Stop Autorun Virusses

Google+ Pinterest LinkedIn Tumblr +

The first viruses used floppy disks to spread from computer to computer. Today, most computers do not come with an floppy drive. As computer technology upgrades, viruses are also upgraded. The newest viruses also infect USB drives. Some of them, even managed to infect ‘military’ computers.

How do this viruses work? First they install themselves, like regular viruses. After that, they will use the ‘GetDriveStringA’ api, to retrieve all drives attached. They will query each of them against the ‘GetDriveTypeA’ function, in order to check which ones are removable. The function will return ‘2’, when the drive is removable and the virus makes an ‘autorun.inf’ file at the root of the device. This will allow to automatically run files on the drive when inserted. WindowsXP is a bit less vulnerable to this attacks then vista. WindowsXP will first ask what to do with the found content. This can be easily faked however. Windows Vista will execute it by default.

Now we know how it works, we can disable this. This can be done manually, or automatically. For manual disabling, start “regedit.exe”. Then navigate your way to the “HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices” key. Then find the autorun value and set it to 0. This will keep you pretty safe from attacks, but there are also variants of this virus. One of these variants execute when you try to access the content on the removable disk when you double click on it. Keeping your antivirus up-to-date is still a must. When running your own business, you should consider banning USB-devices or enforce strict system and behavioral policies.


About Author

Leave A Reply