Autorun is nothing new for those Windows based PC user. When you plug in a thumbdrive or an external hard disk, a window will popup, like shown below
- Stealing windows cd key, wireless password, auto stored password (IE and Firefox)
- The breeding spot for virus like RavMonE.exe, Flash10.exe, scandal.exe, etc...
This can be easily done. Get yourself a working thumbdrive (preferably those with U3 technology) and head on down to here --> Gonzor SwitchBlade
The goal of the USB Switchblade is to silently recover information from a target Windows 2000 or higher computer, including password hashes, LSA secrets, IP information, etc...
The breeding spot for virus like RavMonE.exe, Flash10.exe, scandal.exe, etc...
Now this is not new in the market. If you havent read nor heard of this viruses, then either you are using Windows 95/98 or you are living in a cave. Many viruses runs amok, spreading themselves on thumbdrive faster than you can say "Speedy Gonzales". While some are non malicious, others are down right nasty by disabling some of the favorite tools used by admin (folder options, task manager and command prompt).
But dont fret, many tools on the web claims to cover or eradicate the viruses from your thumbdrive. Among them are
- Flash Disinfector by Subs (HIGHLY RECOMMENDED-cleans and prevent future attacks)
- Nokie's Flash Disinfector Batch File Update
- jaymyka.wen9.com virus remover - Removal Tool
- Jamesgo.dll Automatic Removal Tool
- Computer Shuts Down when you Open up CMD (Command Prompt)
- Say No to Drugs - iloveher.exe virus remover/removal instruction
- SmitFraudFix v2.305
Another good read is to disable the autorun via registry and also remove the thumbdrives that has been inserted into your computer. Steve Riley security blog mentioned about this
taken from http://blogs.technet.com/steriley/archive/2007/10/30/more-on-autorun.aspxLast month, in my post "Autorun: good for you?" I described why I believe you should disable Autorun on all computers in your organization. I also explained how you can do this for XP and Vista computers.
Well, it turns out that Windows will override this setting if you insert a USB drive that your computer has already seen. I received an email from Susan Bradley that links to an article on Nick Brown's blog, "Memory sitck worms." Nick mentions the MountPoints2 registry key, which keeps track of all USB drives your computer has ever seen. I'll admit, I didn't know this existed! I'm glad Nick wrote about it, though.
Nick also includes a little hack that effectively disables all files named "autorun.inf." Interesting, but something in me prefers to make Windows just plain forget about all the drives it's seen. So now I will amend my instructions. In addition to what I wrote earlier, you should also write a small script, and execute it through group policy, that deletes the following key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
When I searched for it in my registry, I also found a few others, so maybe you'd want something that would search through the registry and delete them all, although I don't know if such a tool exists -- I've never had a need to look for something like that.
