Sunday, April 05, 2009

Disable USB Drive

Remember the previous post where my pc was infected by a virus/worm? It was the conficker!! Or downaup virus.. No wonder so difficult to remove. Got several variants...
And very virulent!!

How to test for it? Here is a simple test. Just go to this site: http://www.confickerworkinggroup.org/infection_test/cfeyechart.html

You should be able to see the pictures below if you are not infected.
If not you better go to the site. The explanation is there.

Anyway microsoft is offering USD$ 250 000 for information that leads to the arrest of the writer of the worm.


Here is something I got from the net. Forgot where I got it. This is used to disable USB storage device. There a few tweaks to completely disable USB but for me, storage device is the main culprit for trojan and virus to spread, so this is the way. Cos if you disable USB, devices such as keyboards, mouse and etc could not be used.

A more reasonable option for sysadmins is to disable write access to USB port so that data files cannot be written to the mass storage device. The USB thumb drive will be read-only.

Open the Windows Registry and open the following key
HKEY_LOCAL_MACHINE\System\CurrentControlSet\ Control\StorageDevicePolicies

Now add a new DWORD called WriteProtect and put the value as 0 to disable write privileges to the USB port. To reverse the step, either delete the WriteProtect REG_DWORD or toggle the value to 1 which will enable the port.

Remember that the above trick works only with Windows XP SP2.

If you like to go a step further and disable users from connecting USB storage devices to their computers, here's the trick:

Open registry and navigate to the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet \Services\UsbStor

Now in the right pane, double-click Start and type 4 in the Value data box (Hexadecimal) and quite the registry editor. To enable the USB storage devices, change the Start value back to 3.

As always - back your system up before messing around in the registry.

Just open regedit and browse to this key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor

Notice the value 'Start'

Switch this value to 4, and USB storage devices are disabled.

Switch this value to 3, and USB storage devices are enabled.

Hope this helps.
Oh ya..
This few tools are a must if you are infected. Or not.
One is the windows update.
Then conficker remover.
Posted by Chun at 8:13 PM
Labels: ,

1 comment:

ur sis said...

i thought u don't believe in windows update?

disable usb drive? sounds extreme leh... why can't we just disable autorun? i use Tweak UI from Windows XP powertoys to disable autorun wor... is it enough to protect the pc?

4:22 PM

Post a Comment

Subscribe to: Post Comments (Atom)