Archive for January, 2010
You probably would like to know how I survived. In truth, I owe it all to one piece of software; Mipony.
Mipony is a download manager that works with sites like Rapidshare, Hotfile and Megaupload. You simply enter the URL and let this thing do it’s job. It queues all of your downloads for you an willseveral types of premium accounts, but won’t give you any increased speeds, or decreased waiting-times. It simply lets you queue all you downloads, and not have to touch your computer until they’ve finished.
Enjoy it, I did!
Last week I posted about svchost.exe, an amateur, but nasty virus that spreads by copying itself to flash drives and making other computers hosts, if not fully infecting them. Luckily for you guys, I’ve kept my copy in a sandbox and poked and prodded it a little. I’ve found a few ways to protect your computer and your flash-drive.
First off, here’s a simply way to protect your computer: disable autorun. This has been the bane of security experts for a long, long time. If you run Windows 7, you’ll notice it has been disabled by default, but on Vista or XP you will need to do it manually. It should be in the control panel, under “autoplay.” This will stop the virus from being written to your computer.
Now to your drive. To stop certain files from being written to your flash drive, we will be creating a few dummy-files, with the same names. First of all, we will be revealing hidden and protected files. Go to tools -> Folder Options -> View. Check “Show Hidden Files and Folders,” then uncheck “Hide Protected Operating System Files” (in Vista, you may need to press “alt” to get to the menu bar). Here is what we will be typing into the cmd window at you will be seeing (assuming the default directory of cmd is C:\WINDOWS\System32>, the drive letter is G:\ and we are removing and replacing only svchost.exe):
C:\>cd /d G:
G:\>attrib svchost.exe +h +s +r
Repeat for each file you want to block. What we are doing here is changing directories, deleting and replacing it with a folder with the same name. You can do this with any other files. Here’s a list of suspicious files that should be blocked:
- New Folder.exe*
As previously mentioned, portable viruses can spread at work or at school. The best way to prevent it from spreading is to disable autorun on all the work/school computers. Contact your computer technician about that.
I’m working on batch scripts that will do this for you if you want. I’ll get them posted as soon as possible.
*Because of the space in this name, you will need to type mkdir “New Folder.exe”.
I know experimenting with malware is like playing with fire, but I just couldn’t resist this time (maybe I’ve been influenced by xkcd). Svchost.exe is a cute little amateur virus, most commonly found nestled in a flash-drive’s autorun.inf file. A PC is infected when the autorun window appears and “Open folder to view files” is clicked. It will (likely) run and take 100% of your computer’s resources. This post will help you know if your drive is infected, and how to clean the infected drive, but not remove it from your infected computer.
First the first sign you will see is when you open-up “My Computer.” You will see that the icon on your infected drive is a folder icon (this indicates that the autorun has been changed, and the computer does not associate it with Windows Explorer). On some computers it will not open unless you right-click -> explore, but on others it will open the same way as usual.
The second sign is when you open the drive’s root. Go to tools -> Folder Options -> View. Check “Show Hidden Files and Folders” (in Vista, you may need to press “alt” to get to the menu bar). Then uncheck “Hide Protected Operating System Files.” You reveal them, you should look for two files; svchost.exe and autorun.inf (these are the only two files I saw, but there are other cases where there are others. If you encounter any, look them up before deleting them).
To be sure, open up the autorun.inf file. Look at its contents. If anywhere in the file you see what is in the quotes, your flash-drive in infected.
action=Open folder to view files
To remove the virus, simply go on a computer where you have administrator access and rights, and simply delete those two files (as I said before, look up any other files before deleting them).
This should work, it did for me. Leave a comment if it didn’t and I’ll be happy to help.
Here’s a funny little video I stumbled upon a few days ago. It’s in french, but I’m sure most of you can figure out what’s going on. There are no sentences longer than a few words, so it would have no use to translate it for you.
A translation of the pun at the end is:
“Hey girls, do you know the difference between an apple (a Mac) and a window (a PC)?”
“Well, there is none!”
It’s too true. Once I find a way to play current games on a Linux machine, I’m switching and never looking back.