Saturday, March 7, 2009

Cleaning Your Removable Drives

This instruction is meant for those geeks who just want to do something cool in their spare time. Many a times, we are faced with the problem of virus removal when we connect to the outside world of our computer. This also includes offline and asynchronous connectivity through removable 'pen' drives for transfer of data.

It is not uncommon to observe the fact that when we use our flash drives in different computers, they commonly get infected with viruses and we have to use commercial antivirus software to clean them or, even worse, format them and seeing all our data being wiped out.

Thus, I have devised a somewhat crude but effective technique to 'clean' your removable drives without using any antivirus software.

Actually, when our pen drives do get infected, a file known as autorun.inf gets modified. This is a hidden file in windows and as the name suggests, is automatically run whenever we insert that drive to perform any task. Commonly, virus programs hijack at this juncture leading to spreading of infection amongst different computers. In windows, a common dialog comes asking for permission from the user to select what to do in this initial stage.




Fig.1    Asking for permission from the user in normal state

Here, the drive inserted is a healthy one as it shows a removable disk icon.


But, if it is infected, the above dialog box becomes:

Fig.2    Asking for permission from the user in infected state

As soon as you select ok, the script in autorun.inf gets executed and virus starts running.

Also, the disk icon becomes with the same dangerous effects as the above dialog box.

My Remedy

I've tried to solve this through my Ubuntu operating system. It is a debian linux based human-friendly os which is surprisingly easy to use.

Here, just open terminal window to initiate command line operations that we will require firstly in order to gain the necessary permissions. To do this, we'll require the use of chmod command.

Here, just get to the root of your disk and type

chmod 777 autorun.inf

This ensures that all permissions are granted to you. Alternatively, you could modify this to suit your requirements.



Once you've gained these permissions, you can view and subsequently edit the contents of autorun.inf in a text editor.



Now, just select everything and hit the delete to wipe out everything.

Congratulations, you have deleted the malicious program from your drive.

A word of caution

If the virus was creating .exe files corresponding to every folder, then to wipe them out, just search the disk contents in windows.

Now sort these using the 'Type' tab:



Here, select the .exe files that are of the folder type 'These would have a folder icon' and delete them.

Endnote

Well, this was my solution that required some hacking. This solution is not foolproof and should work on common virus infections. Remember, these hacks are helpful if you are careful enough to observe the minute differences in infected disks and take remedial measures without allowing malicious scripts/programs to run.These in no manner are absolutely secure and have only been recently used by me in a limited number of tests. So, there remains a scope for improvement in this regard.

Do tell me about your thoughts. I'd love to ponder over them.

No comments: