Comments on: How does the Panda USB vaccination work?

By: Cd-MaN

Cd-MaN — Tue, 05 Feb 2013 13:01:05 +0000

Thank you, it is a very good and informative description.

By: Anonymous

Anonymous — Tue, 05 Feb 2013 12:59:04 +0000

See this:

http://superuser.com/questions/424216/make-a-file-non-deletable-in-usb

By: Cd-MaN

Cd-MaN — Sat, 27 Oct 2012 18:11:46 +0000

I suspect that the utility "corrupts" then entry for the file just enough so that it isn't deletable, but not so much to freak out other tools.

Maybe you could try running dosfcsk from cygwin?

By: Anonymous

Anonymous — Sat, 27 Oct 2012 18:08:16 +0000

As I am interested in protecting some of my files using this trickery, I reverse engineered the protection.
If a dir /ah /q autorun.inf is done, you can see that the "owner" (in FAT32!) of this file is "..." while the rest of the files have ownership All.

Along my manipulations (I asked in W7 for attributes, I got HX -sorry, I found nothing on the "X"; I opened the usb in linux, made a dosfcsk read only, etc.) , the ownership changed from ... to All !!!!

After that I have been able to delete autorun.inf from explorer

Now, I will try to find out how ownership was changed ... and if any other thing also changed. I keep looking to find out an utility to change ownership in fat32 under windows ...

By: Cd-MaN

Cd-MaN — Sun, 24 Oct 2010 06:45:44 +0000

@Anonymous: getting a little philosophical here: there is no possibility to be absolutely sure about anything, not even in IT. Everything is a shade of gray.

Getting back on the question:
- you could (should) trust Panda mostly. It is a reputable company and with some extreme exceptions I can't imagine it releasing anything harmful.

- you could (and should if you are concerned about it) look at the file in a safe environment (such as a virtual machine) and possibly look at the executable with a disassembler

By: Anonymous

Anonymous — Sun, 24 Oct 2010 06:35:52 +0000

How could one sure that the autorun.inf by panda for PC as well as pen drive does not contain some suspicioos autorun feature? Could you thro some light on this aspect

By: Abo Dooma

Abo Dooma — Thu, 23 Sep 2010 08:52:08 +0000

See "USB Security Utilities"-freeware, it can vaccine hard drives and ntfs and vaccine custom files and folders and delete vaccination.

By: Anonymous

Anonymous — Sun, 30 May 2010 12:25:15 +0000

TO reply Mohamad:
Format it! No other way…

By: Unknown

Unknown — Mon, 29 Mar 2010 15:20:23 +0000

thank.
how can I delete this vaccination if I want?
please help me.
[email protected]

By: Anonymous

Anonymous — Mon, 22 Feb 2010 14:50:10 +0000

I tried Panda for my NTFS drive and somehow the application hangs. Somehow I end the program and tested and seems like the autorun.inf has been installed.

I also tried Autorun Protector http://raylin.wordpress.com/downloads/autorun-protector/ which supports both FAT32 and NTFS.

Both seems to be using different method for protecting but the latter one can choose to remove the protection without formatting the drive.