How to protect a USB flash drive from virus infection. How to protect a USB flash drive from viruses? Ways to protect a flash drive from autorun viruses

Flash drives are primarily valued for their portability - the necessary information is always with you, you can view it on any computer. But there is no guarantee that one of these computers will not turn out to be a "hotbed" of malware. The presence of viruses on a removable storage device is always unpleasant and inconvenient. How to protect your storage medium, we will consider further.

There can be several approaches to protective measures: some are more complicated, others are simpler. This can use third-party programs or Windows tools. The following measures may be helpful:

setting up antivirus for automatic scanning of a USB flash drive;
disable autorun;
using special utilities;
using the command line;
autorun.inf protection.

Remember that sometimes it is better to spend a little time on preventive actions than to face infection not only of the flash drive, but of the entire system.

Method 1: Configuring antivirus

It is precisely because of the neglect of anti-virus protection that malware is actively spreading across various devices. However, it is important not only to have an antivirus installed, but also to make the correct settings for automatic scanning and cleaning of the connected flash drive. This will prevent the virus from replicating to your PC.

Method 2: Disable autorun

Many viruses are copied to the PC thanks to the file "Autorun.inf", where the launch of the malicious executable file is registered. To prevent this from happening, you can deactivate the automatic launch of the media.

This procedure is best done after the flash drive has been checked for viruses. This is done as follows:

This method is not always convenient, especially if you are using CDs with branched menus.

Method 3: Panda USB Vaccine Program

In order to protect the flash drive from viruses, special utilities were created. One of the best is the Panda USB Vaccine. This program also disables AutoRun to prevent malware from using it for its work.

To use this program, do the following:

Method 4: using the command line

Create "Autorun.inf" it is possible to protect against changes and overwriting by applying several commands. It is about this:

Please note that disabling AutoRun is not suitable for all media types. This applies, for example, bootable flash drives, Live USB, etc. Read about creating such media in our instructions.

Method 5: Protecting "autorun.inf"

You can also create a fully protected startup file manually. Previously, it was enough just to create an empty file on a USB flash drive "Autorun.inf" with rights "only for reading", but according to the assurances of many users, this method is no longer effective - viruses have learned to bypass it. Therefore, we use a more advanced version. Within this framework, the following actions are assumed:

These commands delete files and folders "Autorun", "Recycler" and "Recycled" who may have already "Capitalized" virus. Then a hidden folder is created "Autorun.inf" with all protective attributes. Now the virus will not be able to modify the file "Autorun.inf" since there will be a whole folder instead.

This file can be copied and run on other flash drives, thus holding a kind of "Vaccination"... But remember that it is highly discouraged to perform such manipulations on drives using AutoRun capabilities.

The main principle of protective measures is to prevent viruses from using autostart. This can be done both manually and using special programs. But you shouldn't forget about periodically checking the drive for viruses. After all, malware is not always launched through AutoRun - some of them are stored in files and wait in the wings.

Along with cloud services, we very often use regular flash cards to store photos and movies. We connect it to other people's computers and laptops, which carries the risk of infection with viruses and other malicious programs. The statistics are relentless: every 10th computer is a direct threat. The question arises: how to protect a USB flash drive from viruses without reducing the comfort of its use?

Windows standard methods

Most often, infection of a USB drive occurs through a file autorun.inf... This file serves a very specific purpose: to automatically launch or install applications from a flash card to a computer. It is hidden, but it is present on any flash drive. As in other areas of life, early protection and prevention is better than laborious treatment, which does not guarantee a 100% positive result. Therefore, the main task is to make the autorun.inf file invulnerable to attempts to infect it.

Extremely important: the methods described below will protect the media from malware that uses USB-flash as a means of distributing itself (they are the ones who tend to overwrite the mentioned file in their own way). Viruses, trojans and other troubles in program installers will not go anywhere: use antivirus software to detect them.

Disable startup

This is a method of protecting the computer itself from a possibly already infected USB flash drive, both from yours and from someone else's. The easiest way to do this is to follow the steps below. For Windows 7:

Press the key combination Win + R.
In the "Run" window that opens, enter gpedit.msc and click on OK.

Click on "Allow" when a message appears about the need to perform an action on behalf of the administrator. You may also need to enter an administrator password.
In the Local Group Policy Editor window that appears, expand the "Computer Configuration" list and then "Administrative Templates".
Select the item "All parameters".

In the list that opens, right-click on the line "Disable autorun" with the right mouse button.

Press "Change", make the item "Enable" active, the value "All devices" should be set below.

Click "Apply".

Please note: in some versions of Windows (8,8.1) the sequence in steps 4-6 may differ slightly and look like this: "Computer Configuration" - "Administrative Templates" - "Windows Components" - "Autorun Policies" - "Disable Autorun".

A reboot may be required for the changes to take effect. That's all - now any flash drives connected to the computer will not start automatically on it and will not cause harm without the user's participation.

Autorun file protection

Now there is a way to protect the flash drive itself from malware that spreads using physical media. This is the very autorun.inf.

In the good old days it was enough to create an empty write-protected file on a USB-drive. That is, with read-only permissions. Today, such measures are not enough. But the essence of the actions is similar. Create a special file on a USB flash drive checked by a good antivirus, making sure that there are no dangers. Open a regular notepad and copy these lines into it:

attrib -S -H -R -A autorun. *
del autorun. *
attrib -S -H -R -A recycler
rd "\\? \% ~ d0 \ recycler \" / s / q
attrib -S -H -R -A recycled
rd "\\? \% ~ d0 \ recycled \" / s / q
mkdir "\\? \% ~ d0 \ AUTORUN.INF \ LPT3"
attrib + S + H + R + A% ~ d0 \ AUTORUN.INF / s / d
mkdir "\\? \% ~ d0 \ RECYCLED \ LPT3"
attrib + S + H + R + A% ~ d0 \ RECYCLED / s / d
mkdir "\\? \% ~ d0 \ RECYCLER \ LPT3"
attrib + S + H + R + A% ~ d0 \ RECYCLER / s / dattrib -s -h -r autorun. *
del autorun. *
mkdir% ~ d0AUTORUN.INF
mkdir "?% ~ d0AUTORUN.INF ..."
attrib + s + h% ~ d0AUTORUN.INF

Save the result to a USB flash drive by naming the file locker.bat... After the dot there is an extension, it is extremely important and should look exactly like .bat... Open the USB flash drive through the explorer and run the newly created file with the usual double click of the mouse. It will execute as a small program and create a protected AUTORUN.INF folder.

What does it do? By inserting a USB Flash Drive into an infected computer, there is no need to be afraid of the viruses on it that spread via USB. Such a virus will rush to overwrite the autorun.inf file, but it does not exist! Instead, a folder, and even protected.

It is important: viruses can write themselves to other places on the flash drive by changing other files. Therefore, when inserting it into a computer, check it with an antivirus before opening it.

Radical way

If you have to connect a USB flash drive to someone else's computer, but only to drop files from it, the option of switching the file system to read-only mode is suitable. This is an effective, but, in most cases, inconvenient way, making the "send to removable disk" option and similar operations inoperative.

In order to apply this method, you must:

Format USB media to NTFS file system. Please note: all data from the flash drive will be deleted! If your flash drive is already in NTFS, skip this step.

Write down all the necessary data, put them in one folder.
Open the properties of the flash drive (right-click) and in the "Security" tab click on the "Change" button.

In the "Allow" column, uncheck all the boxes except for the items "List of folder contents" and "Read".
Click "OK".

Now not a single virus will be able to register on the USB flash drive.

Using third-party programs

You can also protect USB media from malware using specially designed programs. For example, Panda USB Vaccine. This free utility is specially designed to protect removable media.

After downloading and running it, connect the USB flash drive that you want to protect to the computer. Follow 2 easy steps:

In the drop-down menu, install the required USB-drive;
Click on the Vaccinate USB button.

And that's it! The flash drive is protected from overwriting the autorun file. In fact, the program simply disables autorun, but it does so by pressing a couple of buttons in a user-friendly interface.

Conclusion

Unfortunately, you cannot 100% protect your flash drive from viruses. The measures described in the article only prevent the automatic penetration of malware first onto a USB drive, and then onto your PC. Always keep your antivirus up to date and scan your flash drives before opening them in File Explorer.

Good day, dear habra-reader. I work at a university, in a computer laboratory. We administer about a hundred computers. We were faced with the problem of protection against Autorun-viruses on flash drives. Naturally, we have disabled autorun in Windows, but we needed to protect the flash drives themselves so that the worker at home, having inserted a working flash drive, would not infect his computer. Under the cut is a solution to the problem.

Before you start ...

Dear users, the actions described below were performed in Microsoft Windows Xp OS, in other operating systems the process may differ from the above. I would also like to say that the author of the text is not responsible for equipment damaged as a result of performing the actions described below.

Training.

To implement our plan, we need to format the flash drive in NTFS, for this there are several methods I know of. For me, the easiest is to use Acronis Disk Director.

After starting Disk Director, you will see a list of disks connected to your system. In this list we find our flash drive, right-click and select "Delete partition", in the new window we leave everything as it is (There is not much difference there). Then again right click on our disk and select “Create Partition.” In the “Create Partition” window, select:

File system: NTFS.
Create as: Main section.

Now click on the "Checkbox" icon and in the window that appears, click "Proceed". After making the changes, restart your computer.

The flash drive can also be formatted in a simpler way, indicated by uv. :

Start -> Run -> cmd ->
Convert f: / FS: NTFS< - это если данные на флэшке нужны и их некуда сбэкапить
Format f: / FS: NTFS< - если данные нафик

Customization.

So, the card is ready for configuration, go to the flash drive and in the root directory create a directory in which the data will be stored, I named it "DATA". Right click on the new directory and go to the security tab, then click on the "Advanced" button. Here we uncheck the box "Allow inheritance of permissions from the parent object to this ...", in the dialog that appears, click "Copy", then click "OK" in both windows. Now let's go to the "Security" section of the root directory of our media and configure the permissions as follows:

In the "Allow" column, leave the following items checked:

Reading and Executing
List of folder contents
Reading

In the "Deny" column, put a tick in front of the "Record" item, in the dialog that appears, click "Yes".

That's all, in the end we get a flash drive that Autorun cannot sign up to. For this we sacrifice a small share of performance, the ability to write to the root directory of the media and, of course, the inability to use the "Send" menu to copy data to the media.

Possible problems and solutions.

After formatting the drive to NTFS, it is not visible in the system.

Right click on "My Computer", select "Management", in the window that appears, go to "Disk Management", right click on our flash drive and select "Change drive letter or path to disk". Select the letter, click "Ok".

Unfortunately or fortunately, I have not found any more problems, if you suddenly find it - write, we will try to solve it.

Disable autorun.

Except XP Home Edition:
start - run - gpedit.msc - computer configuration - administrative templates - System - disable autorun (choose where to disable). Next, apply the new policy using the gpupdate command in the console.

In Home There is no Group Policy Management snap-in, but the same effect can be achieved by manually editing the registry:
1) Start -> run -> regedit
2) open the branch HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies
3) Create a new section
4) Rename the created section in Explorer
5) In this section, create the NoDriveTypeAutoRun key

Valid key values:
0x1 - disable autorun on drives of unknown types
0x4 - disable autostart of removable devices
0x8 - disable autostart of non-removable devices
0x10 - disable autorun of network drives
0x20 - disable autorun CD drives
0x40 - disable autorun RAM disks
0x80 - disable autorun on drives of unknown types
0xFF - disable autostart for all disks in general.

The values can be combined by summing their numeric values.

Default values:
0x95 - Windows 2000 and 2003 (disabled autorun of removable, network and unknown drives)
0x91 - Windows XP (disabled autorun of network and unknown drives)

It's always like this with security. It is worth relaxing and, chatting with a friend, insert his flash drive into your well-oiled computer, and when asked by Kaspersky whether we should check this flash drive, you light-heartedly answer - no need to ... And then you get entertainment for the whole weekend ...

And even more often there is another situation - when you have to insert your USB flash drive into someone else's computer. It is not at all necessary a computer of friends-buddies, now you can pick up a virus in a photo printing studio, and even in a tax office ...

In this article I will tell you how to protect your computer and flash drive from viruses without additional programs.

You will find out 3 quality, time-tested methods that save in most cases.

Do not go into the registry if you have never done this, and have a bad idea of how a section differs from a parameter, and how parameters are created and their values changed!

1. Protecting your computer from viruses on a USB flash drive. Disable autoload.

Let's start by protecting our computer from infected flash drives. You never know where we inserted our flash drive ourselves, or who came to us with an unknown flash drive ...

To reliably protect your computer from viruses on USB sticks, it is enough to disable autorun (autorun) on all drives connected to the computer. To do this, you can use special programs (Anti autorun), or make simple settings.

Anti-autoran is a program for protecting flash drives, memory cards, mp3-4 players and other removable media from viruses.

All further actions are done with administrator rights.

Ways to protect your computer from autostart on flash drives

1. Disable autorun in group policies

Open the Local Group Policy Editor:

Start - Run (Win + R) - gpedit.msc or in the search bar start typing "group"

Computer Configuration - Administrative Templates - All Settings - Disable Autostart

Right click - Change - Enable - All devices - Apply.

2. Disable autorun using the registry editor

You can also completely disable autorun from all disks using the registry editor.

Start Registry Editor (Win + R). Open a branch

HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer

and in the value of the binary parameter " NoDriveTypeAutoRun", And write" FF "instead of" 95 "(or" 91 ").

Valid key values:
0x1 - disable autorun on drives of unknown types
0x4 - disable autostart of removable devices
0x8 - disable autostart of non-removable devices
0x10 - disable autorun of network drives
0x20 - disable autorun CD drives
0x40 - disable autorun RAM disks
0x80 - disable autorun on drives of unknown types
0xFF - disable autostart for all disks in general.

In Windows XP, by default, this key is absent (like the Explorer section itself), so you may need to create the corresponding section (Explorer) and the parameter NoDriveTypeAutoRun, which controls the startup of devices.

All changes to the registry take effect after a reboot.

3. Writing the script to the registry

The following method provides more advanced options for removing potentially dangerous system security holes, including those associated with autorun.

Create an arbitrary reg file (for example named noautorun.reg) and the following content:

Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ AutoplayHandlers \ CancelAutoplay \ Files]

«*.*»=»»

"NoDriveTypeAutoRun" = dword: 000000ff
"NoDriveAutoRun" = dword: 000000ff
"NoFolderOptions" = dword: 00000000

"CheckedValue" = dword: 00000001

@ = "@ SYS: DoesNotExist"

"AutoRun" = dword: 00000000

Then run this file, and answer "Yes" to the system's question about making changes.

Disable autorun temporarily (for example, if you do not have administrator rights), for the period of connecting the device (flash drive), you can hold down the key Shift... In this case, it is recommended to open the USB flash drive not through "My Computer" (otherwise autorun will work), but through Explorer.

2 Protecting the USB flash drive with autorun.inf

Once upon a time, to protect a USB stick from viruses, it was considered sufficient to create an empty autorun.inf file on it and assign it read-only permissions. In this case, the virus could not create its own startup file there, since such a file already existed and had the appropriate attributes.

The essence of the method is to protect a special file that is responsible for the automatic launch of the program when the disk is connected to the system.

The file is called autorun.inf. Viruses love it.

The fact is that if you write a virus to a USB flash drive, and then specify a command to launch it in autorun.inf, then the malicious program will be launched EVERY TIME the disk is connected to the system.

So, to protect your flash drive, do the following:

Step 1... Open the text editor "Notepad" (Start - Accessories - Notepad).

Step 2... Copy these lines and paste them into Notepad:

You can select the text with the mouse, copy it to the clipboard, then switch to Notepad and execute the paste command.

What do these commands mean? How does it work?

First, we delete files or folders that the virus may have managed to create by removing the security attributes from them.

These are various types of files called autorun, recycler and recycled folders disguised as a trash can.

Then, in a special way, we create the Autorun.inf folder containing a folder with the system name LPT3. Since the days of the unforgettable DOS, there are a number of names that cannot be used to name files and folders, with which you cannot carry out any operations. An example of such reserved names: LPT1, LPT2, LPT3, PRN, CONF, con, nul, AUX, COM1…. other. Try to create a folder, say PRN. Nothing will come of it. You cannot create a folder using normal Windows tools. But there is a way. It is he who is used in this script.
Line

mkdir "\\? \% ~ d0 \ autorun.inf \ LPT3" means:

mkdir- command to create a directory.
\\?\ - this is exactly what helps to create a folder with a reserved system name.
% ~ d0 \- designation of a specific directory.

If you specify f: \ instead, then you can run the script from anywhere, it will create on the f: drive.
autorun.inf and LPT3 are the names of the directories to be created.

By the way, you can delete this folder in the same way, otherwise nothing. If you want to uninstall, run on the command line:

rmdir \\? \ f: \ autorun.inf \,

where f: is the drive from which we delete the "autorun.inf" folder.

One more point: adding attributes to folders is additional protection.
Team attrib adds the following attributes to these folders: system, hidden, read-only, archive.

Step 3... Save the document to a USB flash drive in a file with the bat extension. Necessarily on a USB stick and necessarily with the bat extension. The name can be anything, for example: locker.bat

Step 4... Launch Explorer, go to your USB stick and run the file.

After launch, a folder will be created AUTORUN.INF with attributes that protect it from writing and hide it from prying eyes.

Now, if you insert a USB flash drive into an infected computer, the virus will not be able to change the autorun file. Because instead of a file, we have a folder, and even hidden and write-protected. Nothing will come of it.

But look: a virus can write itself to another location on the disk or change a file.

Therefore, do not hesitate to insert the USB flash drive into your computer and - I highly recommend - check it for viruses. The time spent on checking is not commensurate with the losses that will occur after the system is infected with a virus.

Please note: our protection only prevents the autorun file from being changed.

To protect another flash drive, vaccinate: copy the locker.bat tablet file onto it and run it in Explorer.

3. Protecting the flash drive from viruses.

The protection is very high quality, in my opinion, the best, it has been tested by time and viruses, it saves in 99% of cases!

A flash drive made in this way, after contact with an infectious laptop, or rather with dozens of laptops, will remain crystal clear. So we do it without hesitation!

1. Check the type of the file system.

Go to "My Computer", find our flash drive, right-click on it, then select " Property"And we see the following picture:

If you have the same NTFS file system as mine, then go to the next item. For those with Fat32, you need to change the file system. This can only be done with formatting.

Right-click on the removable disk and select "Format" - NTFS - Quick Format.

I hope you are aware that formatting will delete all data from the flash drive.

2. Create a folder for data.

Create an empty folder on the USB stick. For instance - ‘Data’

3. Close access to the USB flash drive.

Again open the properties of the removable disk, the tab .

We see the column "Allow" with check marks. This means that we have full access, we can easily create new files, delete, edit, and so on. Viruses are simply happy from this and skillfully use their freedom.

Since we are categorically not satisfied with this case, we press the mouse on the "Change" button. In the window that appears, remove all the jackdaws, except for " List of folder contents" and " Reading"And click" Ok ".

Thus, we have closed access to the flash drive. Now, if we want to create a new folder or file on it (or copy it), we will receive an error. It will not work to execute the function "send to removable disk". But the good news is that the virus will not be able to register on a USB flash drive in this situation.

4. Open the access rights to the created folder

We need to return all rights to the folder that we created in the root of the flash drive, otherwise it will be impossible to work with it not only for viruses, but also for us. To do this, as usual, on the folder, right-click and "Properties" - Change, and check all the boxes in the column " Allow».

After pressing the OK button, the flash drive is protected from viruses.

All data will be stored in this folder and will have full access to it. You can always delete, create, copy, rename ... or at least do anything with files and folders. But viruses (more precisely, as I immediately said, not all, but 99% for sure) will not be able to do anything, since they automatically climb into the root folder.

Remember that it is much easier to prevent a virus from entering a USB flash drive than to repair the damage later.

In this lesson I will tell you how you can protect a USB flash drive from viruses. This method will be useful for owners of flash drives with both FAT32 and NTFS file systems.

The first step is to define the file system. To do this, insert the USB flash drive into the usb port, then go to "My Computer", right-click on the removable disk icon and go to its properties. A new window will open, in which you can easily specify the file system of your flash drive.

If the flash drive belongs to one of those systems that I mentioned above, then everything is fine. If not, then it needs to be formatted. To do this, right-click on the removable disk icon and select "Format ...". In the window that appears, select "File system", put a tick on "Quick (clear the table of contents)" and click the "Start" button.

For different file systems, you need to use completely different methods of protection. Let's analyze the first method for a flash drive with the NTFS file system.

How to protect a USB flash drive from viruses (NTFS).

First of all, go to the USB flash drive and create a regular folder. The name can be given as you wish.

Then we return to "My Computer" and again go to the properties of the flash drive. Now go to the "Security" tab and click on the "Change" button. Further, for all users, we leave only 2 items "List of folder contents" and "Reading". At the end, click "Ok".

If now you want to copy or create something in the root directory of the flash drive, then you will fail and an error will pop up that you need permission to perform this operation.

But that's not all. We click on the previously created folder with the right mouse button and go to its properties. On the "Security" tab, click on the "Change" button and give "Full Control" to all users.

This is done so that we can work with this folder, for example, copy some files to it, while access to the root of the flash drive is denied.

If your flash drive is in FAT32 format, then the instructions below will help you protect it.

How to protect a USB flash drive from viruses (FAT32).

To begin with, as in the case of NTFS, the flash drive must be formatted. Only in this case we select the FAT32 file system.

The next step is to launch the "Command Line" as administrator. We go "Let -> All programs -> Standard", then click on the desired item with the right mouse button and select "Run as administrator" from the list.

We register the first command: md disk_number: \ autorun.inf. In my case, the drive name is F. Thus, we create a special startup file.

Next command: attrib + s + h + r disk_number: \ autorun.inf. By this we say that the file must be assigned attributes: system, hidden and read-only (prohibits its writing).

Of course, this is not 100% protection against viruses, but in most cases it can save you the malware that spreads through the autorun.inf file.

In this lesson, we will deal with creating restore points and restoring Windows 7.

Let's not go into details and find out why we needed to do this. I can only say that it is necessary to delete services very carefully, because serious problems may arise in the operation of the operating system as a whole. If you delete a service that is important to Windows, then it will have to be reinstalled.