inf" in Installer CDs (Windows Office 2003)
[autorun]
OPEN=SETUP.EXE /AUTORUN
ICON=SETUP.EXE,1

shell\configure=&Configure...
shell\configure\command=SETUP.EXE

shell\install=&Install...
shell\install\command=SETUP.EXE

Well the basic settings
[autorun]
OPEN=SETUP.EXE
ICON=SETUP.EXE,1
-----------
OPEN - Windows will look for setup.exe and run it
ICON - If you notice for example you insert Windows XP Setup CD, the CD Icon changes? ok. cool

Now what's inside in the "autorun.inf" from the Removable Drive that has worm in it
let's say RavMonEx.exe
[autorun]
OPEN=RavMonEx.exe

Thats basically it.
But don't worry, Windows will not Auto-Execute the "autorun.inf" in your Removable Drive. BUT, it will be execute once you double click your Removable Drive.

------------------------------------

Been doing this for a looong time and also thought to others,
and we scored Zero Worms!

No comments: