Keep USB virus away from your windows 防止USB 感染自己的電腦

Introduce 簡介

---

USB virus can infect your PC by autorun.
If you want to avoid USB virus infecting your windows, try to configure your windows by these methods below (method 2 is recommended).
USB 病毒常利用USB裝置的自動執行功能進行感染，若想預防外來的USB病毒感染本機電腦，可在本機電腦做以下設定(推薦使用方法二)。

Attention: You cannot avoid your windows to infect USB devices by these methods.

本方法並非防止USB裝置中毒!若本機電腦已中毒，仍有可能感染USB裝置。

Method 1. Disable "Shell Hardware Detection"
方法一: 關閉服務 Shell Hardware Detection

---

This method can disable USB stick "autorun" but not for other devices, like: USB disks.
停用此服務可防止 USB 隨身碟自動執行功能，但無法防止 USB 外接式裝置，如 USB 外接式硬碟。


*. Open Manage
開啟管理

=>Right click your "My Computer" and Select "Manage"

在"My Computer"按滑鼠右鍵選擇"Manage"。

*. Find "Shell Hardware Detection" Service.
找到 "Shell Hardware Detection" 的服務。

=>Select "Services and Applications" -> Services"
選擇左方 "Services and Applications"下的 "Services"

=>On the right side, right click "Shell Hardware Detection" and select "Properities"
從右方的服務列表中選擇 "Shell Hardware Detection" 按滑鼠右鍵並選擇"Properities"

*. Stop Service.Change

停止服務

=>Change "Startup type" to "Mannual"
 將 Startup type: 選為"Manual"

=>Press "Stop" button.
再按下"Stop"即可完成。


















 
Method 2: Modify Register

方法二: 限制所有外接式裝置的機碼

---

This method can avoid all USB devices. 

此方法可限制所有的外接式裝置的自動執行功能，包含USB隨身碟與USB外接式硬碟。

*. Open "Run..."
開啟"執行.."

=>Click "Start" and select "Run..."

從左下方的"Start" 選擇 "Run..."

 
*. Open Registry.
開啟註冊表

=> Input "regedit" and press "OK" button.

輸入 "regedit" 後，按下 OK。

*.  Change to "MountPoints2" permissions.
進入 "MountPoints2" 的權限

=> Follow the path below to find "MountPoints2"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2

根據上面的路徑找到 "MountPoints2"

 =>Right click "MountPoints2"and press "Permissions..."
右鍵點擊並選擇 "Permissions..."

 *. Add "Everyone" owner.
加入 "Everyone" 的使用者

=>Press "Add..." -> "Advanced..."
按下 "Add..." -> "Advanced..."

=Press "Find Now" button and Find "Everyone"
按下 "Find Now" 按鈕並找到 "Everyone"

=>Press OK button back to Permission windows.
按下 "OK"直至返回 Permisson視窗。

*. Set deny permisson to Everyone.
將 Everyone 權限設定 deny

=>Click "Everyone"
 選擇 "Everyone"

=>Click deny options for Full Control and Read.

勾選Deny下的 Full Control 跟 Read

Reference 參考

---

http://labors3cweb.pixnet.net/blog/post/27247064

http://newsletter.ascc.sinica.edu.tw/news/read_news.php?nid=1386