Actual combat: U disk virus solution
I am introducing some methods implemented by the system itself, without using third-party software. . Friends who like to use third-party software will not discuss it.
I have already introduced the first method: use the software restriction policy to create a rule "?\\*.* is not allowed", so that even if you have a U disk virus, it will not work.
The second method is actually an extension of the first method. We have analyzed the system's processing of the autorun.inf file. We can see that there is a step.
explorer.exe reads the contents of autorun.inf and writes it to the registry. From this, we can By restricting the permissions of the registry-related key values, it is impossible to modify the registry, thereby preventing the U disk virus from running. Related registry key:
HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\*\\shell\\open
HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\ *\\shell\\autorun
HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\*\\shell\\explorer
HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\ *\\shell\\*\\Command
HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2
The specific approach is to lower these keys or directly access all users. Cancellation of permission is fine.
The third method is to use a vulnerability in Windows to create a bug folder to prevent the Autorun virus. The specific method is:
First create a folder named Autorun.inf under the U disk, and then create a BUG folder with "." in this folder, so the autorun.inf folder Can not be deleted, for example, we set up under the D drive:
First create the Autorun.inf folder under the D drive and then run CMD, enter
md d:\\autorun.inf\\test..\\
This will create a folder named "test." in the autorun.inf folder, which cannot be accessed in the Explorer, cannot be renamed, and cannot be deleted.
This method is more negative, but it is suitable for the case where the U disk is often used on someone else's machine. However, it is said that some viruses can already deal with this method.
The fourth method, which is also widely practiced, is to disable the autoplay function through Group Policy or the registry. I have been convinced of this method before, but through the recent small experiments, I found that this method is also flawed. It can only prevent some rough U disk viruses, which are actually against many viruses. Nothing. This we can do the following experiments to verify. We create an autorun.inf file ourselves, put it in the root directory of the U disk, and then COPY a NOTEPAD to the root directory of your U disk. The contents are as follows:
[autorun]
OPEN=NOTEPAD. Exe
shell\\open=open(&O)
shell\\open\\Command=NOTEPAD.exe
shell\\open\\Default=1
shell\\explore=Resource Manager (&X
shell\\explore\\Command=NOTEPAD.exe
Turn off the autoplay function from Group Policy, right click on the U disk, there is no more option in the new menu, but you double click U disk to try You will find that NOTEPAD is running. Using the right button to select Open or Explorer is the same, it will run, because autorun.inf has modified the original two functions in the right-click menu. So what is autoplay to do? I believe that many packages know that there are a lot of CDs. When you put the CD into the CD-ROM drive, you don’t need to do anything. It will pop up an interface that lets you choose what to run, or what to play. Remember Rising’s soft kill. That's it, there are some motherboard graphics card drive disk also has this function, but put the same content into the U disk, it will not automatically run when you insert the U disk, it is obvious that this function of the operating system is only effective for the CD. Is the automatic play function we know, we have turned off the auto play function in Group Policy, just do not automatically run the CD into the CD-ROM drive, but you click on the CD-ROM right button, you will find that the auto-play option still exists. So turning off automatic playback makes no sense. Here we have to pay attention to a small concept, AutoPlay (AutoRun) which is different. In order to completely shut down this function of the system, we can only start from the service. If you are familiar with the system, you will know that the system handles the automatic playback and automatic operation of the service is Shell Hardware Detection, so we only need to close the Shell Hardware Detection service, all The U disk virus is impossible to run. However, this method is not omnipotent. Because of system differences, some systems may cause the system to start slowly after the service is shut down.
Personally think that for the U disk virus prevention, the method of modifying the registry is the most effective and has no side effects.
I believe that everyones operating system has a lot of fonts, using different fonts in web design an
The file u file just bought is very fast, but after a long time of use, you will find that U disk tr
What is the process of hpzipm12.exe? Many users in the process of using WinXP system, found that the
Recently, a friend of the author encountered an upset. He found that after installing the Windows XP
Windows system file copy speed speed up tips
WinXP can't start how to migrate data with USB
Cleverly hide the drive in Windows system
5 free Windows essential tools recommended (2)
Tools under Windows XP, you know how many
Several common methods for hacking WinXP (2)
Right click menu to show/hide system files, extension
Teach you how to disable the worm to replace the explorer file
XP system format u disk prompt "windows can not complete formatting" how to solve?
WinXP: Encrypting Folders with Recycle Bin
What should I do if the win10 start menu and cortana do not work and need to log in again?
How does the win7 system access the workgroup computer need a password?
How to set up Win7 gateway? How to set up a gateway
Win8.1 can't log in to Xbox error 0xc00d11cd (0x82bbc0003) repair solution
Where is the win10 timing shutdown? Win10 set the three methods of timing shutdown
Win7 system prompts the windows main process rundll32 has stopped working how to do
How to divide the windows10 system partition?
How to choose the best tool for your virtual infrastructure?
Windows system taskbar whitening solution
The first Wp10 technology preview screenshots preemptive exposure