Removing Panda USB Vaccination Without Formatting USB Disk
We have covered Panda USB Vaccine in a previous article. Panda USB Vaccine can protect your USB disks against autorun viruses and malware, by creating a un-removable autorun.inf on the root folder of your USB disk. According to Panda Security, this can be removed only by formatting the USB disk. But there is a workaround.
The technique used by Panda USB Vaccine is that it modifies the file table, making the autorun.inf file inaccessible permanently. We will open the file table and edit it to make the autorun.inf file readable, writable and deletable. Here is the process :
- Download a copy of iBored - a free portable hex editor which can edit the disk sectors.
- Insert the Panda USB Vaccine protected USB key into USB port of your computer.
- Extract the contents of the iBored zip file to a folder. Right-click on iBored.exe and select Run as administrator. iBored must be run with administrator level access because it needs to access the disk sectors.
- iBored will show you a list of detected disks attached to your computer. Be careful to select the USB key. Click View to open the disk sector.
- Select the Raw tab by clicking on it as shown. The Raw tab shows the contents of the sector in raw and hex format.
- Press the key combination Ctrl + F to open the find dialog. You can also open the Find dialog by selecting BlockView → Find from the menubar. In the Find dialog, type AUTORUN INF and click Find button as shown :
- iBored will show and highlight the found string. The found hex values are highlighted in green. We have to edit the very next value to the found values. In this case, it is value 42 in hex (I have marked it with an arrow). This value can be different in your case (e.g., it may be 40).
- From the menubar select BlockView → Make Writable to be able to edit this block. You can also press the key combination Ctrl + Shift + M.
- Click on the value we want to edit and type 20. This would edit the value from 42 to 20.
- Click on the Save button to save the disk sector. Close iBored window.
- That's it. Now autorun.inf file created by Panda USB Vaccine is accessible, readable, writable and deletable.