making own drive disinfector (for autorun.inf) using cacls command




In my
previous article I described about how can we use autorun.inf for a security purpose for detecting foreign autorun.infs .
In this article we will implement CACLS command on autorun.infs manually or through a small batch file....so that none of viruses replace it coz they don't have permission to do so...




What is CACLS command ???

In short CACLS command displays or implements control over a file or folder in windows.


Advanced file sharing setting:
windows has a setting in which user can set access rights to a file or a folder, which by default is kept off.
To ON this setting , goto
My computer >> tools >> folder options >> view >> go extreme down >> untick use simple file sharing >> press ok

Now when you go to any file or folder properties there is a new tab called security tab , where we can set access controls to other users. We can also deny rights to our self !!!



How can I use this in making drive disinfector ????????

majority of virus programmers use "read only attributes" to make there autorun.inf read only and make the autorun.inf as system file so that no one can delete it in normal ways.
But as far as I have seen , no virus had applied security access to there autorun.inf (which they are surely going to apply when they read this article...lolz ;) )


CACLS command implementation !!!

In our batch program we are going to implement CACLS such that it denies all users to use autorun.inf hence denying viruses too.


Lets write a batch program...
I used batch file because it is very simple to apply and any windows user can make it in seconds.
For new ones : you have to just copy below code in pink and paste it in notepad and then save as "anything.bat" and then run it


here's the code:


@echo off

title drive disinfector

cd\


:start

echo.

echo make sure none of virus processes are going on in background...

echo enter the drive letter you want to disinfect (example c: )

set/p "cho=>"

echo you entered %cho%

pause

cls

goto disinfect


:disinfect

echo deleting original autorun.inf from %cho%

echo continue ???

echo.

CACLS "%cho%/autorun.inf" /C /G EVERYONE:F

attrib -h -s -r "%cho%/autorun.inf"

del "%cho%/autorun.inf"

cls

echo making own autorun.inf

echo this file is made by drive disinfector >> "%cho%/autorun.inf"

echo autorun.inf made !!!

echo securing autorun.inf...

echo continue ???

CACLS "%cho%/autorun.inf" /C /D EVERYONE

echo.

echo command succesfully executed...!!!

echo %cho% drive disinfected !!!

echo You can see new autorun.inf made in %cho% drive !!!

pause

cls

goto start




What does this code do ???
This code deletes the original autorun.inf ( here Ihave not applied if condition coz no need to do so).
Then it creates a new autorun.inf and changes its access rights to none.
So no one can access it , unless the access rights are changed.


Main commands used:
CACLS file_name /C /G EVERYONE:F (to give full control)
CACLS file_name /C /D EVERYONE (to deny full control)



Advantages:
This batch file makes the autorun.inf not with read only attributes or system file attributes , but changes the access rights. So the viruses which are commonly programmed to just replace original autorun.inf by applying negative attributes will fail to replace it. Hence drive will be autorun safe.


Disadvantages:
  1. 1] when a virus infects it will try to replace our autorun.inf which will fail. So the virus will copy itself to the drive without having its own autorun.inf. Now wot happens the user is just autorun safe , but by any means if user executes the virus then it might create a problem.
  2. 2]If there comes a virus which applies not only read only & system file attributes but also applies access rights , then this method fails.

Solutions:
Well I recommend using the "Drive icon assigning method" as posted in my previous post.
In "Drive icon assigning method" user is not autorun safe but he gets alerted as soon as any autorun.inf infects.


I am thinking of writing a post on various uses of autorun.inf and how to use it in pen drives for making

Comments