robustly and they are so stealthy they even bypass many popular anti virus todate there are pendrive viruses like DiskKnight, Kopa, Brontok to name few...
Some tips to avoid getting infected by these nasty pendrive viruses
Tip 1.To disable CD autoplay in XP using either local group policy or, for an enterprise, an Active Directory group policy. The local group policy editor method: Follow the below steps
* Click Start
* Click Run
* Enter GPEDIT.MSC
Group Policy mmc will popup. On left panel:
* Double-click Computer Configuration to open submenu
* Double-click Administrative Templates to open submenu
* Double-click System to open submenu
* Double-click Turn autoplay off option which will be near the bottom of the list in the right panel.
The default is the Not configured . Set it to Enabled.
Tip 2. XP supports autorun when you put a CD in the CDROM. To disable, set Autorun=0 to enable, set Autorun=1. If Autorun is enabled, you can disable the feature for any particular CD by holding down the shift key as you close the CDRom drawer. AutoRun should be disabled for kiosk PCs(ie. CyberCafe or shop PCs) and other environments where you are restricting ability to install new software. Cut and paste the following Windows NT / Windows 2000 Registry script text into autocdrom.reg file and run it:
REGEDIT4
BLANK LINE GOES HERE
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CDRom]
"Autorun"="0"
BLANK LINE GOES HERE
There is a potential downside to Autorun. In the background, NT / W2K / XP are constantly querying the CD / DVD drive whether anything new has been inserted. For high performance games, this can cause hiccups, unexplained pauses. Just turn it off if you suspect this is your problem.
Tip 3. Use the Kopa Killer to get rid of Viral Side Effects
This helpfull tool from vistaarc.com helps you to get rid of these:
# Remove main executables of Mr. kopa from your PC
# Enable Registry Permission
# Enable Folder Options
# Enable Task Manager
# Delete kopa executables & autorun.inf from the root of your pen drive
Tip 4. Enable Registry Editor disabled by Brontok, Kopa, DiskKnight etc
Goto start and Run and type exactly the following and hit enter Viola! :
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f
or goto http://www.softpedia.com/get/Security/Security-Related/RRT-Remove-Ristrictions-Tool.shtml to get the freeware which will remove restrictions on FolderOptions, RegistryEditor and TaskManager
Tip 5. View and Terminate processes when task manager is disabled. I had to look for this option as Kopa killer software failed to Turn off a task(startup.exe) from the running processes. In my case a Kopa variant was still in memory after running the Kopa Killer from VistaArc.com
Use tasklist.exe from command prompt to see the list of running processes in XP
and to remove a process lets say knight.exe type the following at command prompt:
taskkill /IM knight.exe
source of the article http://blog.doctortomorrow.com/
1 comments:
i have created a GUI tool that deletes the pen drive virus, and its very effective on cleaning new breed of malware. full info here->
http://aakash-bapna.blogspot.com/2008/03/virustoolkit-updated-more-feature-than.html
give it a shot please..
Post a Comment