Trang Chính
Latest images
Tìm kiếm
Đăng ký
Đăng Nhập
Liên hệ
Some info about USB Worm, AUTORUN.INF and CURE
Trang 1 trong tổng số 1 trang
Some info about USB Worm, AUTORUN.INF and CURE
by Admin Sun 22 Aug 2010, 11:08 am
USB Worm, AUTORUN.INF and CURE
How It Works
USB worms work by creating a file called AUTORUN.INF on the root of USB drives. These INF files then use Autorun or Autoplay(not the same thing!) to execute themselves either when the stick is inserted, or more commonly, when the user double-clicks on the USB drive icon from My Computer (Windows Explorer)
Such malicious AUTORUN.INF files are easy to spot. Here?s what they typically look like
But Downadup does not create files such as this. What it drops on USB drives are AUTORUN.INF files that look like this:
So, that?s binary garbage. Won?t work. Right?
Look closer.
The noteworthy text is found somewhere around the middle of this 90kB file. At the bottom of the screenshot. See it?
Open=RUNDLL32.EXE .\RECYCLER\jwgvsq.vmx
?which would execute a DLL called jwgvsq.vmx from a hidden folder on the USB drive.
The rest of the binary junk are comments and will be ignored by Windows. And of course, the file size and amount of binary junk is different every time.
Nice trick. eh ?
What to DO Now ?
Go to Group Policy by runnning gpedit.msc to turn off AutoRun for All the Drives in Window.
But USB drives don?t autoplay. It?s an Autorun action via Windows Explorer that typically infects people.
Now lets Disable AutoRun :
Disabling Auto-Run is something we think everyone should do, not only for security from viruses and spyware, but so you?ll never need to deal being unable able to listen to your music on your devices. Here?s how to do it in Windows XP.
In Windows Click Start, then Click Run
Type regedit
Click OK
Click >
HKEY_LOCAL_MACHINE>
SYSTEM>
CurrentControlSet>
Services>
Cdrom>
Double click ?Autorun? the value is set to 1 by default, change it to zero.
Click OK
Now restart.
If you can?t go with all this then you can try doing this :
From the start menu, click run and enter
GPEDIT.MSC
Select ?Administrative templates / System?
double click on ?Disable autoplay? in the right pane
(other way)
Enable/Disable Autorun
How To Enable/Disable Autorun (Windows 95/98/Me)
1. Access the System Properties Dialog. Using Control Panel: My Computer: Properties or Explorer: My Computer: Properties.
2. Select the Device Manager tab.
3. Select the CD-ROM folder.
4. Select the entry for your CD-ROM drive.
5. Select Properties.
6. Select the Settings tab.
7. Turn on or off the Auto insert notification option.
8. Select OK.
9. Select OK
How To Enable/Disable Autorun (Windows NT/2000)
1. Start RegEdit (regedt32.exe).
2. Go to HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/Cdrom.
3. Edit the Autorun value to '1' to enable autorn, and '0' to disable autorun.
4. Close RegEdit
How To Enable/Disable Autorun (Windows XP)
1. Open Windows Explorer by pressing the Windows + "e" key.
2. Right-click the desired CD-ROM and select Properties from the menu.
3. Select the AutoPlay tab.
4. Select each item from the pulldown list and for the Action to perform, select "Take no action" to disable autorun, or pick the apporpriate action to take if enabling autorun.
5. Select OK.
How To Enable Autorun for Other Removable Media
Autorun can be enabled or disabled for all Removable media types, such as a floppy or Zip disk. Windows systems are configured to enable CD Notification, other removable media are by default disabled.
The System Properties User interface only exposes the CD Enable or Disable selection. The setting reflected in this dialog makes an entry in the System Registry. It is in this same location that other media types are configured.
Notes:
1. Modifiying the Registry is not for the inexperienced user. Anyone will tell you, be VERY careful.
2. The modifications made in this case use Hex not Decimal numbers. If you are unfamiliar with the Registry or the characteristics of base numbering and Hex, studying these topics prior to making these modifications is advisable.
To Modify these Registry Settings, Use Regedit and navigate to the following Key:
HKEY_CURRENT_USER
Software
Microsoft
Windows
CurrentVersion
Policies
Explorer
"NoDriveTypeAutoRun"
The default value for the setting is 95 0 0 0. Change the first byte to 91. Restart the computer to make the new setting take effect. You may have to right-click on the floppy and choose AutoPlay from the menu to see the AutoPlay behavior.
How It Works
USB worms work by creating a file called AUTORUN.INF on the root of USB drives. These INF files then use Autorun or Autoplay(not the same thing!) to execute themselves either when the stick is inserted, or more commonly, when the user double-clicks on the USB drive icon from My Computer (Windows Explorer)
Such malicious AUTORUN.INF files are easy to spot. Here?s what they typically look like
But Downadup does not create files such as this. What it drops on USB drives are AUTORUN.INF files that look like this:
So, that?s binary garbage. Won?t work. Right?
Look closer.
The noteworthy text is found somewhere around the middle of this 90kB file. At the bottom of the screenshot. See it?
Open=RUNDLL32.EXE .\RECYCLER\jwgvsq.vmx
?which would execute a DLL called jwgvsq.vmx from a hidden folder on the USB drive.
The rest of the binary junk are comments and will be ignored by Windows. And of course, the file size and amount of binary junk is different every time.
Nice trick. eh ?
What to DO Now ?
Go to Group Policy by runnning gpedit.msc to turn off AutoRun for All the Drives in Window.
But USB drives don?t autoplay. It?s an Autorun action via Windows Explorer that typically infects people.
Now lets Disable AutoRun :
Disabling Auto-Run is something we think everyone should do, not only for security from viruses and spyware, but so you?ll never need to deal being unable able to listen to your music on your devices. Here?s how to do it in Windows XP.
In Windows Click Start, then Click Run
Type regedit
Click OK
Click >
HKEY_LOCAL_MACHINE>
SYSTEM>
CurrentControlSet>
Services>
Cdrom>
Double click ?Autorun? the value is set to 1 by default, change it to zero.
Click OK
Now restart.
If you can?t go with all this then you can try doing this :
From the start menu, click run and enter
GPEDIT.MSC
Select ?Administrative templates / System?
double click on ?Disable autoplay? in the right pane
(other way)
Enable/Disable Autorun
How To Enable/Disable Autorun (Windows 95/98/Me)
1. Access the System Properties Dialog. Using Control Panel: My Computer: Properties or Explorer: My Computer: Properties.
2. Select the Device Manager tab.
3. Select the CD-ROM folder.
4. Select the entry for your CD-ROM drive.
5. Select Properties.
6. Select the Settings tab.
7. Turn on or off the Auto insert notification option.
8. Select OK.
9. Select OK
How To Enable/Disable Autorun (Windows NT/2000)
1. Start RegEdit (regedt32.exe).
2. Go to HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/Cdrom.
3. Edit the Autorun value to '1' to enable autorn, and '0' to disable autorun.
4. Close RegEdit
How To Enable/Disable Autorun (Windows XP)
1. Open Windows Explorer by pressing the Windows + "e" key.
2. Right-click the desired CD-ROM and select Properties from the menu.
3. Select the AutoPlay tab.
4. Select each item from the pulldown list and for the Action to perform, select "Take no action" to disable autorun, or pick the apporpriate action to take if enabling autorun.
5. Select OK.
How To Enable Autorun for Other Removable Media
Autorun can be enabled or disabled for all Removable media types, such as a floppy or Zip disk. Windows systems are configured to enable CD Notification, other removable media are by default disabled.
The System Properties User interface only exposes the CD Enable or Disable selection. The setting reflected in this dialog makes an entry in the System Registry. It is in this same location that other media types are configured.
Notes:
1. Modifiying the Registry is not for the inexperienced user. Anyone will tell you, be VERY careful.
2. The modifications made in this case use Hex not Decimal numbers. If you are unfamiliar with the Registry or the characteristics of base numbering and Hex, studying these topics prior to making these modifications is advisable.
To Modify these Registry Settings, Use Regedit and navigate to the following Key:
HKEY_CURRENT_USER
Software
Microsoft
Windows
CurrentVersion
Policies
Explorer
"NoDriveTypeAutoRun"
The default value for the setting is 95 0 0 0. Change the first byte to 91. Restart the computer to make the new setting take effect. You may have to right-click on the floppy and choose AutoPlay from the menu to see the AutoPlay behavior.
Admin- Admin
- Đánh giá tốt! : 7
Tổng số bài gửi : 10417
Birthday : 09/10/1979
Tuổi : 45
Địa chỉ: : Phú Yên
Điện thoại: : Mobile: (84) 0985 017 089
Điểm : 62150
Ngày đăng ký : 13/10/2007 -
Similar topics» Phần mềm diệt Virus trên USB hiệu quả - Autorun Eater 2.2
» Info Product Killer
» John M Gottman - The Relationship Cure
» Info Product Killer
» John M Gottman - The Relationship Cure
Trang 1 trong tổng số 1 trang
Permissions in this forum:
Bạn không có quyền trả lời bài viết
» Hộp đựng đa năng trong phòng tắm và các đồ dụng tiện llợi khác
» gel bôi trơn ấm áp warm lovin
» màng film tránh thai vcf dành cho chị em
» màng film tránh thai vcf dành cho chị em
» stud 100 khẳng định đẳng cấp phái mạnh
» Lover aider máy mát xa dành cho nữ
» cung cấp máy ép dĩa chất lượng
» Máy in hình lên ly
» Máy in hình lên áo
» trang trí cây thông noel ở vinh,cho thuê cây thông noel ở vinh,chuyển quà noel ở vinh
» Máy in hạn sử dụng DMJ-B chính hãng, giá sốc
» Dạy cắm hoa chuyên nghiệp,dạy cắm hoa nghệ thuật,dạy cắt tỉa của quả ở T.p Vinh Nghệ An
» công ty Yên Phát chuyên phân phối, lắp đặt camera chính hãng giá rẻ nhất miền Bắc.
» HOT! Chung cư mini Xuân Đỉnh ở ngay giá chỉ từ 690 triệu 1 căn