Jump to content
Posted 06 February 2011 - 07:29 PM
Posted 09 February 2011 - 08:44 PM
Posted 09 February 2011 - 08:50 PM
Posted 10 February 2011 - 09:45 AM
Posted 11 February 2011 - 05:00 PM
So it should be normal? Avira blocks all the programs that are meant to help as well, y'know the ones that stick autorun.inf files on your comp and usb to prevent infection. Wait... if an autorun.inf is already built into the USB, how would it even get infected?
Autorun is the feature (functionality) built into Windows that enables a CD-ROM drive or a fixed drive to specify a program to be started immediately upon the connection of the drive. Autorun will automatically run a program specified by the file autorun.inf whenever a CD-ROM or DVD is plugged into a Windows-based computer. Autorun is intended as a convenience to automatically start an installer when removable media is inserted into the computer but can be used for both legitimate and malicious purposes.
For flash drives and other USB storage, autorun.ini uses the Windows Explorer's right-click context menu so that the standard "Open" or "Explore" command starts the file. Some types of malware can modify the context menu (adds a new default command) and redirect to executing the malicious file if the "Open" command is used or double-clicking on the drive icon.
AutoPlay is the feature (functionality) built into Windows that detects and examines the content (Pictures, Music, Video files) on the CD-ROM, or other removable media and then launches an appropriate application to play or display the content. Each media type can have a set of handlers registered with AutoPlay which can deal with playing or displaying that type of media. AutoPlay can also give the user options based on the media type of files found. As a part of its functionality, Autoplay makes use of AutoRun but instead of automatically looking for autorun.inf, it considers the event in conjunction with the various programs registered on the computer. When you try to play a CD or another media type that uses autorun, AutoPlay asks you to choose to play the autorun content or to skip it.
- What's the difference between AutoPlay and AutoRun?
- Difference between AutoPlay and AutoRun?
- CD/DVD/USB AutoPlay/AutoRun basics
Tools to deal with and remove suspicious autorun.ini files:
Posted 11 February 2011 - 06:28 PM
Posted 15 February 2011 - 07:14 PM
I just can't feel comfortable using any of the programs you suggested. They all get blocked by Avira (except for Panda which I haven't tested) and have had multiple people give reviews stating they contained trojans. Is there any way I can look at it in wordpad without executing it and find out if it's malicious?
A flash drive (usb, pen, thumb, jump) infection usually involve malware that modifies/loads an autorun.inf file into the root folder of all drives (internal, external, removable) along with a malicious executable. When removable media is inserted (mounted), autorun looks for autorun.inf and automatically executes the malicious file to run silently on your computer.
Posted 15 February 2011 - 07:50 PM
[Autorun] Open=StartPortableApps.exe Action=Start PortableApps.com Icon=StartPortableApps.exe Label=PortableApps.com
Posted 15 February 2011 - 09:30 PM
The heck, avira blocked me from opening in notepad too?!
The autorun.inf file can be opened using a text editor (i.e. notepad) by right-clicking on it and choosing Open With in the context menu. This allows you to read its contents which would look similar to this example:[Autorun] Open=StartPortableApps.exe Action=Start PortableApps.com Icon=StartPortableApps.exe Label=PortableApps.com
Who is the manufacturer of your USB drive? You can check the vendor's web site which in most cases provide information if they include an autorun.inf file (or any other files) on their flash drives.
Edited by VicVegas, 15 February 2011 - 09:33 PM.
Posted 15 February 2011 - 09:54 PM
0 members, 0 guests, 0 anonymous users