I have heard a number of people said “ My USB is infected with an autorun virus” or something similar to that.
First of all autorun or autorun.inf is not a virus or a malware (malicious software) at all. It is a valid component of the Windows operating system which was introduced in Windows 95 (probably some of you kids have not even seen a Windows 95 before)
Autorun was intended to make software installation easy for non-technical users. How? Let’s say you bought an installer for your favorite game (not a pirated one I hope), you load it in the DVD drive, what happens after loading the DVD? Right, the installation menu automatically popped up! How did that happen? It happened because there’s an Autorun (or Autoplay) in that DVD that automatically calls for the Installation menu to pop-up. Then you go ahead with the installation and read the READMEFIRST file when your first or nth installation attempt was not successful.
Another example, when you insert your USB or flash drive, you will see this pop-up.
This is still because of Autorun.inf.
Autorun, just as some other features of Windows operating systems, however has been exploited by those who so much idle times in their hands. They make scripts or programs with malicious intent. Some are simple annoyance, some will take so much of your computer resources and drag its speed to slower-than-a-snail pace. Some will are even intended to hijack your username and password (Dangerous for those who do online transactions)
What happens if a computer is infected with a virus or mal-ware that uses autorun?
When a computer is infected with a malware that uses autorun to spread itself from one computer to another, it will write a copy of the malware itself, for the purpose of discussion I’ll use the once, irritating imgkulot.vbs malware.
Here’s another example (I hope your not bored reading up to this part yet.)
You went to your friend and want to copy something from his/her computer. Unknowingly, your friend’s computer is infected with the imgkulot malware. You insert your usb and copy the files you wanted. What you don’t know is, the imgkulot has detected that you have inserted a usb disk and wrote a copy of itself in your usb along with the needed autorun.inf to launch itself next time you insert your usb in another computer. Then when you insert your usb into your computer and let’s say your anti-virus was not updated, so the malware was not detected, and what happens is the autorun.inf will automatically launch the imgkulot malware into the memory and create a hidden copy of itself somewhere in your Windows directory.
Preventive measures (‘Preventions’ if you want me to put this way)
Even if your USB is infected, you can easily prevent your computer from being infected.
1) As you insert your USB, press the ‘Shift’ key of your keyboard. Pressing the shift key will not run the autorun.inf, thus will not launch the malware into your system.
2) Right Click-> Explore. It’s always too easy to double click your USB to open it, but doing so will also run the autorun.inf, thus will launch the malware. One safe alternative is Right click on your USB disk and you will the figure below then select Explore.
3) Update your anti-virus: of course it’s always good to have your anti-virus activated regularly and frequently.
4) Disable Autorun from your registry. This is a little bit technical, I’ll post the instructions here next time.
Have a safe Internetworking!