Windows XP/7: How to Prevent Flash Drive Viruses Forever!

One of the most common ways for offices to get a virus outbreak is through flash drives.  For some reason many of the big anti-virus companies haven't tarket flash drive viruses and instead focus on web browsing and emails.  Fair enough, but the flash drive solution is rather simple:

How do viruses spread through flash drives?  Through a "feature" in Windows that allows software to automatically and easily run from a flash drive, CD or DVD simply by inserting it in the computer.  On a more technical note, Windows looks for a file called autorun.inf that maps the execution out for the user.

The problem is that viruses can replace or create autorun.inf to run malicious programs from the flash drive.  I say the tradeoff of convenience over security is not worth it, so let's disable Window's use of autorun.inf and forever be rid of the problem with flash drive viruses!

There used to be a registry script that would make this possible, but it seems the Microsoft has embraced the move to disable autorun.inf, so the solution is rather straight forward.

For very technical background info, read this page from Microsoft.

Down the middle of the page you'll see a button saying "Fix It" under the heading "Disable Autoplay".  This is the one you want.  Or simply click here to directly install it.

That's it!  No more viruses!

To clean existing flash drives, I have found Microsoft Security Essentials to do the best job.  I don't know why, but McAfee and other big anti-virus brands just don't seem to care what's on your flash drive.

Can't install Microsoft Security Essentials (Error Code 0x80070643)

Problem:  You can't install Microsoft Security Essentials and get an error coder 0x80070643.

First, be sure to go through these steps.

But when I found that this didn't help, I kept digging and realized I have was having other problems including not being able to open the Management Console or searching from the start menu.  Error 1606 also appeared in the event log.

That's when I came across KB886549, which addresses some registry settings pointing to user profile locations. Just run the "Fix it" button and you're set and should be able to install Microsoft Security Essentials.

Unhide Folders Hidden By a Virus

Problem:  a virus reached your flash drive (maybe even your entire computer) and hid all you folders.  You may even see that your folders have been replaced by a shortcut icon (one with a black arrow in the lower corner).  After removing the virus, the folders can't be unhidden and the property check boxes do not respond.

Solution:  Use a command prompt to change the attributes.

1)  Open the command prompt by going to Start > Run and typing "cmd".  A black screen will open.

2)  Type attrib -s -h /S /D x:\

NOTE:  x:\ should be the drive indicating your flash drive that has the hidden folders.

Open the flash drive again and your folders should now be visible again.

Skype Virus Automatically Sends Facebookgallery.info links

Here's how you get infected: 

One day you're on your computer and you get a message from a friend asking you to look at these crazy pictures of them, making sure they look okay (there are other variants of this message).  The links points to a site called facebook.info, in the example below it's http://srv06.facebookgallery.info:89/.  You click the link and accept all the prompts after that and the next think you know, those same messages are being sent from you to friends on your Skype list.

The following example says "I can't believe I got tagged in this picture!!  Do you think I look ok?"

What's worse it that you can't download the regular virus-removal tools because when you click to download one, you get a page that says "Google Error.  Not Found.  The requested URL /Files/ProcessExplorer.zip was not found on this server".  NOTE:  This came up when I tried to download Process Explorer to stop services.  See below:

Also, if you already have tools available, they close shortly after opening. 

Here's how to remove it:

1)  Edit the hosts by going to Start > Run... and entering the following:
 notepad "C:\Windows\System32\drivers\etc\hosts"

2)  Scroll down a little ways and delete everything at the bottom.  It's going to be a bunch of garbled text.  After deleting, then save the changes. 

NOTE:  If you're not comfortable with this, you can try HostXpert, but you'll have to download it on another computer and transfer it to the infected computer before you can use it.  Just run it and click "Restore MS Hosts File"

3)   The above steps get rid of the Google Error pages, so now you're free to download any tool you wish to fight this thing.  I used ComboFix to get rid of this thing.  Download it to your desktop and rename it to "nothing.exe" -- otherwise the virus will recognize it and close it automatically.

4)  Run "nothing.exe" and accept everything it wishes to do and you'll be virus-free soon.  It may require a restart.

Sometimes an extra step is needed if you lose your internet connection after performing these steps.  Right-click the My Computer icon and go to Properties.  Click on the Hardware tab and click the Device Manager button.  In the list under Network Adapters you'll see two copies of each of your network devices.  Uninstall the copy without the exclamation point next to it -- it'll remove both copies from the list.  Then go to Action > Scan for hardware changes.  Windows should detect your network device drivers and get you going again.