How To Permanently Protect USB Flash Drive From autorun.inf

Summary

Simply create a folder named autorun.inf on the root(topmost) of your USB flash drive.

Or you can download this autorun-protect.bat file and place it inside your usb, then run it

Note: adding files or folder inside this autorun.inf folder makes it more secure.

Note: in case you don't get the comics, they are just jokes

Story

After years(around 4 years I think) of using this method, it gained my trust and it really works. Without autorun.inf, viruses are basically immobile, unless you run them manually.

What are the disadvantages?

• You can't edit and use autorun.inf functions like:
  • run an application when flash drive is inserted to pc
  • Custom icon of flash drive on my computer
• When the usb flash drive is plugged in to a computer, the autoplay of windows will run, scanning each file to create a suggestion of what to do with the flash drive. If your flash drive or portable hard drive is too big, it will take long. So be quick and cancel it cause it doesn't really give nice suggestion anyway

How does it work?

Most viruses are created to treat autorun.inf as a file, not a folder.

If it tries to delete, it, it may use cmd del, which will delete the contents of the folder, NOT the folder.

After thinking it is deleted, the virus may try to overwrite it, which fails, because it is a folder, not a file, and file functions will fail. Overwriting it with a file will also fail if you try it manually. (note: on cmd, the correct command is rmdir and rd, not del) Much better, when the autorun.inf folder still has contents inside it, even rd and rmdir won't work.

Common Scenarios

When the autorun.inf folder becomes visible again, this means the usb got attacked.

To cure this:

• right click on the autorun.inf folder
• click on properties
• See the type
• If it's a folder, then the virus failed, but the *.exe can still be there so be warned
• If it's an application, Delete it, cause it's actually autorun.inf.exe
  • The virus that attacked creates an *.exe application that pretends to be a folder. It hides your original folder and runs the virus when clicked, then open the folder, making you think that it's a real folder. You need to delete all folder-pretending application, then change all the hidden folders visibility using attrib on cmd(I may post another post about that)

---- WARNING! Non-Geeks please proceed to conclusion :). For techies go on reading ;) -----

The code

The code inside autorun-protect.bat is:

cd / attrib autorun.inf -R -H -S del autorun.inf mkdir autorun.inf attrib autorun.inf +R +H +S

cd / Go to the root directory of your flash drive

attrib autorun.inf -R -H -S remove the protection of the current autorun.inf file, which could be a virus

del autorun.inf Deletes the current autorun.inf, if it ask you if you want to delete autorun.inf/* that means you already have the folder, and you don't need to this anymore

mkdir autorun.inf Creates the folder named autorun.inf

attrib autorun.inf +R +H +S To create less distraction, hide this folder and make it a system file

Conclusion

That's all, as far as I my experience on it, I only got struck hard by a virus on a computer (already there before I plug my usb flash drive) that deletes all files(or deallocate my usb flash drive volume).

Using this method, you have lesser things to worry about. Plugging your USB won't infect your flash drive, however it can be attacked by the virus already inside that computer. Your flash drive can also be filled with virus files, but it won't autorun. You can plug on a virused computer and a non-virused computer without (almost)automatically spreading it.

Note: "replacing a file with folder" always work to get rid of applications that always go back. Such us windows genuine warning, viruses that reproduce itself like sowar in my post on How I fought sowar virus without antivirus.