Tuesday, November 27, 2007

How to remove Imgkulot and How to Avoid infecting your Harddrive and Other Storage Devices (Part 2)

Preventing imgkulot from Spreading / How to avoid infecting your storage device

Prevention is still the best way to stop this virus. Since there are already variants (variations) of this virus- I encountered so far 'kulitot' and 'bungoton' - the remover I mentioned above will not work on these two variants, however it can remove another variant known as 'Peanuts'.

Also, bear in mind that the 'Autorun.inf' file is a normal Windows instruction file that once you double click on any drive with 'Autorun.inf', it will automatically run or execute whatever commands or script written there. This feature has been used primarily by installer CDs that runs the installation program once you enter or double click on a CD drive. However, since it works as well on a fixed drive and any other storage device such as your flash disk or memory cards, this feature has been exploited by virus makers, such as 'imgkulot' , RavMon and among others. And by simply double clicking your storage device, you have infected the PC that you are using. And once you insert a clean flash disk or other removable storage device, it becomes infected as well. And once that infected storage device is inserted into another PC, it could be infected as well.

Now, before you decide to reformat your PC, and all of your removable drives, digital cam-memory cards and even your cell phone... DON'T! Reformatting will only wipe out your data, including the precious pix of the first born of your pet tarantula! First, if your PC or flash drive is infected by imgkulot, and if you haven't done it yet, read the first part of this blog. Then read along on how to avoid getting infected

To Double Click or Not to Double Click. It is a common practice that we double click on a drive that we want to access. In fact double clicking has already become a habit. (Am I right? or Am I right?) But in this days that such a common action has been exploited already, I think it's high time to break that habit.

When you right click a drive , a pop menu will come out. The figure below is the pop-up menu of a drive that has no Autorun.Inf.

Figure 1. Pop-up Menu of a clean drive.

And when you right click an infected storage device, the pop-up menu would look like this.

Figure 2. Infected drive

If you see the figure above (Figure 2.), refer to the first part of this article and remove the virus. However, if you really need to open the drive for some reasons, you can still open your drive.

WARNING! If you are planning to open your flash drive or other memory device in this computer, DON'T! Remove the virus first! If this is not your computer, tell the owner. If you're in an Internet cafe, tell the person in charge that their pc is infected. If you are willing to take the risk though, read on.

To access your infected drive or storage device without running the autorun.inf , Click the Folders option from the windows toolbar. (see Figure 3). A sidebar will then appear similar to Figure 4. From that sidebar, you can now safely access your drive.

Figure 3. Using the Folder Side Bar


Figure 4.

PRECAUTIONS:

1) When inserting a storage device into your computer. Specially if its not yours, Do not double click to access it. Right click on it!
2) BEFORE inserting your own storage device to another computer, specially in an Internet Cafe, Right Click first in any of the Harddrives, and see if it is clean (See Figure 1). If not, tell the owner that his/her pc is infected. If it cannot be cleaned immediately, download the imgkulot remover and clean it first.

-o0O0o-

No comments:

About TekBytes

1st of All I'm not a Computer /IT guru. I just wanted to share the little things I know about the current technologies and to bridge the gap between the real techies and the non-techies. This blog is mainly for those who wants to make the best use of the hi-tech gadgets in their hands but are not technically inclined. You may send questions about IT too, and I'll try to answer them the best as I could and if I can't and if it's worth it, I'll post your queries here in hoping we could find someone who can answer. No spamming pls.