Autorun.inf Malware

I though this find was really interesting and wanted to share the post.



Check out this Github link for more details form the source.

https://github.com/Explorer09/usb_vaccine


usb_vaccine.cmd

USB malware immunity script and hidden files revealer.
Does not remove malware. Must be used in conjunction with an anti-virus program.
Screenshot

What does it do

  • Detects and removes AutoRun commands for your Command Processor (cmd.exe).
  • Disables AutoRun entirely, for both CD-ROM drives, and USB flash drives. The IniFileMapping method. Most secure.
  • Cleans MountPoints2 registry key, which is the AutoRun cache used by OS, for all users.
  • Disables "Hide extensions for known file types", for security reasons.
  • Show extensions for PIF files, also for security reasons.
  • Restores shortcut arrow icons, that may be removed due to malware's infection (registry hack).
Travels through the root directories of all drives (including USB drives and SD/MMC cards), and:
  • deletes all shortcuts, file symbolic links, and (malicious) executable files that mimic regular folders;
  • un-hide all files that have been made hidden by malware;
  • deletes autorun.inf file, and creates a folder with the same name to prevent further infections. This is the same technique used by most USB protectors on the Web.
All actions may be skipped and not done by user request.

What does it NOT do

  • It does NOT kill or remove the malware. This is anti-virus program's job.
  • It does NOT make an already-infected system clean. This scripts is useful on non-infectedsystem, to enhance security and prevent new infections.
  • It does NOT sit in the system tray or monitor every insertion/removal of USB drives or SD/MMC cards. On an ideal secure system, this is not needed, as the AutoRun is disabled and nothing will be run automatically. (Think of Mac OS X and Linux.)

How to use

Requires Windows 2000 or later. Tested to work with Windows 2000 through Windows 10.
  1. Download and unpack to get the script file (usb_vaccine.cmd).
  2. Unplug all of your USB flash drives, so that if your USB flash drives are infected they won't interfere with your computer.
  3. Right-click on "usb_vaccine.cmd" file and select "Run as administrator". Context menu, with option "Run as administrator" highlighted
  4. Follow the instructions on screen.
You may try usb_vaccine.cmd --help on the command line for additional options you can use.

Copyright and license

Written by Kang-Che Sung.
Licensed under GNU Lesser General Public License v2.1 or later. This is free (libre) and open source software.
This scripts comes with ABSOLUTELY NO WARRANTY.
(zh-TW)

usb_vaccine.cmd

Comments

Post a Comment

Popular Posts