Noteable Posts

Monday, October 1, 2007

Say Goodbye to PenDrive Viruses : Turn off Autorun and make your PC running smooth again :)

Now-a-days everyone has the necessity for a PenDrive or FlashDrive or lets just say Removable Storage Devices. And most of the Trojans or viruses gets spreaded from this means. You'll see commecial shops are very much afraid of using pendrives. Most of them deny service if you want to use a pendrive with you.
Now let us learn some VITAL technics to get rid of this messy headache once and for all. This article is collection of boosted tips & tricks altogether from the net and own experiences. We will learn how to fight with the infections from pendrive viruses like : DiskKnight, Kopa, Brontok etc and also kill them. In most cases we even wont need any antiviruses.
 
Tip 1.To disable CD autoplay in XP using either local group policy or, for an enterprise, an Active Directory group policy. The local group policy editor method: If you dont understand what these jargons mean dont worry just follow whats below :)

  • Click Start
  • Click Run
  • Enter GPEDIT.MSC
    Group Policy mmc will popup. On left panel:
  • Double-click Computer Configuration to open submenu
  • Double-click Administrative Templates to open submenu
  • Double-click System to open submenu
  • Double-click Turn autoplay off option which will be near the bottom of the list in the right panel.
The default is the Not configured . Set it to Enabled.
Tip 2. XP supports autorun when you put a CD in the CDROM. To disable, set Autorun=0 to enable, set Autorun=1. If Autorun is enabled, you can disable the feature for any particular CD by holding down the shift key as you close the CDRom drawer. AutoRun should be disabled for kiosk PCs(ie. CyberCafe or shop PCs) and other environments where you are restricting ability to install new software. Cut and paste the following Windows NT / Windows 2000 Registry script text into autocdrom.reg file and run it:

REGEDIT4
BLANK LINE GOES HERE
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CDRom]
"Autorun"="0"

BLANK LINE GOES HERE

There is a potential downside to Autorun. In the background, NT / W2K / XP are constantly querying the CD / DVD drive whether anything new has been inserted. For high performance games, this can cause hiccups, unexplained pauses. Just turn it off if you suspect this is your problem.

Tip 3. Use the Kopa Killer to get rid of Viral Side Effects
This helpfull tool from vistaarc.com helps you to get rid of these:
  • Remove main executables of Mr. kopa from your PC
  • Enable Registry Permission
  • Enable Folder Options
  • Enable Task Manager
  • Delete kopa executables & autorun.inf from the root of your pen drive
  • Tip 4. Enable Registry Editor disabled by Brontok, Kopa, DiskKnight etc
    Goto start and Run and type exactly the following and hit enter Viola! :

    REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f

    or goto http://www.softpedia.com/get/Security/Security-Related/RRT-Remove-Ristrictions-Tool.shtml to get the freeware which will remove restrictions on FolderOptions, RegistryEditor and TaskManager

    Tip 5. View and Terminate processes when task manager is disabled. I had to look for this option as Kopa killer software failed to Turn off a task(startup.exe) from the running processes. In my case a Kopa variant was still in memory after running the Kopa Killer from VistaArc.com

    Use tasklist.exe from command prompt to see the list of running processes in XP

    and to remove a process lets say knight.exe type the following at command prompt:

    taskkill /IM knight.exe

    1 comment:

    Unknown said...

    hmm, Nice Article :).

    You should run kopakillar(VistaArc)after restarting your system, otherwise it'll not work properly. Because, If you execute multiple instances of kopa by clicking fake folders in your pc then kopakiller is unable to detect those instances. It can terminate only default instances of kopa.