Protecting Computers against USB drive viruses

New age Viruses are using USB drives as the most common way to spread nowadays.
With usb drives / data cards getting cheaper they have now replaced floppies
and its a good news for Virus writers..

The feature of windows which these Virus creator explores is the AUTOPLAY option.
As soon as you insert your USB drive / or double click the drive , Windows run a program
present in your drive (name of programs like autorun.inf , autorun.exe ... etc). Viruses
stores itself as autorun.inf / autorun.exe ..etc in the usb drive and gets the control
to your system as soon as you plug usb drive (with AUTOPLAY option).

If you think your antivirus can still protect you against such viruses , you may be wrong
as Its not just our computer , But computers as safe as of International Space Station is infected with such virus (read this news http://news.cnet.com/8301-13554_3-10027754-33.html)

The best option to combat these virus is to disable AUTOPLAY option (Instead of relying on Antivirus s/w).



To disable AUTOPLAY

Windows XP

Go to Start->Run->Type "TweakUI" , If it not opens TweakUI download it from
herei and try again (installer is just 146 KB ).
Once TweakUI is open , Go to My Computer (In TweakUI)->AutoPlay->Type
Uncheck all checkboxes.
Then Goto My Computer (In TweakUI)->AutoPlay->Drives
Uncheck all checkboxes.

Click Apply .. thats it .. you have sucessfully protected yourself against most of the USB viruses.

Windows XP Professional

Windows XP Professional can disable Autoplay using the built-in Group Policy feature (see above). To invoke the Group Policy Editor, click the Start button, then Run and enter "gpedit.msc" without the quotes. Go to Computer Configuration -> Administrative Templates -> System. Scroll down to "Turn off Autoplay" and double click on it. It starts out in a "Not Configured" state. Click on the "Enabled" radio button, then for "Turn off Autoplay on" select "All drives"
thats it .. you have sucessfully protected yourself against most of the USB viruses.

Windows Vista

As with Windows XP, the expensive versions of Vista (Business and Ultimate) include a Group Policy editor. To run it, click the Start button and in the search box type "gpedit.msc" without the quotes. Browse to Windows Components, then to AutoPlay Policies. Change the value of "Turn off Autoplay" to enabled.

The cheap versions of Vista, such as Home Premium, can do this in the Control Panel. Under Hardware and Sound, click on "Play CDs or other media automatically." Then uncheck the checkbox for "Use AutoPlay for all media and devices."

AMVO Virus

Recently I had a big time trouble with my computer as all the drives failed to open on double clicking and showed me a application selection window instead. After searching through the running processes and other settings I found that the show hidden files options in the folder options was also not working.

The problem was due to amvo.exe amvo0.dll ampo.exe amvol.dll xfoolavp.com usdeiect.com and autorun.inf present in every drive’s root.

The fix works as follows…

In command promt , go to each drive and use this command

attrib -r -h -s amvo*

attrib -r -h -s autorun.inf

attrib -r -h -s xffolavp.com

attrib -r -h -s usdetect.com

Then delete these files from each drive

open task manager (if ur task manager doesnt open and shows errors and warnings then use this tool ) and end task the above mentioned processes if u see them in the running process list from the processes pane.

After this open registry editor by clicking on new task and typing in “regedit” without quotes. Then goto HKCU > software >microsoft >windows >current version > explorer > advanced > then look for the hidden key in the right pane and change the value to 1 from 2.

And to fix the issues with drives not opening or search opening up on double click download this .reg (right click and save target as) file and double click it and add to your registry.

Download USB FIREWALL to protect your computer from this virus or remove it.