It's very common for a thumbdrive to be infected by using it on an infected machine, with the famous trojan, AUTORUN.exe!

We can protect our thumbdrive with just this few step. HOW? Format it to NTFS and locked the root directory. Create Folder to store all your file, as autorun.exe will only attack the ROOT and no the folder within. My solution might not be 100% free from virus attack, but is a solution to get less attack!

below are the step needed:

1) plug in the thumbdrive to USB port.
2) go to device manager -> disk drive -> right click on your thumbdrive and select properties
3) go to policy tabs and select Optimize for Performance
4) now you can format your thumbdrive to NTFS format
5) go to control panel -> folder option -> select view tab, scroll to the last line where u will see Use simply file sharing. Uncheck this option.
6) now go to your thumbdrive and create a few folder.
7) right click on the root folder and select sharing & security, go security tab. Uncheck all the option and just check read under Allow row.
8) to the newly created folder, you can give full access, meaning allow every access.

DONE!! now your thumbdrive is SECURE!!!

This post has been edited by ckboon: Sep 21 2010, 05:09 PM

any one tried this on a Mac?

Another way to prevent virus from starting up when u plug in the pendrive is to create a folder n name that folder "autorun.inf" (without quotes)

this way, even if ur pendrive is infected, when u plug in to other system it won't auto run the virus file or batch file (unless ur tangan gatal go double click the virus file urself )

like wat TS says, not a 100% guarantee but it does prevents some potential damage that could possibly done to any system thru this way.

Thanks for the info guyz ... but is there any other way to disable the auto run for just the thumbdrive or any external hdd from our pc setting??

I heard our os have such options but i didnt know to do it.

Just run Flash Disinfector by sUBs and it will create the hidden folder.

yes can be done, but the autorun will still get to your thumbdrive, only that it's no activated. by formatting and locking the root, autorun definitely will not sit it.

meaning, if u format it using NTFS, u go to what soever PC also autorun will not start. but if u set off autorun for a certain PC only, and u go to other PC without the setting, the PC will still be infected! so my solution is 1 and for ALL, and the solution you are mentioning is ALL PC need to set by that way!

if you insist on setting on the PC alone this is the method:

go to run -> gpedit.msc

Computer Configuration -> administration Template -> system
look for "Turn off Autorun" on the right tab double on it. You can do the setting there

do the same for User Configuration

---

Added on September 24, 2010, 12:20 pmnot a good solution, after all there is still a risk for to u click on the file. By NTFS locking, we can't even see the file, and the file cant kick it as well. I do remember there's a kinda of virus which will create a fake folder with the extension .exe and hide the original folder. so once the user click on the fake folder, the GOOD LUCK!

and by NTFS locking, this will not occur since the ROOT had been LOCKED!

like what i mention, most of the virus will try to attack the ROOT. so attack the ROOT is useless when it had been set to read only.

---

Added on September 24, 2010, 12:22 pmby doing so you are still vulnerable to attack. NTFS locking doesn't need any hidden folder to protect the thumbdrive, hence no space gone just to protect it.

---

Added on September 24, 2010, 12:28 pmBut there is 1 disadvantage by using LOCKING the ROOT, which is, you can't right click-> Sent to -> "your thumbdrive" since it's locked, so we needa copy the file/folder and place it inside the folder which is after the root.

i don't take this is a very big problem for me. So for those hardcore right click sender, this is your only disadvantage.



This post has been edited by ckboon: Sep 24 2010, 12:28 PM

Nope, by doing that autorun.inf could not able to write himself into pendrive due to the folder with the same name created by Flash Disinfector (sUBs) And by create a empty folder will not take even 1kb space in the pendrive.

Your way to do is prevent the malware infects your data, but sUBs's way is prevent the malware goes into the pendrive. So whichever better?

Some newer autorun viruses can actually rename or delete the "autorun.inf" before creating their own autorun.inf file in the drives, so SUBs method is not totally foolproof since I did encounter this situation myself a few times.

Both sUBs & ckboon methods will not protect the subfolders from recursive folder worm infection such as Brontok.
You will see the virus .exe files in every subfolders after plugging your USB drives into this type of infected PCs.

huh? my apology as i don't know sUBs works, and i needa rephase, by locking the NTFS, all file/folder cant be written to root, so meaning malware, virus, trojan, worm, file, folder all cannot be written onto the ROOT of the thumbdrive, so it's not like wat you said to prevent the malware to infects the data, but rather, files cannot even be written to root, and it got the same meaning as to prevent malware to goes into the ROOT of pendrive

and you have the right to set the permission to LOCK all the folder(s) inside the ROOT as well, so if we are so scare that it will be infected, and we just wanted the file to be copy out and nothing in, we can just locked all the folder, so nothing can even enter to the thumbdrive. Just like a CD/DVD, we can only copy but we can't write.

Since there's other malwares that possible to infect external hard drive, it's not practical to do sort of the methods just to prevent the intrusion of just a kind of malware. autorun.exe can be prevented by right click and choose Open or Explore on your pendrive instead of double click it. Very simple.

Anyway your way can used to secure your data I guess. Since it prohibits any action of altering the root folder.

Again... thanks for the info guyz. I use many thumdrives for my workstation here at the office. So, its better i set the options at my pc also.
Anyway, tthanks again. Really informative.

external HD also can formatted to NTFS with the method provided. To be precise, this method not only prohibit any alteration to the ROOT, but to any folder as well. It just that most of the attack will aim for the ROOT, that's why i set the root permission to READ only.

So the annoying part is you have to change the permission level when you want to write something into it...User unfriendly...

like what i mention, we can just LOCK THE ROOT, and give full permission to the rest of the folder which residing inside THE ROOT.

by doing so, we dont have to change the permission each and everytime, and it's just a 1 time job.


it's just like a firewall, either u assign all the rules urself, or ask it to prompt once there's an unknown traffic coming in/going out, or we can just allow all!

by blocking a certain traffic, sometimes we might wanna open it for some purpose... so there's some changes of the rule to be done.

it's the same for the folder permission. for noob, LOCKING THE ROOT is more than enough, for the ADVANCE user, playing with the permission is something fun and it wont consider user unfriendly to them.



and remember no 3rd party software that into account for this GUIDE and it's more than secure to perform, as i don't like to reliance on 3rd party stuff.

cheer..

Since i use thumb drive long time ago... never know about this, thanks for you sharing the information to us .

nice guide..actually if u give d step much2 better
will try this

in easiest way, try Panda USB Vaccine. its free

what u meant? All the step are written on the first post.

like what i mention, i don't take into the account of 3rd party software. and the rest of the advantages for my guide had been addressed earlier in few of my post.

ntfs should be the best way for students. =) like me

hmm...sounds great.
lemme try it

it's the best for windows environment.

---

Added on November 1, 2010, 5:25 pmjust found out that, using NTFS my rmvb player cannot detect my drives.



This post has been edited by ckboon: May 31 2011, 10:54 AM

latest media player now should be able to read NTFS file.. so happy securing ur thumb drive!!

There's another way besides using 3rd party. Have been using for the past 1.5years for PC malware troubleshooting and not an "infection" on my thumb-drive (touchwood).


1. Browse to your removable drive
2. Create a new folder
3. Rename the folder as autorun.inf
4. Now, open the command prompt [how?]
5. In command prompt, change to your drives directory. For example, if your flash drive is labelled I: in My Computer, then type in the command prompt I: and press enter
6. Then type attrib +s +r +h autorun.inf

The last command is to protect and hide your fake autorun.inf and make sure that the file is irreplaceable by the malicious autorun.inf file. Now, next time you plug-in your flash drives on an infected computer, the malicious autorun.inf cannot be copied into your flash drives, thus saving your drives from being a virus carrier afterward. The virus itself, however, might be copied into the drive, but let your anti-virus take care of that.

Lol one year old thread.

Yeah. Might as well just encrypt your pendrive. At least when you plugged in you won't kena at first until you decrypt it. Lol.

lol you had already written the disadvantage for this method. your method will prevent the execution of autorun only, but cannot prevent virus copied to it. hence bringing the infected drive to an unprotected PC then GG lo..

---

Added on January 6, 2012, 3:21 pmyea lor... now is the 2nd year.. after so long i just come here t check..

informative stuff can last long



This post has been edited by ckboon: Jan 6 2012, 03:21 PM

autorun


actually both pendrive and the pc itself should have security on it

Im agree with this technique and the technique about creating folder named "autorun.inf".
Virus still can copied itself but its not functioning until user clicked.
But, most of the virus are hid and not visible to be click.

This is good solution to prevent virus coming from USB.


Im suggests you all to use:

1. Autorun killer (Delete autorun automatically)
2. ThreatFire (layer for virus protection)
3. Scotty (Prevent changing of the registry)

guess this thread is still useful as i am still using this traditional method on all my thumbdrive..

I think the best method to prevent this is to just disable Autorun in operating systems and launch it from Explorer as a 'Portable Device'.

-disable Autorun on PC- u needa do it on each and every PC your wanna use.

-disable permission on USB drive - that particular USB drive is secured regardless on any PC you go to.

cheers

well, another way to put it: disable autorun on a pc means none of the usb drives, whether it's yours or others, will trigger autorun. (it's a good practice in general)

by the way disabling permissions on usb drive via ntfs is a nice trick.