Knowledge Encyclopedia: The principle of U disk propagation virus

U disk for virus transmission by autorun.inf file, the virus first copy itself to the u disk, and then create an autorun.inf file, when you double-click the U disk, it will Run the virus in the U disk according to the settings in autorun.inf.
If we double-click to open the USB flash drive, instead of opening it in the current window, but opening it in a new window, it may be poisoned. At this time, you can right click on the drive letter in "My Computer" to see what is the top command. If it is "Auto" instead of normal "open", then the possibility of poisoning Then increase further.
At this time, we should not open the U disk easily, because the autorun.inf file in the root directory of the U disk has been created and is changed to execute the virus program.
After figuring out the principle, let's clarify the analysis of the virus file: we can use the "tools---folder option---view" in the system to set the system folder properties to "display all files and Folder " see the autorun.inf file in the root directory of the U disk. In fact, the simple autorun.inf file itself is a system file, which is often used for the automatic operation of the CD. The content and structure are as follows:
[AutoRun]< Br> Icon=mm.ico
Open=mm.exe
shell1=Open mm.txt
shell1command=notepadmm.txt
Then after the system finds autorun.inf, the U disk icon will be displayed. For mm.ico, double click will execute mm.exe, when the right mouse button icon is right, there will be a line in the menu "open mm.txt" option, click it will open with the system's own notepad (Notepad) program Mm.txt.
Finally, let's take a look at the general processing method: hold down the keyboard shift key when inserting the USB flash drive until the system prompts "device can use ", prevent the USB flash drive from running automatically and execute the virus program, then do not double-click when opening the USB flash drive Open, do not open with the open option of the right-click menu, and use the Explorer to open it, or open the Explorer with the shortcut key win+E, open the removable device through the tree in the left column. Then open the autorun.inf file, determine the location of the virus file, and then delete autorun.inf with the virus file (usually a hidden file of *.EXE).