Virus in your Pen Drive ?

Recently many of my friends say, their system is affected by Virus. Its not something strange, But after that when they say they wont use any more pen drives in their systems, I really feel surprised. So today writings is for all those who are struggling with a Virus Affected Pen Drives. We will start with how these affects... In my experience i have never seen any Virus which will automatically affect our system; They affect only if somehow it is executed / opened. People believe that if you just plugged in a virus affected pen drive, your computer will get affected. Technically speaking this is actually wrong. Theses viruses are spread only when you start the Virus file, usually a .bat / .exe file rarely it is found to be .com / .dll file also. So how is it spread, if I do not double click these files? We are all familiar with the AutoPlay Feature of CDs and DVDs !! How convenient is it if the Program automatically starts if we just insert the CD / DVD? Ever thought of how this "AutoPlay" works ? In windows, the autoplay is implemented by using a "Autorun.inf" file. You can try this in your system. Just follow these simple steps..

1. Start Notepad and Save the following 3 lines to a file "D:\Autorun.inf" , D: can be any drive in your system. Just make sure that the file is in the root of the Drive / Partition.

[autorun]
open=c:\WINDOWS\system32\mspaint.exe
icon=c:\WINDOWS\system32\mspaint.exe

2. Save, close notepad. Restart your System.

3. Now try double clicking the "D:"; Hurray .. What happend ? Ms Paint is started instead of exploring the drive, right?

4. You can still access your drive content by right clicking and choosing Explore.

Usually those Viruses, which spread through the Pen Drives, makes use of this feature. When by Accident a use clicks on the virus executable (com, exe ..) that program creates 2, 3 files in all the drives in user's system. Eg: "[VirusX].exe", "[VirusX].com", "autorun.inf". In this "autorun.inf" there will be an entry similar to 'open="[VirusX].exe"'. The Program also adds this EXE file into the Startup. All theses files are set as hidden files. And sometimes will be set as System files(Super hidden) too. Thus the Virus program will be running in the host system all the time, since it is started on every system start up; It checks if a pen drive is plugged in, and if yes, copies these files to it. Bingo...the pen drive is affected.

If you want to see these viruses in Windows XP, You have to start My Computer and Goto "Toos > Folder Options". And under view tab select the Radio Button "Show Hidden Files and Folders", Also Uncheck the "Hide protected operating system files[Recommended]" option. Now try Right Clicking and Exploring your Pen Drive, you can find the Virus files in there. So How to stay safe from these viruses ? Simple Turn of the Autorun feature in Windows, Instead of double clicking the Drive Icon in my computer, Try "Right Click >> Explore" option. And if you right click you can see the "AutoPlay" option in bold letters, if there is something set to be autoplayed. Another useful information: Hold Down your Shift or Esc key for some 2,3 minutes while plugging in a drive, inserting a CD / DVD. this will prevent windows from autoplaying the drive / cd.

How to Remove them? Though all these viruses are spread based on these techniques, there are various variants of them. Some are very difficult to remove as they will make changes in your registry and will remove the Show Hidden Files and Folders or even the Folder Options from the system. Thus we wont be able to see them easily. Basically the procedure is same for removing them.

1. Stop all the running instances of the virus, using command prompt or task manager.

2. Remove all the Entries from the system start up and Registry.

3. Restart the OS and make sure that no virus processes are running; If any are repeat steps 1 and 2.

4. Delete all the files created by the Virus Program.

5. Restart your system, Install a good anti virus and perform a full system scan.

Though we can list the steps like this, it won't be as easy as it seems.

Oh!! I almost forgot, "Just Delete the 'autorun.inf' file from your 'D:' partition, if you want to stop Ms Paint from starting, when you double click 'D:'". :) See you later then..