Good day... Viruses are dangerous, and every computer user should know this. EIn principle, it is enough to install an antivirus and update it regularly fall. Protecting your computer is a common thing.
I installed the antivirus, updated the database and forgot about the virus for some time until the next update of the antivirus database or the antivirus itself. But it's time to think about protecting your flash drive. How to protect a flash drive from viruses, or vaccination for a USB flash drive. Today we will talk about this topic.
Typically, the authors (virus creators) of malware distribute their creations through the World Wide Web. An antivirus with updated databases in most cases perfectly repels attacks from infected sites.
There are other popular ways to spread infection. Through memory cards, flash drives, removable drives and other external storage media.When a flash drive is infected with a virus, it creates an Autorun.inf file on the flash drive.
And when the user opens a memory card connected to the computer, the flash drive instantly activates autorun. If there is no antivirus, the worm settles into the computer. After which it begins to spread by copying. It begins to spy on and destroy all the user’s existing files.
If the antivirus works, the virus can delete everything it can reach. That is, up to the files on the flash drive itself. The result, as you understand, will not be pleasant. It will all end with the deletion of important data without recovery.But what’s a shame is that the Windows autorun feature is automatically enabled. This means that when you turn on a flash drive or other external media, the following window appears:
This feature can be disabled. Open the Start Menu and write gpedit.msc in the search bar.
In the Group Policy editing window, open one by one: Computer Configuration, Administrative Templates, Windows Components, Autorun Policies, double-click Disable Autorun.
In the window that appears, select enable and below we also select all devices or CD drives and a device with removable media. I recommend selecting all devices. Click Apply and OK.
For Windows XP users, there is a slightly different scheme for disabling this function. After we have entered the administrative templates, we go into the system and in this tab we find disable autorun, we also select enable for all disk drives. Apply - OK.
Now, when connecting flash drives, this autorun window does not work and will not appear. Therefore, even if the flash drive was infected, the virus will not begin to do its dark deeds of distributing its files or deleting user data from the flash drive.
If you want to disable autorun only for flash drives, you will have to edit the system registry, but this procedure is difficult even for advanced users.It’s easier to “vaccinate” on our memory card, flash drive, in other words, administer the vaccine so that we don’t catch any virus.
There are several useful and, most importantly, free utilities for this procedure, but before using these utilities you need to completely format this flash drive. First utility Panda USB Vaccine. When installing the program, a window like this will appear where we need to check two boxes and click NEXT.
Now we plug the formatted flash drive into the computer and click VACCINATE USB.
This utility creates its own AUTORUN.INF file on the flash drive, which the virus cannot delete or change. To be sure that the file has been created, go to My Computer - Organize - Folder and Search Options - View, go to the very bottom and check show hidden files, folders and drives.
Now we open our flash drive and see the created file AUTORUN.INF, that is, we have created a “grafting” for the flash drive.
Second utility. There is no need to install this utility, just copy it and paste it onto the USB flash drive and run it.
What are they offering us here?
- Disable disk startup automatically through the registry
- Protect a flash drive from Autorun viruses, according to the utility principle Panda USB Vaccine
- Just prohibit anything from being written to the flash drive.
We do all functions upon request. We need the second point, to protect the flash drive from Autorun viruses. Press 0 (ZERO) - Enter, then press two again Enter, complete this procedure by pressing ZERO - Enter. As a result, a file AUTORUN.INF with a road brick icon was created on the flash drive.
If it doesn’t appear when you reconnect, it means the flash drive is infected, but the virus still won’t work.
Third utility Here you also don’t need to install anything, just run the utility and it’s even easier. Protect button - protect the flash drive, UnProtect button - remove protection.
The peculiarity of the program is that the AUTORUN.INF file turns out to be super hidden. It is not visible on the flash drive, but in fact the graft for the flash drive has been introduced. You can verify this through any file manager, for example . This is where I will end this post...
Surely every computer user has at least once picked up some kind of virus on their flash drive. And, despite the fact that there are both specialized utilities for protecting drives and entire anti-virus complexes, this does not give confidence in absolute protection. Today we will look at a somewhat labor-intensive, but very effective way to protect a flash drive from viruses once and for all.
Let’s make a reservation right away that it is only suitable for flash drives for computers; this method will not protect USB drives for cell phones or digital cameras.
So, first of all. We have already considered this issue, so let's move on to further actions.
Create any folder on the flash drive, call it, for example, Files. From now on, we will store all files only in this folder.
Right click on the flash drive icon in the My Computer window, open the context menu and select Properties - tab Safety. Here we delete all groups and users, leaving only the group All.
If you receive an error message when trying to delete a group, click the button [Additionally] and uncheck the Inherit from parent object permissions applicable to child objects checkbox, adding them to those explicitly specified in this window.
If groups All not in the list, create it by pressing a button [Add] and enter it manually.
An alternative way to add the Everyone group: click the button [Additionally] in the window Choice: Users or Groups and then [Search], in the list we find the item All, select it and click [OK].
For a user group All set up access rights - in the column Allow check the following boxes:
- Reading and execution;
- List of folder contents;
- Reading.
Let us remind you again: we perform these settings for a flash drive.
Now right-click on the folder Files and choose Properties - Security. In the window already familiar to us, we repeat the steps to delete unnecessary groups, if any, and for the group All enable all options in the column Allow.
This is where all the settings actually end. Let us now consider several points related to the use of a flash drive protected by the described method. As already mentioned, all files and folders must be saved and copied only in the created folder. Neither we nor viruses can write anything to the root of a USB drive. There is one drawback: the Send menu, although active, will not allow us to copy files to a flash drive; instead of the expected result, we will receive an error message:
However, any other methods of copying files to a protected flash drive will work (for example Select – Copy – Paste). Only, as already noted, it will not be possible to write data to the root of the disk. And in the folder Files you can perform all the usual actions: create other folders and files, copy, delete, rename, etc.
Viruses, which usually create an autorun.bat file in the root of a USB drive, will no longer be able to write any data to the flash drive after applying the described protection methods. And therefore, our drive will remain completely protected once and for all: we won’t catch the viruses themselves, and we won’t infect the computers of other users.
Flash drives are primarily valued for their portability - you always have the necessary information with you, and you can view it on any computer. But there is no guarantee that one of these computers will not turn out to be a breeding ground for malware. The presence of viruses on a removable drive always brings with it unpleasant consequences and causes inconvenience. We will look further at how to protect your storage media.
There can be several approaches to protective measures: some are more complex, others are simpler. In this case, third-party programs or Windows tools may be used. The following measures may be helpful:
- setting up an antivirus to automatically scan a flash drive;
- disabling autorun;
- use of special utilities;
- using the command line;
- autorun.inf protection.
Remember that sometimes it is better to spend a little time on preventative actions than to face infection of not only the flash drive, but the entire system.
Method 1: Setting up an antivirus
It is precisely because of the neglect of anti-virus protection that malware is actively spreading across various devices. However, it is important not only to have an antivirus installed, but also to make the correct settings to automatically scan and clean the connected flash drive. This way you can prevent the virus from being copied onto your PC.
Method 2: Disabling AutoPlay
Many viruses are copied to the PC thanks to the file "autorun.inf", where the launch of an executable malicious file is specified. To prevent this from happening, you can disable automatic media startup.
This procedure is best carried out after the flash drive has been scanned for viruses. This is done as follows:
This method is not always convenient, especially if you use CDs with extensive menus.
Method 3: Panda USB Vaccine Program
In order to protect flash drives from viruses, special utilities have been created. One of the best is Panda USB Vaccine. This program also disables AutoRun so that malware cannot use it to do its job.
To use this program, do this:
Method 4: Using the Command Line
Create "autorun.inf" with protection against changes and overwriting, you can use several commands. This is what we are talking about:
Please note that disabling AutoRun may not work for all media types. This applies, for example, to bootable flash drives, Live USB, etc. Read our instructions for creating such media.
Method 5: Protect “autorun.inf”
A fully protected startup file can also be created manually. Previously, it was enough to simply create an empty file on a flash drive "autorun.inf" with rights "only for reading", but according to many users, this method is no longer effective - viruses have learned to bypass it. Therefore, we use a more advanced option. As part of this, the following actions are assumed:
These commands delete files and folders "autorun", "recycler" And "recycled", which may already "capitalized" virus. Then a hidden folder is created "Autorun.inf" with all protective attributes. Now the virus will not be able to change the file "autorun.inf", because there will be a whole folder instead.
This file can be copied and run on other flash drives, thus carrying out a kind of "vaccination". But remember that it is highly not recommended to perform such manipulations on drives that use AutoRun capabilities.
The main principle of protective measures is to prevent viruses from using autorun. This can be done manually or using special programs. But you still shouldn’t forget about periodically checking the drive for viruses. After all, malware is not always launched through AutoRun - some of them are stored in files and wait in the wings.
Those who actively use flash drives in the course of their work have probably thought more than once about the question of how to protect the device and the information stored on it. Protect against viruses that can penetrate the drive if it has to be connected to other people's computers. Protect, perhaps, from the deliberate actions of colleagues at work who are eager to destroy stored information. Protect from children. At a minimum, you can protect yourself from viruses and childish pranks by using a mechanical write-protection switch, if the flash drive has one. If there is no such switch, you can resort to software analogues of such a mechanism. And, if necessary, also strengthen the security of stored information. In fact, this is what we will talk about further.
How to protect a flash drive from viruses and erasing information
Ratool program
The small portable program Ratool can protect removable storage devices - flash drives, SD cards, optical disks - from writing unnecessary information and deleting it; on the contrary, the necessary information can be protected. It can be downloaded completely free of charge on the developers’ website:
https://www.sordum.org/8104/ratool-v1-3-removable-access-tool
Two main features of the program:
Prohibiting the recording of data on the media and blocking the deletion of existing data;
Complete media blocking.
Launch Ratool. To prohibit writing to a flash drive and deleting data from it, in the program window, select the “Allow read only” option. Click the “Apply changes” button.
We will see a notification that says that in order to apply the changes made, the flash drive needs to be reconnected. Click “Ok”.
Remove the flash drive from the USB port and insert it again. Now, when you try to copy files to a flash drive in Windows Explorer, the process will freeze at 0% and will not move forward in any way.
And when deleting files from a flash drive, the operation will simply be ignored. But Total Commander will tell anyone who wants to work with our flash drive unauthorizedly about what is happening. When copying files inside the file manager, we will see a message that there is no access.
And when you try to delete data, Total Commander will ask you to remove the write protection.
Ratool, if necessary, can block the flash drive completely - make it so that the computer will not detect it at all. To do this, in the program window you need to select the last item “Block USB drive” and apply the changes.
And, as in the previous case, reconnect the flash drive.
To return everything back - to make the flash drive detected by the computer or to allow data writing - in the Ratool window, select the first item “Allow reading and writing...”, apply the changes and reconnect the media.
From savvy third parties who can reveal the secret of write-protecting a flash drive, Ratool has the ability to access the program by entering a password.
The simple and convenient mechanism of Ratool, unfortunately, is not without its drawbacks. Media blocking carried out using this program applies only to the current computer device. On another PC, on another laptop, the flash drive will not be write-protected. On any new device you will have to launch Ratool and carry out an operation to prohibit the recording of data regarding this particular device. Fortunately, the program weighs very little, so you can put it on a flash drive and always carry it with you. Ratool is a program for Windows that runs from an EXE file, therefore, it will not help when connecting a flash drive to computers based on other operating systems.
Windows Local Group Policy Editor
Ratool, in essence, is a simplified mechanism for blocking removable storage media, which can be done on your personal or work computer using Windows itself - using the Group Policy Editor. The latter cannot be used in the Windows Home edition, but in the Pro edition it can be used to block flash drives, SD cards, optical drives and other drives for both all and individual computer accounts. How to work with the editor in principle and in terms of creating restrictions only for individual users is discussed in detail. Section 3 describes a method for disabling data recording to removable media.
Even the first method, not to mention the second, is good when the flash drive is used in a limited number of Windows computers. If the range of computers is wide, other actions may be more appropriate. You can, for example, use a separate method to protect your flash drive from the possibility of malware penetration. Well, it is advisable to replace the issue of blocking the ability to delete data by third parties with the issue of limiting access to drive data in principle.
Protecting your flash drive from viruses
The mechanism for writing special hidden files with zero size to it will help protect the flash drive from viruses. They have the names and extensions of autorun files, under which malware is usually disguised, and are not deleted or overwritten. They are simply stored on a flash drive without taking up space. If the virus tries to overwrite them, it will not be able to do so. For example, the free portable utility Flash Defender can create such decoy files; you can download it on our cloud storage using the link:
But since we need a universal way to access flash drive data, it cannot be considered in this context. BitLocker is not available in the Windows Home edition, the dominance of which can be observed on many OEM devices of ordinary people. The cross-platform TrueCrypt program can offer a universal method of protection. It encrypts the media and password-protects access to it. It can be used on Windows (including a portable version), Mac and Linux. We discussed the work of this program in detail in articles about “” and.
Nowadays, there are more and more viruses, hundreds or even thousands of new viruses appear every day! Although companies that develop antivirus programs update their creations, you can protect your computer with the help of them if you wish. But here what to do if the usb flash card is infected?
Many of us store most of our important files and programs on a flash drive, and use it not only at home but also at work, studying at college, and school. But none of us are insured! We can be confident in our computer, but when we have to use other people’s hardware monsters, the question arises: how to protect all important information from loss!?
After all, at one fine moment you and I may lose this information that is so important to us! Below I will show you some tricks on how to secure our information storage device called USB Flash.
Ways to protect a flash drive from viruses
One of them suggests creating a flash drive formatted for NTFS and denying write access to the root of the flash drive, and first creating a folder in the root into which all files will be written.
The method can be said to be good, but it also has disadvantages, namely:
1. You cannot transfer a file or folder to a flash drive using the “Send” context menu;
2. You cannot pull out the flash drive without first removing it, because files may become corrupted (on NTFS, as many people know, data is not written immediately, unlike FAT);
3. For Linux users, it will not be very convenient (ntfs-3g, when mounted, heavily loads the processor, which affects performance.
4. And if the flash drive is bootable, it will be almost impossible to use it!
Now let's move on to the real action!
The technology is simple and provides distribution via Flash drives.
Many already know that on FAT32 you can simply create the autorun.inf folder and the viruses will go sideways, or rather they will not run, but their body will still end up on the flash drive, which is not so critical, because they still won’t start and won’t cause harm to the operating system; moreover, they often have the “hidden” attribute. But time does not stand still. Virus creators are also not asleep. There are already special viruses that delete this folder and create a file with the same name only with the code for the virus... Just like that!!!
There is an easy way! You only need to perform three simple steps.
1. Create a *.bat (*.cmd) file with the following content (you can write directly in Notepad, saving it with the appropriate extension, or you can download it in the Notepad++ program):
________________________________________________________________________________________
attrib - s - h - r autorun . * del autorun . * mkdir % ~ d0 \ AUTORUN . INF mkdir "\\?\%~d0\AUTORUN.INF\.." attrib + s + h % ~ d0 \ AUTORUN . INF |
____________________________________________________________________________________________________ |
2. Copy this file to a flash drive and run it (IT IS WORTH RUN FROM A FLASH DRIVE!).
3. That's it, our flash drive is protected!!!
For those who do not understand how to create this file, we suggest you simply download it in the archive:
bat.rar, Download!
Then we unpack this file from the archive into the root directory on the flash drive and run it.
All!
Now in the root of the flash drive there will be a hidden system folder AUTORUN.INF. Now if you run the command in the console:
E:\AUTORUN.INF (instead of E you write the letter corresponding to your carrier)
then we will see that in the AUTORUN.INF folder there are two subfolders named “..”, so this folder (AUTORUN.INF) cannot be deleted
Now all viruses with their autorun.inf go sideways (although the body of the virus will end up on a flash drive, but this file will be hidden and an ordinary user will not be able to run it! - H / D / S
_________________________________________________________________________________
Save (do not forget that the newly created file must be saved in bat (*.cmd) format), drop it into the root of the flash drive and run it! These manipulations will remove the hidden and system attributes from all files and folders on the disk.
Yet again! For those who do not understand how to create this file, we suggest simply downloading it in the archive.
