|
|
Post #1
Apr 6 2008, 00:05
|
Neowinian
Group: Registered
Posts: 19
Joined: 15-September 06
Member No.: 180,748
|
ninja pendisk!Ninja is the freeware zero-configuration program designed for guarding computers against viruses transmitted by USB pendisks. This ninja awaits quietly in the system tray for the times whenever a USB pendisk is inserted on the computer which will be examined to uncover the commonly malicious or virulent files known as "autorun.inf" and "ctfmon.exe" amongst many others.Waiting for a pendisk to be inserted  After cleaning a pendisk  To keep things simple, ninja is fully portable, self-contained and requires no installation. Besides removing known virulent files, this tool will also immunize your pendisk and create a folder called autorun.inf with special protection permissions to protect your pendisk from being infected again when plugged on contaminated computers. Visit the web page for download and more usage details: http://nunobrito.eu/ninja
|
Log In or Register · Advertise on Neowin
|
|
|
Post #2
Apr 6 2008, 00:21
|
Neowinian Super Cool
Group: Supervisor
Posts: 18,488
Joined: 25-February 04
From: Wirral, UK
Member No.: 48,788
|
thats a pretty good idea actually, nice work
|
|
|
Post #3
Apr 6 2008, 00:22
|
I'm Awesome!
Group: Registered
Posts: 5,193
Joined: 3-April 02
From: NSW, Australia Awesomeness: 100%
Member No.: 11,342
|
Now find me a freeware program that prevents people running exe's off them 
|
|
|
Post #4
Apr 6 2008, 00:32
|
Neowinian
Group: Registered
Posts: 19
Joined: 15-September 06
Member No.: 180,748
|
@colin_uk: thank you, I'm really happy that you like it. @Raa: The ninja will prevent you from running the virus inside the pendisk, once it is placed on the system tray - everytime you add a pendisk on the computer our ninja will detect and open a pop-up menu asking if the pendisk should be immunized. This works even faster than XP/Vista when displaying the initial menu and will remain on top of any other windows so that you can clean & immunize. Here is the list of exe's that will be removed: Quote - auto.exe
autorun.inf
autorun.ini
autorun.pif
autorun.vbs
autorun.exe
autorun.bat
autorun.cmd
autorun.hta
avpo.exe
Bha.dll.vbs
ctfmon.exe
copy.exe
destrukto.vbs
****er.vbs
Heap41a
killvbs.vbs
host.exe
imvo.exe
Macromedia_Setup.exe
mmc.exe
msvcr71.dl
ntde1ect.com
nideiect.com
ntdelect.com
New Folder.exe
oso.exe
Ravmon.exe
RavMonE.exe
RVHost.exe
spoclsv.exe
soundmix.exe
svchost.exe
semo2X.exe
tel.exe.vbs
utdetect.com
VBS_RESULOWS.A
windows.scr Try it on, this nifty tool was created to run in schools and office computers where admins get stuck with the annoying task of cleaning up the mess.
|
|
|
Post #5
Apr 6 2008, 00:32
|
Neowinian Senior
Group: Registered
Posts: 2,759
Joined: 18-May 05
From: Manchester, England.
Member No.: 110,879
|
Quote - (Raa @ Apr 6 2008, 00:22)  Now find me a freeware program that prevents people running exe's off them Doesn't UAC help prevent this?
|
|
|
Post #6
Apr 6 2008, 01:15
|
Neowinian
Group: Registered
Posts: 19
Joined: 15-September 06
Member No.: 180,748
|
UAC won't react to this sort of menace unless it is a very dumb and clumsy virus otherwise it will happily let windows run the executable as any other regular program. If you don't believe me, try for yourself and run the autorun.inf found inside any infected USB pendisk to know what I mean.. 
|
|
|
Post #7
Apr 6 2008, 21:56
|
Neowinian Senior
Group: Registered
Posts: 2,759
Joined: 18-May 05
From: Manchester, England.
Member No.: 110,879
|
I'm assuming that the autorun feature works kinda like the autorun feature for CDs, if that's true then with Vista, a popup appears when you put the disk in. The pop up is a prompt to the user to decide what should happen.
If that happens with a pendrive, then I'd be able to stop any automatically executed executable.
Still, not as stupid-proof as this software.
|
|
|
Post #8
Apr 6 2008, 22:08
|
Neowinian
Group: Registered
Posts: 19
Joined: 15-September 06
Member No.: 180,748
|
I've just found a solution to intercept and block completely the autorun feature when a pendisk is plugged on the computer on Vista and XP machines. Will add this feature on the ninja so that no autorun is ever executed without explicit user permission. Wait for the next version, should be available tomorrow.
|
|
|
Post #9
Apr 6 2008, 22:25
|
Resident Fanatic
Group: Registered
Posts: 568
Joined: 15-November 05
From: Winnipeg, Canada
Member No.: 141,355
|
Vista will pop up with its question when you first plug it in at first, but subsequently, clicking on the drive in the My Computer screen will just execute whatever autorun.inf points to. The best way is just to disable autorun.inf entirely. If you create a .reg file with the following contents and import it, it'll disable reading of autorun.inf files, but still maintain the ability to automatically play CD audio, DVD movies, and use content-based autoplay. It won't clean devices like the Ninja here will, but it'll stop yourself from accidentally running things you don't want to, and it's dead easy to implement. CODE Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\autorun.inf]
"autorun"="@SYS:Software\\Microsoft\\Autorun"
@=""
|
|
|
Post #10
Apr 6 2008, 22:47
|
Neowinian
Group: Registered
Posts: 19
Joined: 15-September 06
Member No.: 180,748
|
Hi random_n! That is a good key but it will also disable the autorun feature for other USB devices like the Vodafone internet box and requires a reboot of the machine to work properly. This is an example where autorun is desired:  After using that key, windows will still read this key here: CODE Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlersDefaultSelection\AutorunINFLegacyArrival And use this action: CODE MSOpenFolder That will open the explorer windows and show the contents of the pendisk. --------- It is possible to supress completely the windows message that warns that a new device is plugged. On the next ninja version you'll be able to exclusively disable or enable the autorun feature for pendisks on the fly.
|
|
|
Post #11
Apr 7 2008, 21:04
|
Tensa Zangetsu
Group: Registered
Posts: 9,478
Joined: 12-March 04
From: Vancouver, Canada
Member No.: 50,015
|
whoa thanks! This is quite useful actually
|
|
|
Post #12
Apr 7 2008, 21:12
|
Neowinian Senior
Group: Registered
Posts: 2,759
Joined: 18-May 05
From: Manchester, England.
Member No.: 110,879
|
Wow, you really have thought about everything here! Continue  .
|
|
|
Post #13
Apr 8 2008, 11:57
|
Neowinian
Group: Registered
Posts: 19
Joined: 15-September 06
Member No.: 180,748
|
Version 1.2 is available! You can either delete ninja.txt and restart ninja.exe to test the auto-update feature or download the new version from http://nunobrito.eu/ninjalog of changes:Quote - Better language detection
Option to add a shortcut on the startup folder
Option to rename files on ninja.txt (good for autorun.inf) Unfortunately, the option to intercept windows messages is not working as good as expected and therefore won't be included so soon. Hope you like it. 
|
|
|
Post #14
Apr 10 2008, 06:43
|
Neowinian
Group: Registered
Posts: 19
Joined: 15-September 06
Member No.: 180,748
|
Version 1.4 released! - added - option to silently clean all inserted pendisks only displaying results box
- added - option to completely disable autoplay
- added - when using switch "/install" from command line will silently install ninja on the computer
- modified - failsafe values to load language
- modified - german language was updated by native german speaker (thanks Peter)
- modified - Add to startup option will create a shortcut on the startup folder and also copy ninja.exe and ninja.txt to a folder on Program Files
As mentioned before, the autorun box that appears when you plug a pendisk is disabled and it was not necessary to write any registry keys meaning that when you quit the program or deactivate this feature - your autorun will still work as before. Still mentioning some special cases when the plugged USB pendisk is not just a pendisk that are not yet handled correctly (mostly because I don't have an ipod to test ) Hope you like this new version.
|
|
|
Post #15
Apr 10 2008, 06:53
|
Drive It Like You Stole It!
Group: Registered
Posts: 4,557
Joined: 31-January 04
From: Atlanta, GA Status: Gone Racing
Member No.: 46,516
|
Excellent work. I can see this coming in very handy. Thanks.
|
