This feature is widely misused by malware in order to spread by infecting as soon as a new drive is plugged into the system. The malware achieves this by copying the malicious program in the drive and changing the autorun.inf file so that Windows executes the malicious program immediately upon mounting of the infected drive. Latest example of such a malware is W32/Conficker worm which spreads through write-enabled network shares and USB drives.
Antivirus maker Panda Research has released a free tool known as Panda USB Vaccine v1.0.0.50a
Download Panda USB Vaccine from the Panda Research site and run setup.
Click on Next button.
Accept the agreement and click on Next button.
Click on Next button.
Configure USB Vaccine behavior by checking all check boxes. Then click on Next button.
Click on Finish button and launch Panda USB Vaccine.
Click on Vaccinate computer button.
The tool can be used via GUI or command line to vaccinate the host computer as well as USB drives plugged into the system. Following commands are available:
USBVaccine [+system|-system] [/resident [/hidetray] [/autovaccinate]][/experimentalntfs][/agreelicense][drive unit]
[drive unit]: Vaccinate drive unit
+system: Computer vaccination
-system: Remove computer vaccination
/resident: Start program hidden and prompt for vaccinating every new drive
/autovaccinate: Automatically vaccinates any new drive inserted when used with the /resident command
/hidetray: Hides tray icon when used with the /resident command
/experimentalntfs: Enables the vaccination of NTFS USB keys
/agreelicense: Use this parameter when you agree to the end user license agreement but want to avoid the agreement dialog being presented to the user
For example, to vaccinate the computer and automatically vaccinate any new drive plugged into the computer without showing a tray icon, use
USBVaccine.exe +system /resident /hidetray /autovaccinate
USB Vaccine has been tested under Windows 2000 SP4, Windows XP SP1 to SP3, and Windows Vista SP0 and SP1.
_PNG.png)
No comments:
Post a Comment