I have Outpost removable media protection set to block autorun.inf and block any application from launching that does not have a digital signature. Plus I use a usb immunizer from a different source since avast doesn’t provide this.
Avast should release their own usb immunizer so users do not need to go to other sources. This would help to protect any computer that you plug a usb into from autorun based malware.
Step my Removable protection a notch in Outpost to also block the launch of applications that are not signed by trusted digital signature. I don’t Enable CD protection though.
Original idea for MCShield are came from USBNoRisk ( first USB malware removal that is designed for helpers ) that we used the our malware removal forum to clean ifected USB flash drives.
USB viruses are not spread via autorun.inf just as everyone thinks.
Malware usually comes through using:
autorun.inf
Desktop.ini/comment.htt/ActiveX
user
Windows Shell-LNK exploit (newest method)
The program can prevent all known vectors attack.
Example:
How malicious program uses the Desktop.ini files?
AppleObject.createInstance()
Set WsShell = AppleObject.GetObject()
Wsshell.run(Path + "malicious_file.EXE")
This is just part of the code Comment.htt file, but as you can see, powered by / run the malicious program.
Double click on the folder icon is enough to start a malicious program and do what it is intended for.
Some of the malware uses this method (Stuxnet), without double-clicking on the folder.
MCShield will automatically disable this malware and put it in quarantine.
Panda USB Vaccine not see this infection.
Good information!
Thanks for the input, I believe I will switch.
I also have OPFW set to protect USB and no digitally signed, but what the heck the resources used are nil and the added protection ( 2nd. layer) can’t in my estimation hurt. ;D
Panda creates an autorun.inf file that after the change the file attribute which proclaims the partition, thus leading the Windows FAT driver to confusion and thus being unable to access the file (and thus prevents malware and uses standard Windows functions to access the file)
but…
Is not a philosophy that I have malware starts to write directly on the disk, without using Windows driver.
Just thought I’d say, I use USB alot with shared Flash Drives as this is how I monitor various aspects of my buisness.
Anyway, I read the pdf file supplied, liked what I read and downloaded/install MCShield.
I think it is compac, and find it a very nice tool. Will use it now
One of the small interesting side benefits of staying in touch with whats going on here on the forum. 8) I’ve mentioned before, I like to read most everything
Nice little didi Tech
This tool doesn’t want to work for me. After the installation I got the Windows pop-up saying that the scanner stopped and would be closed. I disabled scanning removable media and hard drives on the programs start and rebooted. After that the program started well but as soon as I insert a USB-stick I again got the pop-up that the scanner stopped and would be closed.