usb flash drive - How to remove Write Protection appears due to a virus

At school, there is a large network with lots of non-technical minded people and lots of viruses. How can I protect my flash drive from these worms and viruses so I don't bring them home and infect my home computers?

• Configure your home pc to never autorun USBs when they are mounted
• Keep a policy to never get home executable programs from school
  • get compilable sources and recompile :-)
  • if you need tools from the web download straight from home
• Keep the USB connected at school for a minimum time when transferring data

Of course, if you are happy with moving data from home to school
and never want to get any back home.
Just format the USB every time you get it back from school.

I actually just use a small SD card reader and an 8GB SD Card. I set the locked switch on the SD Card so that nothing can jump onto this card.

I did look for a large capacity Flash/USB drive with a lock switch, but they're hard to find these days.

See

http://answers.Yahoo.com/question/index?qid=20090616091607AApD6Zy)

for a link. I would've posted it, but have signed out of OpenID, and apparently unregistered/new users can only post one link in a message. And, reading the Yahoo page will be quite useful.

The "unmodifiable" autorun.inf is actually: a) a directory named autorun.inf with SHR attributes that, b) contains a very strange file, named "lpt3.This folder was created by Flash_Disinfector", which can neither be copied, deleted, or renamed by Windows. If I remember correctly, documentation somewhere says that the only way to remove this unmodifiable autorun.inf folder is by formatting the drive. However, Linux is not subject to these restrictions, and can easily copy/move/rename the folder.

Flash_Disinfector.exe is actually a RAR-SFX (self-extracting) archive. One of the archive's contents, nircmd.exe - which is used to silently execute commands - might trigger your existing security software.

Try Panda USB Vaccine.

One of the main suggestions would be to ensure that you have up to date antivirus software on your home computer. There are many free solutions out there including the popular AVG free anti-virus.

You can test basic functionality if you are concerned by downloading the Eicar test file to check if it is detecting nasties. Simply save the Eicar file onto your flash drive from school, take it home and see if your antivirus detects it when you plug it in or if you go to open the file. It is NOT a virus, it is just a file which contains a certain string of text that the majority of antivirus programs have been programmed to recognise as a virus for testing purposes.

Obviously, nothing will completely stop viruses so only copy from your school network what you really know about.

Does your school network have antivirus software running on all the computers? Again, you could test this by downloading the Eicar test file above and try to open it.

Use a virus scanner and a personal firewall, don't enable sharing on any of your drives and don't let others use your flash drive.

There's a simple way: you can protect your flash's root so viruses will fail to modify autorun.inf, as MOST of them do. ACLs will help! You must have NTFS filesystem there to have ACL enabled.

"Flash_Disinfector.exe" works in a way sort-of similar to Panda USB Vaccine, by creating an unmodifiable autorun.inf entry in the root of partitions and pen drives.

There is, however, one scenario in which the protection afforded by an unmodifiable autorun.inf can be bypassed. There's an infection - which may be called "New Folder.exe" - that scans flash drives, and creates copies of itself in every directory, giving those copies the same name as the directory. Even with an unmodifiable autorun.inf, it is possible to mistakenly execute the malware's copies...

In short: a) keep one's own computer clean, b) disable autorun/autoplay c) always launch pen drives from Start->Run or the address bar in Windows Explorer d) ensure that hidden files and file extensions are viewable.