Organization
Mission
Green IT
Guided Tour
Opening Hours
Location
ITSC Student User Consultation Committee
Announcements
System Availability
User Areas User Guide
Location
Opening Hours
Facilities
Services
Computing ID and Password
Computer Account Application
Accounts Information Management System
Computer Resources Assignment on various Systems
Request Additional Computer Resources
Alerts, News and Events
E-mail Fraud (Phishing) Alert
Good Practices for General Users
Good Practices for Technical Professionals (Intranet only)
LAN Administrators Resources Website
Information Security Policies (Intranet only)
Useful Tools and Links
Anti-virus Software - Kaspersky
CUHK Certificate Authority (CA)
FAQ
Glossary
Report IS Incidents
eLearning
High-performance Computing
iHome - CUHK Community Homepage Server
Logic - General Purpose UNIX Server
PC LAN Services at User Areas
System Maintenance Schedule
Computer Equipment Acquisition (Intranet only)
Software Licensing
University-wide Software Standards
Services to Department
Departmental Technology Solutions
Learning and Multimedia Technologies
University Administration Systems
AMSD Forms
MyCUHK
CU Link
ITSC Training Courses
Training Room Booking
Application Forms
Print Account Management System
eSurvey System
ITSC Digest
User Guides
E-Card Service
Posters and Wallpapers
Internet Applications
Campus-wide E-mail (CWEM)
CU Net-TV
More..
Campus Network
ResNet
ClassNet
Wireless LAN(Wi-Fi)
Off-Campus Access
VPN
Wi-Fi Hotspot Partnership Programme
Internet and Other Links
The Chinese University of Hong Kong Information Technology Services Centre 資訊科技服務處 香港中文大學
bullet Alerts, News and Events
bullet Good Practices for General Users
bullet Good Practices for Technical Professionals (Intranet Only)
bullet Information Security Policies (Intranet Only)
bullet Useful Tools and Links
bullet FAQ
bullet Glossary
bullet Report IS incidents
   
     
Background

A new trend of virus spreading onto computers through USB flash drives is observed among campus users, who frequently transfer files between personal computers with USB memory devices or removable hard disks. The situation is quite similar to few years ago that users used floppy diskettes. General users need to be more cautious about using these types of devices against virus infection.

This document, focusing on trouble-shooting infected computers with viruses spread through USB drives, considers some simple preliminary guidelines and tips on preventing computers from virus infections.

 
Content
1. Scenario of computer infected virus
  a. Viruses spread from USB flash drives to computers
  b. Viruses spread from computer to USB flash drives
2. Computer checking
3. Virus cleaning
4. Preventions
   
1. Scenario of computer infected virus through USB flash drives
  i. Viruses spread from USB flash drives to computers
    A file, autorun.inf, may be the initial critical point and its characteristic will call up system to execute the embedded instructions. Almost all USB viruses are invoked from this file and hidden from directory listing so that users are not be aware of the virus files, like ghost.pif. Once an external USB flash drive carried this kind virus, like a USB flash memory attaching to a computer, the autorun.inf will invoke malicious instructions and transfers virus onto that computer.
    Another typical situation will be a user’s habit. One scenario we caught is through opening [Start] -> [My Computer] and then “double click” to open USB flash drives. This is a new known virus variation to attack computer operating system and malicious instructions in the antorun.inf that will execute quietly after “double click” the USB flash drive.
  ii. Viruses spread from computer to USB flash drives
    Since viruses can keep silent in one computer and spreads itself to someone who uses USB flash memory on that computer. The autorun.inf carried malicious instructions (virus) can write back from computer to USB flash drive quietly. The execution quite depends on the virus behavior.
   
2. Computer checking
  Below are the steps to check whether a computer has been infected by a USB virus
  i. Prepare a clean USB flash memory stick that should not have autorun.inf.
  ii.. Plug the clean USB flash memory into a suspected computer and wait some time.
  iii. Then use DOS command ([Start] a [All Programs] a [Accessories] a [Command Prompt] ) to check the USB flash drive again. The command is “type autorun.inf” which is a hidden file and may embed number instruction codes. (Please see below.)
  iV. If you find autorun.inf which embeds instruction commands, then it is no doubt that the computer has been infected one kind of USB virus.
       
3. Virus cleaning
  If a computer is suspected to be infected USB virus, users can follow the following steps:
  i. Re-scan the whole computer by an anti-virus software* which should have been installed with the most updated virus pattern files.
  ii. Delete those virus files on computer and the USB flash drive.
  iii. Repeat the steps listed at “2. Computer Checking”
  iv. Scan all USB flash drives
  * Install anti-virus software and update virus pattern files
   
  University’s staff and students are entitled to obtain a FREE copy of Trend Micro's PC-cillin anti-virus software and strongly recommended to install the software on their computers with regular update of virus pattern files.
  i. Acquire an anti-virus software campus site license at here
  ii. The pattern files are supposed to be downloaded regularly. Manual download can be obtained at "Virus Pattern Files / Cleanup Templates” at here
       
4. Prevention
  a. Disable autorun.inf on a local computer
    Disabling Auto-Run is something we recommend that everyone should do for security from viruses and spyware. Referring to above scenarios of virus infection, there are two suggestions for prevention.
    i. Edit Windows XP, Windows Registry
      ([Start]-> [Run] -> Type “regedit” -> [OK])
HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Policies\Explorer
NoDriveTypeAutoRun = dword:ffffffff
(More information can be obtained at here) Restart and test the disable of Autorun.
       
    ii. DO NO Double Click any USB flash drive
      Users need to adapt a new habit to [Right click] a USB flash drive in [My Computer], instead of “Double Click”. Then select [Explore] to view the file directory of the device.
  b. Scan through a computer and all USB flash drives regularly
   

It is important to protect computers against viruses and malicious programmes attack. Users are strongly recommended to install an anti-virus software and regularly update its virus pattern files. PC-cillin is a copy of anti-virus software covered by university campus site license scheme. Go through the steps listed at “3. Cleaning Virus”.

Meanwhile, some web-based tools developed by trusted anti-virus software company may give assistance in remote scanning for malware and vulnerabilities on a computer, and then identifying security threats and giving a report.

    Trend Micro - HouseCall ? Free Scan at here
    Kaspersky Lab. - Kaspersky File Scanner at here
    Symantec TM – Security Check at here
     
 

Need Help?
For comments and enquiries about this service, please write to the ITSC Electronic Helpdesk at
http://helpdesk.itsc.cuhk.edu.hk