ninja pendisk!

[Nuno Brito]

ninja pendisk!

Ninja is the freeware zero-configuration program designed for guarding computers against viruses transmitted by USB pendisks.

This ninja awaits quietly in the system tray for the times whenever a USB pendisk is inserted on the computer which will be examined to uncover the commonly malicious or virulent files known as "autorun.inf" and "ctfmon.exe" amongst many others.

Waiting for a pendisk to be inserted

After cleaning a pendisk

To keep things simple, ninja is fully portable, self-contained and requires no installation.

Besides removing known virulent files, this tool will also immunize your pendisk and create a folder called autorun.inf with special protection permissions to protect your pendisk from being infected again when plugged on contaminated computers.

Visit the web page for download and more usage details: http://ninjapendisk.com

:)

Edited December 21, 2009 by Nuno Brito

[Colin-uk Veteran]

thats a pretty good idea actually, nice work :)

[Raa]

Now find me a freeware program that prevents people running exe's off them :p

[Nuno Brito]

@colin_uk: thank you, I'm really happy that you like it.

@Raa:

The ninja will prevent you from running the virus inside the pendisk, once it is placed on the system tray - everytime you add a pendisk on the computer our ninja will detect and open a pop-up menu asking if the pendisk should be immunized.

This works even faster than XP/Vista when displaying the initial menu and will remain on top of any other windows so that you can clean & immunize.

Here is the list of exe's that will be removed:

auto.exe

autorun.inf

autorun.ini

autorun.pif

autorun.vbs

autorun.exe

autorun.bat

autorun.cmd

autorun.hta

avpo.exe

Bha.dll.vbs

ctfmon.exe

copy.exe

destrukto.vbs

****er.vbs

Heap41a

killvbs.vbs

host.exe

imvo.exe

Macromedia_Setup.exe

mmc.exe

msvcr71.dl

ntde1ect.com

nideiect.com

ntdelect.com

New Folder.exe

oso.exe

Ravmon.exe

RavMonE.exe

RVHost.exe

spoclsv.exe

soundmix.exe

svchost.exe

semo2X.exe

tel.exe.vbs

utdetect.com

VBS_RESULOWS.A

windows.scr

Try it on, this nifty tool was created to run in schools and office computers where admins get stuck with the annoying task of cleaning up the mess.

:)

[Guest]

Now find me a freeware program that prevents people running exe's off them :p

Doesn't UAC help prevent this? :p

[Nuno Brito]

UAC won't react to this sort of menace unless it is a very dumb and clumsy virus otherwise it will happily let windows run the executable as any other regular program.

If you don't believe me, try for yourself and run the autorun.inf found inside any infected USB pendisk to know what I mean.. :shiftyninja:

[Guest]

I'm assuming that the autorun feature works kinda like the autorun feature for CDs, if that's true then with Vista, a popup appears when you put the disk in. The pop up is a prompt to the user to decide what should happen.

If that happens with a pendrive, then I'd be able to stop any automatically executed executable.

Still, not as stupid-proof as this software.

[Nuno Brito]

I've just found a solution to intercept and block completely the autorun feature when a pendisk is plugged on the computer on Vista and XP machines.

Will add this feature on the ninja so that no autorun is ever executed without explicit user permission.

Wait for the next version, should be available tomorrow.

:)

[random_n]

Vista will pop up with its question when you first plug it in at first, but subsequently, clicking on the drive in the My Computer screen will just execute whatever autorun.inf points to.

The best way is just to disable autorun.inf entirely. If you create a .reg file with the following contents and import it, it'll disable reading of autorun.inf files, but still maintain the ability to automatically play CD audio, DVD movies, and use content-based autoplay. It won't clean devices like the Ninja here will, but it'll stop yourself from accidentally running things you don't want to, and it's dead easy to implement.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\autorun.inf]
"autorun"="@SYS:Software\\Microsoft\\Autorun"
@=""

[Nuno Brito]

Hi random_n!

That is a good key but it will also disable the autorun feature for other USB devices like the Vodafone internet box and requires a reboot of the machine to work properly.

This is an example where autorun is desired:

After using that key, windows will still read this key here:

Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlersDefaultSelection\AutorunINFLegacyArrival

And use this action:

MSOpenFolder

That will open the explorer windows and show the contents of the pendisk.

---------

It is possible to supress completely the windows message that warns that a new device is plugged.

On the next ninja version you'll be able to exclusively disable or enable the autorun feature for pendisks on the fly.

:)

[Matrix XII]

whoa thanks!

This is quite useful actually :)

[Guest]

Wow, you really have thought about everything here!

Continue (Y).

[Nuno Brito]

Version 1.2 is available! :)

You can either delete ninja.txt and restart ninja.exe to test the auto-update feature or download the new version from http://nunobrito.eu/ninja

log of changes:

Better language detection

Option to add a shortcut on the startup folder

Option to rename files on ninja.txt (good for autorun.inf)

Unfortunately, the option to intercept windows messages is not working as good as expected and therefore won't be included so soon.

Hope you like it.

:laugh:

[Nuno Brito]

Version 1.4 released!

• added - option to silently clean all inserted pendisks only displaying results box
  
• added - option to completely disable autoplay
  
• added - when using switch "/install" from command line will silently install ninja on the computer
  
• modified - failsafe values to load language
  
• modified - german language was updated by native german speaker (thanks Peter)
  
• modified - Add to startup option will create a shortcut on the startup folder and also copy ninja.exe and ninja.txt to a folder on Program Files
  

As mentioned before, the autorun box that appears when you plug a pendisk is disabled and it was not necessary to write any registry keys meaning that when you quit the program or deactivate this feature - your autorun will still work as before.

Still mentioning some special cases when the plugged USB pendisk is not just a pendisk that are not yet handled correctly (mostly because I don't have an ipod to test :p )

Hope you like this new version.

[CrashG]

Excellent work. I can see this coming in very handy. Thanks.

[Nuno Brito]

I'm really glad that you like it.

Thanks for the nice words.

:)

[Nuno Brito]

Any more requests of features to be included on this tool?

:)

[Nuno Brito]

The ninja is now featured on softpedia!

http://www.softpedia.com/get/Antivirus/Ninja-Pendisk.shtml

[SuperKid]

I got idea, maybe add a feature like strict mode to globally block known script extensions like *.vbs and *.bat files, or even have it to block all extensions on the pendisk except for the known Microsoft Office, Openoffice etc extensions like .doc, .ppt etc.

[Nuno Brito]

Version 1.5 released!

Here are the changes:

[added] title to tray icon

[added] timer to result window

[added] ninja.txt option to disable tray menu and avoid closing ninja ([options] --> Evil_Ninja=1)

[added] ninja.txt option to change the timer on the result window ([options] --> Result_Timer=8)

[added] when clicking on option "Add to Shortcut" will create the shortcut by default to All Users

[modified] automatic clean option is now selected by default

[modified] filesize of ninja.exe reduced by 30% to ~700kb

[fixed] Popmenu on system tray is now hiding properly when user clicks outside the popmenu

This a much better version, hope you like it.

:)

[Nuno Brito]

Here's a small graphical update for those who like ninja.

:)

[Mickeel]

I like your Ninja very Much. I have read ur thread in bootland forum about using my own language for Ninjaa Pendisk.

With only adding "language=id" for Indonesia ^^

But, it wouldn't work.Then i tried modifiying the "en" language words. However, the change doesn't comes up too??

FYI:I'm using version Ninja Pendisk 1.5.

I want to add the "id" language for my friends in indonesia.

Thanks,

Mickeel (www.mimusic.co.cc)

[kilimats]

Hi,

I was looking for a tool to do that autorun.inf removal, tried a few free software and some shareware. Yours came out to be the best, simple and deadly effective

you did a very nice work.

I am about to deploy it to our 40 school computer where we are constantly being bombarded by those nasty USB stick autorun viruses

My issue left is that i am unable to hide the result_timer even so i set 0 in the settings. putting different number also does not affect the software, it always start with 4 sec

I will be more than happy to do a donation if you can help me fix this

thanks :-)

[Nuno Brito]

We now have a ninja forum!

Look here:

http://nunobrito.eu/ninja/forum

The main website was also redesigned.

Thank you for supporting the ninja!

:)

[AuRe]

Hello.

I would like how to REMOVE the appz...

I have deleted Ninja folder in Program Files but it still is showing up each time I reboot the computer.

I have same problem as a user in ninja Forum, Win Xp SP3, remove the auto start option but it continues start each restart

Thanks