Windows XP and Windows 7: FAT Virus Prevention and Removal from Removable Drives

A FAT virus is malware that affects the File Allocation Table (FAT), rewriting some parts of it so that the malware can infect other removable drives that will be connected to the computer system. To prevent the auto-activation of the virus through your operating system’s autorun or autoplay feature, disable that feature through the Group Policy Editor. Note that Group Policy Editor is not available in “Starter” version of operating systems.

Remember: Turning off Autorun or Autoplay does not protect your system in the case of user error. That is, if the infected drive is executed manually by the user, the system will be infected despite Autorun/Autoplay being turned off. Instead of opening or double-clicking a removable drive (which may activate attached malware), you can right-click it and choose “Explore” or use the Windows explorer sidebar to explore the drive.

The propagation of this kind of malware depends on user intervention. If you do not copy or execute malware, then your computer system will not be infected.

To Turn Off Autoplay on Windows XP:

Group Policy Editor (Windows XP)

Group Policy Editor (Windows XP)


1) Click START.
2) Click RUN.
3) Type “gpedit.msc” without the quotation marks in the Run dialog box.
4) In “Local Computer Policy”, under “Computer Configuration”, click “Administrative Templates”, then click “System”.
5) On the Extended tab on the right panel, double-click “Turn Off Autoplay”.
6) Under the Settings tab, choose “Enabled” and Turn Off Autoplay on: “All drives”.
7) Click OK. You do not have to restart the system to implement this change.

To Turn Off Autoplay on Windows 7:

Local Group Policy Editor (Windows 7)

Local Group Policy Editor (Windows 7)


1) Click START.
2) Click RUN. If RUN is not visible in the Programs menu, type “Run” on the Search box, then click RUN.
3) Type “gpedit.msc” without the quotation marks in the Run dialog box.
4) In “Local Computer Policy”, under “Computer Configuration”, click “Administrative Templates”, then click “Windows Components”, then click “Autoplay Policies”.
5) On the Extended tab on the right panel, double-click “Turn Off Autoplay”.
6) Under the Settings tab, choose “Enabled” and Turn Off Autoplay on: “All drives”.
7) Click OK. You do not have to restart the system to implement this change.

To View Hidden Files on Windows XP:

Folder options (Windows XP)

Folder options (Windows XP)

1) Open any Windows Explorer window such as My Documents.
2) On the menu bar, click “Tools”, then click “Folder Options”.
3) Open the View tab.
4) Under the group settings of “Files and Folders”:
a) Tick the options “Show hidden files and folders”.
b) Untick “Hide extensions for known file types”.
c) Untick “Hide protected operating system files”. If Windows displays a Warning, answer “Yes” (the default is No).
5) Click “Apply”, then click “OK”.

To View Hidden Files on Windows 7:

Folder Options (Windows 7)

Folder Options (Windows 7)

1) Open any Windows Explorer window such as Documents.
2) On the menu bar, click “Organize”, then click “Folder and Search Options”.
3) Open the View tab.
4) Under the group settings of “Files and Folders”:
a) Under “Advanced settings”, tick the options “Show hidden files, folders and drives”.
b) Untick “Hide extensions for known file types”.
c) Untick “Hide protected operating system files”. If Windows displays a Warning, answer “Yes” (the default is No).
5) Click “Apply”, then click “OK”.

To Delete a File-hiding FAT Virus on a Removable Drive:
* You must show all hidden files first. See instructions above. This also works for Windows 7.

The contents of a virus-infected drive

The contents of a virus-infected drive

1) Select all of the files in the infected drive, except for the unnamed hidden folder. The unnamed folder contains your files.
2) Hold SHIFT the press DEL on your keyboard for permanent (irreversible) deletion.
3) If Windows asks you to confirm deletion, click “Yes”.

To Unhide the Unnamed Hidden Folder:

* This also works for Windows 7.

Rename the unnamed folder

Rename the unnamed folder


1) Rename the folder by pressing F2 on your keyboard, or right-click then choose “Rename”.
2) Give the folder any name that does not contain spaces or special characters.
3) Click START, then execute RUN. Type “cmd” without the quotation marks to open the command prompt window.
4) Go to the affected drive. For example, if the hidden folder is in drive F, type “F:” without the quotation marks then press ENTER on your keyboard.

Use ATTRIB to unhide the folder

Use ATTRIB to unhide the folder

5) Use the ATTRIB command to unhide the folder. Use -h to unhide and -s to remove its system file setting (system files are hidden by default). For example, if your hidden folder is named “a”, type: attrib a -h -s
6) Press ENTER on your keyboard, then type “exit” without the quotation marks and press ENTER again to exit command prompt.

End Note: I will not be remaking this guide for other versions of Windows OS. For questions, comments, corrections or suggestions, please send me a message on Facebook by clicking my apple logo on the sidebar.

Advertisements

Comments are closed.

%d bloggers like this: