熊猫USB和自动疫苗
Pedro Bustamante at 05 March 09 10:01 佩德罗布斯塔曼特在05 3月9日10:01
The Microsoft Windows Operating Systems use the AUTORUN.INF file from removable drives in order to know which actions to perform when a new external storage device, such as a USB drive or CD/DVD, is inserted into the PC. Microsoft Windows作业系统所使用的Autorun.inf文件从可移动驱动器,以便知道哪些行动来执行时,一个新的外部存储设备,如USB驱动器或CD / DVD ,插入电脑。 The AUTORUN.INF file is a configuration file that is normally located in the root directory of removable media and contains, among other things, a reference to the icon that will be shown associated to the removable drive or volume, a description of its content and also the possibility to define a program which should be executed automatically when the unit is mounted. Autorun.inf文件是一个配置文件,通常位于根目录下的可移动媒体和载,除其他外,提到了图标,将显示相关的可移动驱动器或卷,说明其内容和还可以定义一个项目,应执行的单位时,会自动安装。
The problem is that this feature, widely critizised by the security community, is used by malware in order to spread by infecting as soon as a new drive is inserted in a computer.现在的问题是,此功能,广泛critizised的安全社区,所使用的恶意软件,以传播感染尽快作为一个新的驱动器中插入一台计算机。 The malware achieves this by copying a malicious executable in the drive and modifying the AUTORUN.INF file so that Windows opens the malicious file silently as soon as the drive is mounted.达到这一目标的恶意软件复制恶意的可执行的驱动器和修改Autorun.inf文件,以便Windows打开了恶意文件默默地尽快安装的驱动器。 The most recent examples of this are the W32/Sality, W32/Virutas and also the W32/Conficker worm which, in addition to spreading via a vulnerability and network shares, also spreads via USB drives.最近的例子是W32/Sality , W32/Virutas也是W32/Conficker蠕虫病毒,其中除了通过传播的漏洞和网络共享,传播的,通过USB驱动器。
Due to the large amount of malware-related problems associated with Microsoft AutoRun we have created a free utility for our user community called Panda USB Vaccine.由于大量的恶意软件相关的问题与微软的自动运行,我们建立了一个免费的实用工具为我们的用户界称为熊猫的USB疫苗。
Computer Vaccination 计算机免疫接种
The free Panda USB Vaccine allows users to vaccinate their PCs in order to disable AutoRun completely so that no program from any USB/CD/DVD drive (regardless of whether they have been previously vaccinated or not) can auto-execute. This is a really helpful feature as there is no user friendly and easy way of completely disabling AutoRun on a Windows PC.熊猫USB接口的免费疫苗接种允许用户自己的电脑,以禁用自动运行完全没有任何计划,以便从任何USB / CD / DVD驱动器(不论他们是否此前已接种疫苗与否)可以自动执行。这是真的有用的功能,因为没有用户友好和简便的方法彻底禁用自动运行在Windows PC上。
USB Vaccination USB接口接种
The free Panda USB Vaccine can be used on individual USB drives to disable its AUTORUN.INF file in order to prevent malware infections from spreading automatically.熊猫USB接口的免费疫苗可用于对个人的USB驱动器禁用的Autorun.inf文件,以防止恶意软件感染的蔓延自动。 When applied on a USB drive, the vaccine permanently blocks an innocuous AUTORUN.INF file, preventing it from being read, created, deleted or modified.当适用的USB驱动器,该疫苗永久块无害的Autorun.inf文件,防止它被读取,创建,删除或修改。 Once applied it effectivelly disables Windows from automatically executing any malicious file that might be stored in that particular USB drive.一旦实施, effectivelly禁用Windows自动执行任何恶意文件可能存储在特定的USB驱动器。 The drive can otherwise be used normally and files (even malware) copied to/from it, but they will be prevented from opening automatically.其他的驱动器可以正常使用和文件(甚至恶意软件)复制到/从,但他们将无法自动打开。 Panda USB Vaccine currently only works on FAT & FAT32 USB drives.熊猫的USB疫苗目前只适用于发& FAT32的USB驱动器。 Also keep in mind that USB drives that have been vaccinated cannot be reversed.同时请记住, USB驱动器已接种疫苗不能得到扭转。
Download下载
Panda USB Vaccine is a 100% free utility.熊猫的USB疫苗是一个100 %免费的实用工具。 We've tested it under Windows 2000 SP4, Windows XP SP1-SP3, and Windows Vista SP0 and SP1.我们已经测试过它的Windows 2000 SP4 , Windows XP SP1的SP3中,与Windows Vista SP0和SP1 。 Feedback is always welcomed.反馈总是欢迎。 Click on the download button below to start downloading.单击下载按钮即可开始下载。
Command line Operation 命令行操作
For advanced users who wish to run Panda USB Vaccine automatically at boot to notify every time a new USB device is mounted on the system or to perform network-wide computer vaccinations via login scripts or other distribution methods, Panda USB Vaccine can be operated via command-line.高级用户使用谁愿熊猫USB接口运行时自动启动疫苗通知每当一个新的USB设备是安装在系统或网络进行的全电脑疫苗通过登录脚本或其他分配方式,熊猫的USB疫苗可以通过命令操作行。 Its input parameters are the following:其输入参数如下:
USBVaccine.exe [ A|B|C…|Z ] [ +system|-system ] [ /resident [/hidetray] ]
[drive unit]: Vaccinate drive unit [驱动单元] :接种驱动单元
+system : Computer vaccination +系统:计算机免疫接种
-system : Remove computer vaccination系统:删除计算机疫苗接种
/resident: Start program hidden and prompt for vaccinating every new drive /驻地:启动程序隐藏的和迅速的每一个新的驱动器接种
/hidetray: Hides tray icon when used with the /resident command / hidetray :隐藏托盘图标一起使用时/驻地命令
Examples: 例如:
To vaccinate USB drives F:\ and G:\, use接种疫苗的USB驱动器传真: \和G : \ ,使用
USBVaccine.exe FG
To vaccinate the computer, use接种疫苗的计算机,请使用
USBVaccine.exe +system
To vaccinate computer and prompt for vaccinating every new drive without showing a tray icon, use计算机和接种疫苗接种疫苗提示每一个新的驱动器不显示托盘图标,请使用
USBVaccine.exe /resident /hidetray +system
It could be very useful to create a Shortcut in the Startup folder to USBVaccine.exe with this last command line (or without the /hidetray) to make sure that every time you boot the computer USBVaccine gets loaded by the system and it vaccinates the computer and prompts the user for vaccinating any new non-vaccinated USB drive.这可能是非常有用的建立捷径Startup文件夹中,以USBVaccine.exe这一最后的命令行(或未经/ hidetray ) ,以确保您每次启动计算机USBVaccine被加载的系统和它vaccinates计算机并提示用户输入的任何新的接种疫苗未接种疫苗的USB驱动器。 However if you do this under Vista, UAC will block it from running at Startup as it requires admin priviledges.但是如果这样做Vista下,阻止它的UAC将运行在启动,因为它要求管理员权限。 We'll fix this in future versions.我们会解决这一问题在未来的版本。
Category: utils 分类: utils |
发表于 2009-3-7 10:48:32
发表于 2009-3-7 11:18:51
