Last week I posted about svchost.exe, an amateur, but nasty virus that spreads by copying itself to flash drives and making other computers hosts, if not fully infecting them. Luckily for you guys, I’ve kept my copy in a sandbox and poked and prodded it a little. I’ve found a few ways to protect your computer and your flash-drive.
First off, here’s a simply way to protect your computer: disable autorun. This has been the bane of security experts for a long, long time. If you run Windows 7, you’ll notice it has been disabled by default, but on Vista or XP you will need to do it manually. It should be in the control panel, under “autoplay.” This will stop the virus from being written to your computer.
Now to your drive. To stop certain files from being written to your flash drive, we will be creating a few dummy-files, with the same names. First of all, we will be revealing hidden and protected files. Go to tools -> Folder Options -> View. Check “Show Hidden Files and Folders,” then uncheck “Hide Protected Operating System Files” (in Vista, you may need to press “alt” to get to the menu bar). Here is what we will be typing into the cmd window at you will be seeing (assuming the default directory of cmd is C:\WINDOWS\System32>, the drive letter is G:\ and we are removing and replacing only svchost.exe):
C:\>cd /d G:
G:\>attrib svchost.exe +h +s +r
Repeat for each file you want to block. What we are doing here is changing directories, deleting and replacing it with a folder with the same name. You can do this with any other files. Here’s a list of suspicious files that should be blocked:
- New Folder.exe*
As previously mentioned, portable viruses can spread at work or at school. The best way to prevent it from spreading is to disable autorun on all the work/school computers. Contact your computer technician about that.
I’m working on batch scripts that will do this for you if you want. I’ll get them posted as soon as possible.
*Because of the space in this name, you will need to type mkdir “New Folder.exe”.