USB 메모리 자동실행 차단

항상 집에서 컴퓨터를 이용한다면 바이러스에 걸릴 확률은 낮겠지만,
학교나 도서관에서 USB 메모리를 사용하다 보면
나도 모르게 바이러스를 가지고 오는 경우가 생긴다.

“오랜만에 USB 메모리를 집 컴퓨터에 꼽는 순간 각 드라이브에 autorun.inf 파일이 생기고,
wscript.exe에 의해 vbs가 실행되는 바이러스를 경험하게 되었다.”

USB 메모리를 연결하는 순간 자동실행에 의해서 바이러스가
전파되기 때문에 바이러스를 효과적으로 막으려면 자동실행 차단하면  된다.
(이 내용은 XP 이상의 시스템에 해당하는 내용입니다. 2000 이하에는 해당 기능이 없습니다.)

2007년 12월에 국가정보원에서 USB 메모리 감염 바이러스 차단 프로그램을 배포한 것을 보면
이러한 문제가 빈번히 발생한다는 것을 알 수 있습니다.

아래 첨부 파일은 국가정보원에서 제공한 프로그램으로
자동실행을 마우스 클릭만으로 자동실행 차단 또는 허용할 수 있습니다.

사용자 삽입 이미지프로그램 다운로드

위 방법 말고 레지스트리를 직접 수정할 수도 있습니다.
레지스트리 키의 위치는 다음과 같고, ‘NoDriveTypeAutoRun‘의 DWORD 값을 조정하면 됩니다.

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer]

만약에 ‘NoDriveTypeAutoRun’ 이름의 DWORD가 없다면 추가 후에 값을 입력합니다.
DWORD 값을 4 일 때 이동장치에 대한 자동실행을 차단하고, ff는 모든 장치에 대한 자동실행을 차단합니다.

[#M_DWORD값에 대한 내용 자세히 보기…|닫기..|;Disables Autoplay on unknown drives only
;”NoDriveTypeAutoRun”=dword:0x00000081

;Disables Autoplay on removable drives omly
;”NoDriveTypeAutoRun”=dword:0x00000004

;Disables Autoplay on fixed drives only
;”NoDriveTypeAutoRun”=dword:0x00000008

;Disables Autoplay on network drives only
;”NoDriveTypeAutoRun”=dword:0x00000010

;Disables Autoplay on CD-ROM drives only
;”NoDriveTypeAutoRun”=dword:0x00000020

;Disables Autoplay on RAM disks only
;”NoDriveTypeAutoRun”=dword:0x00000040

;Disables Autoplay on all drives (Recommended)
;”NoDriveTypeAutoRun”=dword:0x000000FF

;Disables Autoplay on removable drives and fixed drives
;”NoDriveTypeAutoRun”=dword:0x0000000C

;Disables Autoplay on removable drives and network drives
;”NoDriveTypeAutoRun”=dword:0x00000014

;Disables Autoplay on removable drives and CD-ROM drives
;”NoDriveTypeAutoRun”=dword:0x00000024

;Disables Autoplay on removable drives and RAM disks
;”NoDriveTypeAutoRun”=dword:0x00000044

;Disables Autoplay on removable drives and unknown drives
;”NoDriveTypeAutoRun”=dword:0x00000085

;Disables Autoplay on fixed drives and network drives
;”NoDriveTypeAutoRun”=dword:0x00000018

;Disables Autoplay on fixed drives and CD-ROM drives
;”NoDriveTypeAutoRun”=dword:0x00000028

;Disables Autoplay on fixed drives and RAM disks
;”NoDriveTypeAutoRun”=dword:0x00000048

;Disables Autoplay on fixed drives and unknown drives
;”NoDriveTypeAutoRun”=dword:0x00000089

;Disables Autoplay on network drives and CD-ROM drives
;”NoDriveTypeAutoRun”=dword:0x00000030

;Disables Autoplay on network drives and RAM disks
;”NoDriveTypeAutoRun”=dword:0x00000050

;Disables Autoplay on network drives and unknown drives
;”NoDriveTypeAutoRun”=dword:0x00000091

;Disables Autoplay on CD-ROM drives and RAM disks
;”NoDriveTypeAutoRun”=dword:0x00000060

;Disables Autoplay on CD-ROM drives and unknown drives
;”NoDriveTypeAutoRun”=dword:0x000000A1

;Disables Autoplay on RAM disks and unknown drives
;”NoDriveTypeAutoRun”=dword:0x000000C1

;Disables Autoplay on removable drives, fixed drives and network drives
;”NoDriveTypeAutoRun”=dword:0x0000001C

;Disables Autoplay on removable drives, fixed drives and CD-ROM drives
;”NoDriveTypeAutoRun”=dword:0x0000002C

;Disables Autoplay on removable drives, fixed drives and RAM disks
;”NoDriveTypeAutoRun”=dword:0x0000004C

;Disables Autoplay on removable drives, fixed drives and unknown drives
;”NoDriveTypeAutoRun”=dword:0x0000008D

;Disables Autoplay on removable drives, network drives and CD-ROM drives
;”NoDriveTypeAutoRun”=dword:0x00000034

;Disables Autoplay on removable drives, network drives and RAM disks
;”NoDriveTypeAutoRun”=dword:0x00000054

;Disables Autoplay on removable drives, network drives and unknown drives (Default)
;”NoDriveTypeAutoRun”=dword:0x00000095

;Disables Autoplay on removable drives, CD-ROM drives and RAM disks
;”NoDriveTypeAutoRun”=dword:0x00000064

;Disables Autoplay on removable drives, CD-ROM drives and unknown drives
;”NoDriveTypeAutoRun”=dword:0x000000A4

;Disables Autoplay on removable drives, RAM disks and unknown drives
;”NoDriveTypeAutoRun”=dword:0x000000C5

;Disables Autoplay on fixed drives, network drives and CD-ROM drives
;”NoDriveTypeAutoRun”=dword:0x00000038

;Disables Autoplay on fixed drives, network drives and RAM disks
;”NoDriveTypeAutoRun”=dword:0x00000058

;Disables Autoplay on fixed drives, network drives and unknown drives
;”NoDriveTypeAutoRun”=dword:0x00000099

;Disables Autoplay on fixed drives and CD-ROM drives and RAM disks
;”NoDriveTypeAutoRun”=dword:0x00000068

;Disables Autoplay on fixed drives, CD-ROM drives and unknown drives
;”NoDriveTypeAutoRun”=dword:0x000000A9

;Disables Autoplay on fixed drives, RAM disks and unknown drives
;”NoDriveTypeAutoRun”=dword:0x000000C9

;Disables Autoplay on network drives, CD-ROM drives and RAM disks
;”NoDriveTypeAutoRun”=dword:0x00000070

;Disables Autoplay on network drives, CD-ROM drives and unknown drives
;”NoDriveTypeAutoRun”=dword:0x000000B1

;Disables Autoplay on network drives, RAM disks and unknown drives
;”NoDriveTypeAutoRun”=dword:0x000000D1

;Disables Autoplay on CD-ROM drives, RAM disks and unknown drives
;”NoDriveTypeAutoRun”=dword:0x000000E1

;Disables Autoplay on removable drives, fixed drives, network drives and CD-ROM drives
;”NoDriveTypeAutoRun”=dword:0x0000003C

;Disables Autoplay on removable drives, fixed drives, network drives and RAM disks
;”NoDriveTypeAutoRun”=dword:0x0000005C

;Disables Autoplay on removable drives, fixed drives, network drives and unknown drives
;”NoDriveTypeAutoRun”=dword:0x0000009D

;Disables Autoplay on removable drives, fixed drives, CD-ROM drives and RAM disks
;”NoDriveTypeAutoRun”=dword:0x0000006C

;Disables Autoplay on removable drives, fixed drives, CD-ROM drives and unknown drives
;”NoDriveTypeAutoRun”=dword:0x000000AD

;Disables Autoplay on removable drives, fixed drives, RAM disks and unknown drives
;”NoDriveTypeAutoRun”=dword:0x000000CD

;Disables Autoplay on removable drives, network drives, CD-ROM drives and RAM disks
;”NoDriveTypeAutoRun”=dword:0x00000074

;Disables Autoplay on removable drives, network drives, CD-ROM drives and unknown drives
;”NoDriveTypeAutoRun”=dword:0x000000B5

;Disables Autoplay on removable drives, network drives, RAM disks and unknown drives
;”NoDriveTypeAutoRun”=dword:0x000000D5

;Disables Autoplay on removable drives, CD-ROM drives, RAM disks and unknown drives
;”NoDriveTypeAutoRun”=dword:0x000000E5

;Disables Autoplay on fixed drives, network drives, CD-ROM drives and RAM disks
;”NoDriveTypeAutoRun”=dword:0x00000078

;Disables Autoplay on fixed drives, network drives, CD-ROM drives and unknown drives
;”NoDriveTypeAutoRun”=dword:0x000000B9

;Disables Autoplay on fixed drives, network drives, RAM disks and unknown drives
;”NoDriveTypeAutoRun”=dword:0x000000D9

;Disables Autoplay on fixed drives, CD-ROM drives, RAM disks and unknown drives
;”NoDriveTypeAutoRun”=dword:0x000000E9

;Disables Autoplay on network drives, CD-ROM drives, RAM disks and unknown drives
;”NoDriveTypeAutoRun”=dword:0x000000F1

;Disables Autoplay on removable drives, fixed drives, network drives, CD-ROM drives and RAM disks
;”NoDriveTypeAutoRun”=dword:0x0000007C

;Disables Autoplay on removable drives, fixed drives, network drives, CD-ROM drives and unknown drives
;”NoDriveTypeAutoRun”=dword:0x000000BD

;Disables Autoplay on removable drives, fixed drives, network drives, RAM disks and unknown drives
;”NoDriveTypeAutoRun”=dword:0x000000DD

;Disables Autoplay on removable drives, fixed drives, CD-ROM drives, RAM disks and unknown drives
;”NoDriveTypeAutoRun”=dword:0x000000ED

;Disables Autoplay on removable drives, network drives, CD-ROM drives, RAM disks and unknown drives
;”NoDriveTypeAutoRun”=dword:0x000000F5

;Disables Autoplay on fixed drives, network drives, CD-ROM drives, RAM disks and unknown drives
;”NoDriveTypeAutoRun”=dword:0x000000F9
_M#]이미 바이러스에 걸렸을 경우 Ctrl+Alt+Del키를 이용하여 작업관리자를 열고,
해당 바이러스 프로세스를 종료시킵니다.
만약 작업관리자가 보였다가 바로 종료된다면 Process-Explorer를 사용하면 됩니다.
그리고 난 뒤에 백신 프로그램을 이용하거나, 직접 autorun.inf와 vbs 또는 exe를 제거하고
레지스트리를 검사해서 치료하면 됩니다.

You may also like...

댓글 남기기