Talking About ‘Autorun.inf’ Virus Again !

Recently i published two articles ‘How to disable autorun.inf to prevent virus attack computer‘ and ‘step by step delete autorun virus‘.I am received many comments from other people and friends and they told me that actually have many ways to kill these virus,I appreciated what they have done and now,i will tell something regarding these autorun virus.

Maybe you have came across the articles or posts in some forum mentioned some tips like need to create a autorun file in flashdrive,press ‘shift’ key as you plug in or you need to use ‘explore’ function.These kind of tips can work or not ? Nobody know.

Nowadays autorun virus have so many generation (and more clever).If you thinking that autorun virus can’t be active if you create a autorun file in pen drive,it’s wrong,the virus’s autorun file can overwrite you autorun file that you created.

Two month ago,i have done a ‘testing’ that a use autorun. inf file that with virus.Before starting,i create a ‘shadow’ of my window system ( prevent anything happen and my real window system will not affected) and scan through my computer system with antivirus and antispyware software,then disable these software.

Autorun.inf file (with virus ) has amended to notepad.exe as below,
[AutoRun] open=notepad.exe



The result

1.The setting turn off the ‘nodrive type autorun’ can’t stop the autorun virus infected.

2.Press ‘shift key’ during plug in is no help to prevent autorun virus,it only stopped the pop up window only.

3.As you plug in the pen drive into the computer,the virus will not ‘automatically’ infected your computer as you don’t have any action that mentioned above,unless your computer has installed like APO autorun software inside.

4.These virus (pen drive virus) can spread out through the autorun.inf file but not rumor in internet mentioned that ‘automatic infection’,the infection is through read and write between your computer and pen drive.

(The testing above are done under for pen drive virus and window xp sp2 operating system only. )

I recommended one preventive action only,that is in my previous post,delete ‘mountpoint2’ in registry.If you felt editing the registry are cause more damage,the alternative way is right click the ‘mount point2’ and select the permission,put check on deny column for all the computer users.Even you inserted a pendrive with virus and your computer will not infected.

I have found a software that can ‘kill’ the pen drive virus and kavo.exe but this is a chinese version and the software is .exe file.So,i not recommend here.If you want these software and dare to have a try,you can sent a request to me.

If you enjoyed reading this post,please subscribe with email or RSS feed.

Latest Comments
  1. xbookx July 11, 2008
  2. xbookx July 11, 2008
  3. Anonymous January 17, 2009