Auto-run virus on my USB drive

No Comments

This morning I was copying some files in my USB drive and I found some peculiar files in the root directory: password_viewer.exe and autorun.inf. These are peculiar because I have embarked in a personal Use Linux-only policy in my home systems so I have no need for Windows auto-run feature and I hate that feature to the core so I disable them. I did some quick searching in the Internet and these are normally associated with the w32.sillyfdc worm.

This got me thinking on where I would have contracted that virus as I am pretty paranoid when it comes to my devices. Then it hit me, I had some photos developed at Picture City Digital shop in Robinson’s Pioneer. Sure, I saw the attendant run a manual AVG scan on the contents of my thumb drive but apparently it was not enough because: (1) the scanner real-time file protection was not activated, and (2) I am not sure when was the last time they have updated their virus definitions.

No big deal for me really because I was already prepared to have my drive infected as I only have the pictures to be developed in there. I think the scanning procedure done in the shop threw me back into a sense of complacency that I didn’t double check anymore if it was infected. The drive was used once more by my officemate on his Vista-loaded laptop but I am confident that he is as paranoid as me and his AVG was able to quarantine the infection automatically. He didn’t even notice it until I brought it up this morning.

My take-away tips for this experience are:

  • Convert to using linux as your primary system. Ok, I just have to put that in. 🙂
  • If using printing shop services for your digital pictures, put them in a read-only media like a CDRW or a SD-card with the write-lock enabled.
  • If you are adamant in using Windows, turn-off the auto-play feature altogether. Most of the time it is more trouble than useful.
  • When using Windows, keep your anti-virus software and definitions up to date and turn-on the real-time file protection if you have a habit of inserting media used from untrusted places.


Access denied for local Windows Admin User

No Comments

My Windows XP installation is acting up again. For some reason I cannot pinpoint directories will change permission and it locks me out with an “Access Denied” permission. The problem is that I am logged in as a local administrator (hey, its Windows so its the only way to really work while in it 😛 ) and following the maxim “Computer Security stops with full physical access” then everything should be available to me. First reaction would be to check and modify the file security properties but since I don’t have “access” then the Security tab will not show in the properties window of the file.

Normally I would note the directory down somewhere in the desk, wait finishing my current work, and then reboot to Linux and access the files. Linux allows me to bypass the NTFS access control list so I can take out the files and move/copy them to a new location before deleting the old location. I run a chkdsk next time I boot into Windows to reset the index and have a semblance of sanity in the drive.

Today this can’t be my route as it locked a directory containing some files that I need for the current document I am working on. Rebooting to Linux to bail out Windows is not an option so I searched a way on how to circumvent this, and now I have two (well technically one with a backup).


CACLS is the built-in command line utility for modifying file access control lists in Windows. Invoking the help file (cacls /?)presents a pretty concise and helpful help message. To give my user account full access to the misbehaving directory and all the files inside, the command is

cacls [path to directory to be change] /T /G Erin:F

where /T specifies that all contents of the directory will be modified and the last switch tells the utility to give user name Erin full access.

If the cacls command still fails for your admin user, then try using the SYSTEM user as that generally have more privileges than the administrator users. You basically need to execute the same CACLS command under that privilege but the “runas” command will not work as you will need the SYSTEM password. You will have to trick the machine into opening the doors for you [insert devil grin here]. Not really, I was talking about the Scheduler trick that is only accessible to Administrators and some special user groups.


HH and MM is to be replaced with the time + one or two minutes from the current system time (use 24H format for the hours). This will trigger the task scheduler to open a command prompt at the set time which uses the SYSTEM account. You can try the cacls modification from the resulting prompt.

And if all else fails, there is always Linux. 😀


Pesky CD/USB Auto-play


I imagine that at first the Auto-play feature is the best thing since sliced bread. I think I first encountered it when I used Win98(?) wherein if you pop in a CD with the autoplay file it will start the named executable which is usually the main installer of the disc.

Then come WinXP (or Win2K, I can’t remember) wherein some brilliant developer/designer proposed to take it one step further, by making sure an autoplay dialog pops up to display a list of possible actions whenever the user puts in a media in the CD/DVD drive OR if a USB storage device is plugged-in.

I find that feature as very irritating, especially since I am a keyboard-centric user and I have a multi-partition USB HDD enclosure. I have four partitions in my 120GB WD driver so it means every time I use it in Windows I have to contend with eight windows (4 drive scanning dialog boxes, and the actual autoplay window). Somewhere along the four autoplay window is an option to set this behavior off (Do nothing+Do this every time) but somehow it is very elusive so I end up hitting the escape key vigorously to cancel these autoplay actions. These combative behavior does not always work since sometimes the windows do not have focus.

Even for DVD and CD media, I don’t like this option even if my next action will be to open an explorer and navigate to the inserted media. I don’t like it because the pop-out windows by their nature interrupts my train of thought. I prefer that the media be read in the background and I will press WinKey+E to launch an explorer.

So last night I finally got fed up and searched for a way to turn off that irritating feature. It was very easy actually and got a lot of hits; the keywords I used were “disable autoplay windows”. In a nutshell the steps are:

  1. In the run command, execute “gpedit.msc” which launches the group policy editor.
  2. Navigate to the User Configuration->Administrative Templates->System item. If you want this to be system wide, use the Computer Configuration instead. My wife may want this feature so I opted for the user-limited settings.
  3. Double-click on the “Turn off Autoplay” and set it to true.

Presto! No more autoplay nag boxes for me. I think KDE also have a counterpart for this in the kded(aemon) but I use XFCE so I don’t really have this problem when I am in Linux.



Newer Entries