CN101944169A - Immune method for self-starting viruses of USB removable storage devices - Google Patents
Immune method for self-starting viruses of USB removable storage devices Download PDFInfo
- Publication number
- CN101944169A CN101944169A CN2010102330563A CN201010233056A CN101944169A CN 101944169 A CN101944169 A CN 101944169A CN 2010102330563 A CN2010102330563 A CN 2010102330563A CN 201010233056 A CN201010233056 A CN 201010233056A CN 101944169 A CN101944169 A CN 101944169A
- Authority
- CN
- China
- Prior art keywords
- file
- immune
- self
- folder
- inf
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses an immune method for self-starting viruses of USB removable storage devices. The method comprises the following steps of: closing the self-starting function of the removable storage device by adjusting system settings; creating three immune file folders with the names of 'atuorun.inf', 'desktop.ini' and 'folder.htt' respectively, and an immune file with the name of 'recycled', at the root directory of the USB flash disk or removable magnetic disk; and creating an immune file with special protection property in each immune file folder. The method has the advantages of guaranteeing that the malicious files or directories are not created in the USB removable storage devices and effectively rejecting the viral files running virus programs or malicious deceptions by the self-starting files.
Description
Technical field
The present invention relates to field of information security technology, particularly relate to a kind of immunization method at USB movable storage device self-starting virus.
Background technology
Along with the widespread use of USB movable storage device, USB flash disk and mobile disk become a kind of main carrier of " moving class automatically " or " forging the deception class " virus disseminating.This viroid is set up an autorun.inf file and related with virus document under the root directory of USB flash disk or mobile disk, or set up virus documents such as some desktop.ini, folder.htt, recycled, cheat those computing machine general knowledge is understood few user.When the user double-clicked USB flash disk or mobile disk in Windows operating-system resources manager, operating system was moved Virus automatically according to the association of autorun.inf file; Or mislead the user and initiatively click the virus document of having forged, thereby infect computers system.
Summary of the invention
At the problems referred to above, the technical problem to be solved in the present invention provides a kind of immunization method at USB movable storage device self-starting virus, and this method can solve problems such as infecting " moving class automatically " or " forge deception class " virus by USB flash disk or mobile disk.
Technical scheme of the present invention is:
A, by the Adjustment System setting to close the autorun.inf self-starting function;
B, under the root directory of USB flash disk or mobile disk, create 3 " autorun.inf " by name respectively, the immune file of " desktop.ini " and " folder.htt ", and the immune file that is called " recycled ";
C, under each immune file, all create an immune file with special protection attribute.
Further, among the step b, when USB flash disk or mobile disk insertion computing machine, system can identify the mobile device that has inserted, whether there are autorun.inf, desktop.ini, folder.htt immunity file and recycled immunity file under the root directory of this method detection USB flash disk or mobile disk:, then delete this document folder or file if exist; Otherwise, carry out immune operation, that is: set up the file of " autorun.inf ", " desktop.ini " by name, " folder.htt " and have special protection recycled file;
Further, autorun.inf, desktop.ini and folder.htt file and Recycled file are set up in order to prevent that autorun.inf of the same name with it, desktop.ini and folder.htt file and Recycled file are created;
The autorun.inf file is a USB movable storage device self-starting file, and this document is utilized by virus document easily and carries out association; The desktop.ini file is file and desktop configure file, and this document is utilized and is configured by virus document easily; The folder.htt file is the file template file, and this document can influence the display icon of file; The Recycled file is a disk recycle bin file, and this document folder can be modified to execute file and mislead user's click;
Further, among the step c, the immune file of described special protection attribute is to prevent to be deleted by malice by revised file attribute and file name.
This method can guarantee that the USB mobile device no longer is created malice file or catalogue, and refuses effectively by the Virus of self-starting running paper or the virus document of malice deception.
Description of drawings
Fig. 1 is the concrete enforcement figure of the immunization method of USB movable storage device self-starting virus of the present invention.
Embodiment
Below in conjunction with drawings and Examples technical scheme of the present invention is described in detail.
The invention provides a kind of immunization method at USB movable storage device self-starting virus.After the USB mobile device inserted computing machine, this method can find in time whether this disk exists immune file and file: if do not have immune file and file, then implement immunization method, thereby ensure that user machine system is not by virus infections.
Further be illustrated with an application example of the present invention below.
Present embodiment provides a kind of immunization method at USB movable storage device self-starting virus: this method is at first forbidden the USB mobile device and is moved automatically; When the USB mobile device inserts computing machine, this method receives the USB mobile device insertion message " DBT_DEVICEARRIVAL " that operating system sends, whether exist in the USB mobile device that detection is inserted then and immune file and file file and file existence of the same name, do not exist and to carry out immune operation and authority is set.
Should be with in the example, the concrete enforcement behind the USB mobile device insertion computing machine comprises the steps: as shown in Figure 1
One, forbids that the USB mobile device moves automatically
Revise registration table, forbid the mobile disk automatic playing function
Revise registration table:
“HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explore”
“HKEY_LOCAL_MACHINE\Software\Microsoft\WindoWs\CurrentVersion\Policies\Explorer”
“HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer”
" HKEY_USERS S-1-5-18 Software Microsoft WindoWs CurrentVersion Policies Explorer " " HKEY_USERS S-1-5-19 Software Microsoft Windows CurrentVersion Policies Explorer " " HKEY_USERS S-1-5-20 Software Microsoft Windows CurrentVersion Policies Explorer " under " NoDriveTypeAutoRun " key assignments be " 0xdf " 16 system numbers.
Show all hidden files and show system files
Revise registration table:
" HKEY_LOCAL_MACHINE Software Microsoft Windows CurrentVersion Policies Explorer Advanced Folder Hidden SHOWALL " under " CheckedValue " key assignments be " 1 ".
Set up immune catalogue and immune file
Receive WM_DEVICECHANGE message
When the USB mobile device inserted computing machine, whether the type of message that this method system that receives sends was USB mobile device insertion message " DBT_DEVICEARRIVAL ";
Judge whether to exist immune file
After receiving message " DBT_DEVICEARRIVAL ", judge whether the root directory that detects the USB mobile device that inserts exists and immune file and file file and file existence of the same name.The name of immunity file becomes " desktop.ini ", " folder.htt " and " autorun.inf ", and the name of immune file is called " recycled ".If exist, then delete this document.
Set up 3 layers of immune file and immune file
Behind already present file of deletion and file; set up the immune file of 3 " desktop.ini ", " folder.htt " by name, " autorun.inf " and the immune file of " recycled " by name; in its 3 files, set up 12 grades of folder name and be " immune catalogue do not delete xff.. "; wherein comprise a special character " xff " in the folder name; this character is the special protection character of setting up in order to prevent the deletion of viral malice, sets up 3 grades of folder names again and be " three grades immune catalogue xff.. " behind 2 grades of files.
Immune file access rights (only coming into force under the NTFS disc format) are set
After setting up immune catalogue, and the attribute of each grade catalogue is set to hide, read-only and system user authority.
Claims (4)
1. the immunization method at USB movable storage device self-starting virus is characterized in that, comprising:
A, close the autorun.inf self-starting function by Adjustment System setting;
B, under the root directory of USB flash disk or mobile disk, create 3 " autorun.inf " by name respectively, the immune file of " desktop.ini " and " folder.htt ", and the immune file that is called " recycled ";
C, under each immune file, all create an immune file with special protection attribute.
2. the immunization method of self-starting virus as claimed in claim 1, it is characterized in that: among the step b, when USB flash disk or mobile disk insertion computing machine, system can identify the mobile device that has inserted, whether there are autorun.inf, desktop.ini, folder.htt immunity file and recycled immunity file under the root directory of this method detection USB flash disk or mobile disk:, then delete this document folder or file if exist; Otherwise, carry out immune operation, that is: set up the file of " autorun.inf ", " desktop.ini " by name, " folder.htt " and have special protection recycled file;
3. the immunization method of self-starting virus as claimed in claim 2 is characterized in that: described autorun.inf, desktop.ini and folder.htt file and Recycled file are set up in order to prevent that autorun.inf of the same name with it, desktop.ini and folder.htt file and Recycled file are created;
4. the immunization method of self-starting virus as claimed in claim 1 is characterized in that, the immune file of described special protection attribute is to prevent to be deleted by malice by revised file attribute and file name.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102330563A CN101944169A (en) | 2010-07-22 | 2010-07-22 | Immune method for self-starting viruses of USB removable storage devices |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102330563A CN101944169A (en) | 2010-07-22 | 2010-07-22 | Immune method for self-starting viruses of USB removable storage devices |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101944169A true CN101944169A (en) | 2011-01-12 |
Family
ID=43436157
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010102330563A Pending CN101944169A (en) | 2010-07-22 | 2010-07-22 | Immune method for self-starting viruses of USB removable storage devices |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101944169A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103365664A (en) * | 2013-07-23 | 2013-10-23 | 苏州汉清计算机有限公司 | Software running program for mobile storage equipment |
| CN104866787A (en) * | 2014-02-25 | 2015-08-26 | 中国银联股份有限公司 | Mobile equipment based on data interface recognition |
| CN107016285A (en) * | 2016-10-17 | 2017-08-04 | 深圳市安之天信息技术有限公司 | One kind propagates malicious code Activity recognition method and system using move media |
| CN113177207A (en) * | 2021-04-27 | 2021-07-27 | 顶象科技有限公司 | Virus immunization method and device and electronic equipment |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050228836A1 (en) * | 2004-04-08 | 2005-10-13 | Bacastow Steven V | Apparatus and method for backing up computer files |
| CN101178762A (en) * | 2007-12-18 | 2008-05-14 | 唐璐峤 | Method for inhibiting virus spreading through movable memory apparatus and movable memory apparatus thereof |
-
2010
- 2010-07-22 CN CN2010102330563A patent/CN101944169A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050228836A1 (en) * | 2004-04-08 | 2005-10-13 | Bacastow Steven V | Apparatus and method for backing up computer files |
| CN101178762A (en) * | 2007-12-18 | 2008-05-14 | 唐璐峤 | Method for inhibiting virus spreading through movable memory apparatus and movable memory apparatus thereof |
Non-Patent Citations (2)
| Title |
|---|
| 《电脑与电信》 20100310 陈万等 "浅析U盘病毒的攻防策略" , 2 * |
| 《电脑爱好者》 20051115 软件DIY "系统蓝色档案(六)系统中的"奇怪"文件" , 2 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103365664A (en) * | 2013-07-23 | 2013-10-23 | 苏州汉清计算机有限公司 | Software running program for mobile storage equipment |
| CN104866787A (en) * | 2014-02-25 | 2015-08-26 | 中国银联股份有限公司 | Mobile equipment based on data interface recognition |
| CN107016285A (en) * | 2016-10-17 | 2017-08-04 | 深圳市安之天信息技术有限公司 | One kind propagates malicious code Activity recognition method and system using move media |
| CN107016285B (en) * | 2016-10-17 | 2019-11-05 | 深圳市安之天信息技术有限公司 | It is a kind of to propagate malicious code Activity recognition method and system using move media |
| CN113177207A (en) * | 2021-04-27 | 2021-07-27 | 顶象科技有限公司 | Virus immunization method and device and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP2375341A1 (en) | Method and apparatus for controlling operation of document | |
| EP2428894A1 (en) | Private application clipboard | |
| EP2966584B1 (en) | Information processing system, information processing apparatus, method of administrating license, and program | |
| CN102236764B (en) | Method and monitoring system for Android system to defend against desktop information attack | |
| US20130067577A1 (en) | Malware scanning | |
| CN106611123A (en) | Method and system for detecting 'Harm. Extortioner. a' virus | |
| US9053333B2 (en) | Managing confidential information | |
| CN106845222A (en) | A kind of detection method and system of blackmailer's virus | |
| CN102142069B (en) | Method for hiding folders | |
| KR101806499B1 (en) | Method for managing files and apparatus using the same | |
| EP2555133A1 (en) | Thin-client system, access control method, and access control method in same | |
| JP2017527864A (en) | Patch file analysis system and analysis method | |
| CN101944169A (en) | Immune method for self-starting viruses of USB removable storage devices | |
| US9418232B1 (en) | Providing data loss prevention for copying data to unauthorized media | |
| CN103577417B (en) | The method and apparatus for clearing up desktop | |
| US9940447B2 (en) | Managing application access to certificates and keys | |
| CN102479296A (en) | Virus and Trojan prevention method for USB (Universal Serial Bus) flash disk data | |
| CN102541763A (en) | USB (Universal Serial Bus) flash disk capable of preventing files stored therein from being copied without authorization | |
| JP2020004220A (en) | Information processing apparatus, client terminal, control method, and program | |
| CN101894243A (en) | Immunization method of malicious plugins aiming at network browser | |
| WO2015081836A1 (en) | Method and device for virus identification, nonvolatile storage medium, and device | |
| CN110597576B (en) | File remark processing method and system | |
| US20160188616A1 (en) | Method and an apparatus and a computer program product for storing electronic objects for offline use | |
| KR101458149B1 (en) | Method of Controlling File With Backing-up Hidden Files | |
| CN102110214A (en) | Method and device for preventing viruses in mobile memory from infecting computer |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20110112 |