Tips for precaution against Viruses and Malware

Nowadays most of the viruses and malware¹ infect the computers through pen drives or USB Thumb drives. Pen drives having such malware has an autorun.ini which contains code to automatically run the malware when the pen drive is attached to the target computer. This happens normally when the "windows autorun" feature is enabled in the target computer. So to stop viruses from infecting your computer, I recommend that you should disable the "windows autorun" feature as this feature is seldom required by most of us.

The process for disabling Windows Autorun:-

• Go to Start Menu and click Run...
• Open the Group Policy Editor by typing gpedit.msc at the run prompt and hit enter.
• In the Group Policy Editor that opens up, choose Local Computer Policy -> Computer Configuration -> Administrative Templates -> System. In the right pane find a setting named "Turn off Autoplay" and double click it.
• In the "Turn off Autoplay Properties" dialog box, select Enabled(for disabling autoplay) and "For all drives" from the drop-down menu. And, then click apply and OK.

• Autoplay is now disabled. Close the Group Policy Editor.

This will prevent the malware from running automatically and help you keep your system clean. Generally most antivirus softwares are capable of handling such threats but they may not prevent a new virus from running. So to be on the safer side use this tip. Also I should recommend that you always access your removable drives from the address bar rather than double-clicking them to open or using right-click options because some malwares come with autorun.ini which has code to link the executable to the default Open command or Explore command of the Explorer. To access your removable drive from the address bar, just enter the drive letter of your removable drive and a colon and press enter(e.g., "F:" or "G:").

Usually these worms are hidden and have system attribute so you will not be able to see these files unless the "Show hidden files and folders" is selected and "Hide protected operating system files" is unchecked in the Folder Options dialog box under the View tab. If you see any suspicious file or folder in the root of the removable drive which you have not created or saved in the drive, remove these files immediately. You can also scan the files with your antivirus software.

These malwares if executed may create a copy of the executables in the "[System Drive]²:\Windows", "[System Drive]:\Windows\System32" folders and in the roots of all the drives, and also in any other attached removable drive. They also create autorun entries for the executables so they can automatically start each time windows is started. Most of the viruses try to disable the task manager or the registry editor so that it is dificult to remove the malware from the memory.

I will also write a post which describes how to remove such malwares from the active memory and your computer if it is infected.

References

1. ^ Malware, a portmanteau from the words malicious and software, is software designed to infiltrate or damage a computer system without the owner's informed consent. Source: http://en.wikipedia.org/wiki/Malware


2. ^ System Drive is the partition or drive in which windows is installed.