How to prevent your PEN drive from VIRUS

Friends many of your PC/laptop's normally gets virus because of Pen Drives or USB devices (Even PC's who are not connected to network ). Some Virus like Ravmon Virus , Heap41a worm which are not detected by anti virus normally spreads mostly by the Pen Drives . In such a case what can you do to prevent your PC from getting infected with Virus that spreads through USB devices or Pen Drives ?

You can protect your PC by just following the simple steps below . It won't take much time.

· Connect your Pen Drive or USB drive to your computer .

· Now a dialogue window will popup asking you to choose among the options as shown
in the figure. Don't choose any of them , Just simply click Cancel.

W32/Conficker.worm Infection Cycle

The W32/Conficker.worm can infect systems via three infection vectors, via exploit MS08-067, an Autorun mechanism or by exploiting weak passwords. In addition the worm has an auto update routine to update previously infected systems .

These Infections are all multi stage processes. Involving the initial compromise,
copy files and then executing the malware.

Exploit Vector
Local network is scanned for susceptible computers. Once a susceptible computer is located the exploit is then attempted against the machine. If successful the process is hijacked and malware is copied from remote attacking machines HTTP server (random port # is used) to the localhost. At this point the machine is compromised.

How to remove Conficker and prevent re-infection

Symptoms of Conficker infection include the following:
- Access to security-related sites is blocked
- Users are locked out of the directory
- Traffic is sent through port 445 on non-Directory Service (DS) servers
- Access to admininistrator shared drives is denied
- Autorun.inf files are placed in the recycled directory, or trash bin

The following steps to remove W32/Conficker.worm and prevent it from spreading:

Download Free McAfee VirusScan Enterprise

McAfee VirusScan Enterprise protects your desktop and file servers from a wide range of threats, including viruses, worms, Trojan horses, and potentially unwanted code and programs.

This version provides these new or improved features:
- Support for 64-bit operating systems.
These features or products are not supported on
64-bit operating systems:

- Buffer Overflow Protection.
- Scanning of Lotus Notes databases.
- Alert Manager 4.7.1.

How to identify and Avoid the USB drive affected with virus

Virus and worms are easily spread by carrying it on a removable medium such as ,USB drive , I-Pod, CD, Floppy. USB drive is otherwise called as “Flash Drive”,”Thumb Drive” ,”Memory stick” ,”External USB Hard Disk”. Even though we have very good Antivirus , New Viruses are one step Ahead than Antivirus. We cannot restrict USB Drive , but we can avoid spreading of virus and worms through USB Drive. So we have to be little bit careful while working with USB Drive, some precautionary steps are follows.

How to identify the USB drive affected with virus

After Inserted USB drive

This screen shot shows the USB drive which is affected with virus

Worm - Win32.Worm.Downadup.Gen

Win32.Worm.Downadup is a worm that relies on the Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability (MS08-67) in order to spread on other computers in the local network. The authors took various approaches to make this malware especially fast spreading and hard to remove.

SYMPTOMS
Connection times out while trying to access various antivirus-related websites.
Windows Update has been disabled.
Presence of autorun.inf files in the root of mapped drives pointing to a .dll file inside the RECYCLER folder of the drive.

Virus - Storm worm (2007)

Another big Trojan attack was Storm worm that hit computers worldwide in January 2007. The Storm worm originally posed as breaking news of bad weather hitting Europe. Over time, the worm was also seen in emails with the following subjects: personal greetings, reports that Saddam Hussein is still alive, reports that Fidel Castro is dead, sexy women, YouTube, and even blogs.

Users who fell for it unknowingly became a part of a botnet. A botnet serves as an army of commandeered computers, which are later used by attackers without their owners' knowledge.

The worm infected millions of PCs worldwide and was compared to the Sasser and Slammer attacks of 2006 in terms of damage caused. On April 1, 2008, a new storm worm was released onto the Net, with April Fools-themed subject titles.

Virus - Sasser (2004)

Another worm to exploit a Windows flaw, 'Sasser' led to several computers crashing and rebooting themselves. 

Sasser spread by exploiting the system through a vulnerable network port. The virus, which infected several million computers around the world, caused infected machines to restart continuously every time a user attempted to connect to the Internet. The worm also severely impaired the infected computer's performance. 

The first version of worm struck on April 30, 2004. The worm’s three modified versions have followed it since then, known as Sasser.B, Sasser.C and Sasser.D. The companies affected by the worm included the Agence France-Presse (AFP), Delta Air Lines, Nordic insurance company If and their Finnish owners Sampo Bank. 

Virus - Blaster (2003)

Blaster' (also known as Lovsan or Lovesan) took advantage of a flaw in Microsoft software. The worm along with 'SoBig' worm which also spread at the same time prompted Microsoft to offer cash rewards to people who helped authorities capture and prosecute the virus writers. 

The worm started circulating in August 2003. Filtering by ISPs and widespread publicity about the worm curbed the spread of Blaster. 

On August 29, 2003, Jeffrey Lee Parson, an 18-year-old from Hopkins, Minnesota was arrested for creating the B variant of the Blaster worm; he admitted responsibility and was sentenced to an 18-month prison term in January 2005. 

Virus - Melissa (1999)

'Melissa' was one of the first viruses to spread over email. When users opened an attachment, the virus sent copies of itself to the first 50 people in the user's address book, covering the globe within hours. 

The virus known as Melissa -- believed to have been named after a Florida stripper its creator knew -- caused more than $80m in damage after it was launched in March 1999. Computers became infected when users received a particular e-mail and opened a Word document attached to it. 

First found on March 26, 1999, Melissa shut down Internet mail systems at several enterprises across the world after being they got clogged with infected e-mails carrying the worm. The worm was first distributed in the Usenet discussion group alt.sex. The creator of the virus, David Smith, was sentenced to 20 months imprisonment by a United States court.