Abhas
Retired Administrator
- Joined
- Aug 6, 2004
- Location
- New Delhi, India
Viruses ? How to stay protected.
PART 1 ? Autorun viruses
The most common type of viruses and Trojans found today are the autorun viruses which spread easily through pen-drives, mobile phones, or other removable media. They spread rapidly and form a chain of infected computers. They generally disguise themselves as the windows explorer, and fool the unsuspecting user to run it, hence infecting their computer. Pen-drives are the most heavily used media for data transfer today.
How does the worm work and propagate?
A custom script is placed on a compromised machine. This script contains the details of how the virus should work, and how it will propagate.
When the user inserts a pen-drive, or any other removable media for that matter, like a camera, a mobile phone etc, the virus gets copied on that device. Along with the virus, the file "autorun.inf" is copied, which instructs the virus to load each time the device is autorun, or, in layman terms, double-clicked. It provides a link to the virus script, and opens a virus instead of opening the drive.
Now, whenever this infected pen-drive is inserted into any other computer, and it is 'autorun', the virus is so scripted, that it will copy itself to the computer, hence, infecting it, and making it a part of a never-ending chain. This computer will further help propagate the virus.
It works like a nuclear fission reaction, where neutrons from a nucleus will split other atoms, hence producing more free neutrons, which will go on to split more atoms, and release more free neutrons. This creates a chain reaction, and is never ending till the end of all atoms.
One infected computer is enough to spread the virus to thousands of computers. More times the device is autorun, more times the script runs. It is a pretty effective method of spreading the virus.
Removal and Safeguarding:
In order to stop the virus, it must be removed from not only the pen-drives, but also disinfect the compromised computers as well. By formatting pen-drives, we are simply delaying the propagation process rather than eradicating the virus.
It is suggested that good antivirus software is installed, and any pendrive is scanned before opening it. I recommend Avast! Home Edition, which is a free solution, yet it is very effective. Being light on resources, it provides good protection.
Download it from its website, avast! - Download antivirus software for spyware and virus protection and run a full system scan after updating it with the latest virus definitions. Move all the infected files to the chest, or delete them if you are very sure that they are not important files.
Other recommended antivirus programs are:
Paid: Eset Nod32, Kaspersky, Bit-Defender
Free: AVG
When the pendrive is inserted, and the autorun window opens, press cancel, or "take no action". Now open My computer and on the pendrive icon, right-click and select 'scan with avast', or with any other antivirus you may have installed. You should open the drive only after scanning it.
If a virus scanner is not available, and it is not possible to procure one, another way to open the drive is:
Open the start menu, and click on RUN.
Type the drive letter followed by a colon ( : ) and press Enter.
e.g. If your pendrive is F drive, in the run box, type F: and press Enter.
This generally bypasses the Autorun script, and the drive's contents can be accessed.
This will not remove the virus, rather, you would be simply evading the virus. It is recommended that updated virus-protection software is used to remove the virus, and prevent it from spreading.
______________
Copyright Reserved, Abhas.
PART 1 ? Autorun viruses
The most common type of viruses and Trojans found today are the autorun viruses which spread easily through pen-drives, mobile phones, or other removable media. They spread rapidly and form a chain of infected computers. They generally disguise themselves as the windows explorer, and fool the unsuspecting user to run it, hence infecting their computer. Pen-drives are the most heavily used media for data transfer today.
How does the worm work and propagate?
A custom script is placed on a compromised machine. This script contains the details of how the virus should work, and how it will propagate.
When the user inserts a pen-drive, or any other removable media for that matter, like a camera, a mobile phone etc, the virus gets copied on that device. Along with the virus, the file "autorun.inf" is copied, which instructs the virus to load each time the device is autorun, or, in layman terms, double-clicked. It provides a link to the virus script, and opens a virus instead of opening the drive.
Now, whenever this infected pen-drive is inserted into any other computer, and it is 'autorun', the virus is so scripted, that it will copy itself to the computer, hence, infecting it, and making it a part of a never-ending chain. This computer will further help propagate the virus.
It works like a nuclear fission reaction, where neutrons from a nucleus will split other atoms, hence producing more free neutrons, which will go on to split more atoms, and release more free neutrons. This creates a chain reaction, and is never ending till the end of all atoms.
One infected computer is enough to spread the virus to thousands of computers. More times the device is autorun, more times the script runs. It is a pretty effective method of spreading the virus.
Removal and Safeguarding:
In order to stop the virus, it must be removed from not only the pen-drives, but also disinfect the compromised computers as well. By formatting pen-drives, we are simply delaying the propagation process rather than eradicating the virus.
It is suggested that good antivirus software is installed, and any pendrive is scanned before opening it. I recommend Avast! Home Edition, which is a free solution, yet it is very effective. Being light on resources, it provides good protection.
Download it from its website, avast! - Download antivirus software for spyware and virus protection and run a full system scan after updating it with the latest virus definitions. Move all the infected files to the chest, or delete them if you are very sure that they are not important files.
Other recommended antivirus programs are:
Paid: Eset Nod32, Kaspersky, Bit-Defender
Free: AVG
When the pendrive is inserted, and the autorun window opens, press cancel, or "take no action". Now open My computer and on the pendrive icon, right-click and select 'scan with avast', or with any other antivirus you may have installed. You should open the drive only after scanning it.
If a virus scanner is not available, and it is not possible to procure one, another way to open the drive is:
Open the start menu, and click on RUN.
Type the drive letter followed by a colon ( : ) and press Enter.
e.g. If your pendrive is F drive, in the run box, type F: and press Enter.
This generally bypasses the Autorun script, and the drive's contents can be accessed.
This will not remove the virus, rather, you would be simply evading the virus. It is recommended that updated virus-protection software is used to remove the virus, and prevent it from spreading.
______________
Copyright Reserved, Abhas.
