Be Smart and Prevent Virus Infections through USB Drives

August 14, 2007 - 10:30

One of the most common support requests we receive from our customers is for clearing their computers of viruses. Most of the infections that we see are by viruses that spread by capitalizing on the ignorance of the users. A few smart steps, if taken by the users, could easily prevent infection from some of the more common viruses that float around in the cyber-universe.

USB drives(also called Thumb Drives and Flash Drives) have long replaced floppies and cds as the preferred medium to transfer files from one computer to another. Lot of virus infections happen when using USB drives infected with viruses. One common way in which they spread is by exploiting the 'autorun' feature in Microsoft Windows XP. When a USB drive is connected to an infected computer the virus copies itself on to the USB drive and creates an autorun.inf file in the drive pointing to the copy of the virus on the USB drive. When the drive is then plugged on to a clean system with Windows XP the autorun gets triggered and the virus gets executed and the system gets infected.

You can very easily prevent this from happening by setting the "Take no Action" as the default action on inserting a USB drive. If you have the guts you could also disable autorun for all removable media by setting the key 'NoDriveTypeAutorun' at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\ CurrentVersion\policies\Explorer with the value 255. You can read more about disabling autorun at Annoyances.org

Even after disabling autorun you could trigger the virus execution if you double click on the "Removable Media" drive from "My Computer" as autorun would be the default action when autorun.inf is present in the media. The safest way to browse the contents in a USB drive is to right click on the drive icon and then using the "Explore" option.

Another common set of viruses use an innocuous setting in the Explorer to trick the user into executing the virus and infecting the system with the virus. The default settings in Windows XP sets the options "Hide extensions for known file types" and "Do not show Hidden Files and Folders". When a USB drive is connected to a PC infected with the virus, the virus hides all the folders in the USB drive, copies itself as many times to the drive as there were folders in the drive and renames the copies to the names of the original folders.

A feature of the virus is that the file icon for the virus is exactly identical to the default folder icon in windows. So if you view the contents of the USB drive with the above options set, you will see icons of as many 'folders' as you would have expected. However each of these folder icons represents a file and not a folder and this file would be the virus file. The first of the above options ensures that you will not see the ".exe" part in the name and the second of the options ensures that you will not see the original folders that are now hidden. Additionally some of the strains of these viruses does the same processes in the subfolders in the drive too.

When an unsuspecting user connects this infected Thumb Drive to his system and opens the drive he would see the folder icon he was looking for and once double clicked he would inadvertently infect his system with the virus.

You can unset the above options by going to My Computer >> Tools >> Folder options >> View >> Advanced settings and then selecting the appropriate radio buttons. Once that is done you will be able to identify infected Thumb Drives and prevent infection very easily. Also if you are using the explore option while opening the Thumb Drive you will very easily see that, though the folder icons are listed as icons in the explorer, they will not come up as folders in the folder bar.

So Important things to remember are

  • Never autorun from a Thumb Drive
  • Always use the explore option when opening Thumb Drives
  • Unset the option "Hide extensions for known file types"
  • Set the option "Show Hidden files and folders"
  • Keep your antivirus software updated and running all the time

Finally, as a closing word, we urge you to take a look at the virus free world of Linux. Instead of trying to plug all loopholes in Windows and living under a constant threat of ever-evolving viruses, you could take a break and relax under the safe canopy of a secure Linux installation. If you would like to try out linux take a look at this irresistible offer from us - Free Linux Installation assistance

Post your comments / questions

I'm immensely thankful to the article posted on your site. I would like to promote your site to my friends. I would like to use this link http://www.zyxware.com/articles/2007/08/14/system-administration/prevent-virus-infection/ to tell about the implications involved in using a pendrive to all my friends. At the same time, address the issues involving usage of Windows Operating System.

nice

Widespread problems and a failure to genuinely protect the public represent tacit encouragment of the spread of spyware and malware by government and industry. The public's ignorance is their misbegotten gain, and any genuine response is muted and rare. This page, for example, touches on only part of the issue, leaving out critical weaknesses. How, for example, do you protect thumbdrives from the most likely source of infection when plugging into a public internet cafe computer (most of which lack good firewalls)? Holding down the shift key is a method already obsolete perhaps, since activating the shift key when loading a thumbdrive simply locks the host computer.

Best response to this problem is to buy a WRITE PROTECT thumbdrive so only you can write on it and no one else. Everything else, including most of what's written, is simply a marketing ploy to assuage consumers and keep them sinking millions of dollars into firewalls and spyware protection (most of which is spyware anyway and therefore ethically repugnant...like most industry today. This ubiquitious problem reflects just how unhealthy our culture has become in many ways. I say, leave the public alone and let them have their privacy if they need it. You don't have to pull people's teeth just to see what's underneath them.