Stop USB Malware

1. # Disable Autorun
2. $autorunKey = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer"
3.  
4. try {
5. New-ItemProperty -Path $autorunKey -Name NoDriveTypeAutoRun -PropertyType DWORD -Value 149
6. } catch [System.Security.SecurityException] {
7. Write-Host "Insufficient permissions to modify registry key. Run the script as administrator."
8. }
9.  
10. # Block USB Access (Group Policy)
11. # Requires administrative privileges and domain environment
12.  
13. $gpoPath = "ComputerConfiguration\Administrative Templates\System\Removable Storage Access"
14.  
15. try {
16. Get-GPO -Name "Default Domain Policy" | Set-GPO -Path $gpoPath -Value "Deny all access"
17. } catch [System.Exception] {
18. Write-Host "Error blocking USB access through Group Policy. This might require additional configuration or domain environment."
19. }
20.  
21. # Block USB Access (Hardware Switch)
22. # Requires specific laptop models with hardware switch
23.  
24. $usbPortStatus = Get-CimInstance -ClassName Win32_PnPEntity | Where-Object { $_.Name -like "USB*Port*" }
25.  
26. try {
27. $usbPortStatus | ForEach-Object { Set-CimInstance -CimInstance $_ -Property @{Status = "Disabled"} }
28. } catch [System.Exception] {
29. Write-Host "Error disabling USB ports. This might require specific hardware capabilities."
30. }
31.  
32. # Update Operating System
33. Start-Process -FilePath powershell -ArgumentList "-ExecutionPolicy Bypass -Command & { Install-WindowsUpdate }"
34.  
35. # Prompt User to Scan USB Drives with Preferred Antivirus
36. Register-CimEvent -Source "Win32_PnPDeviceProperty" -Event "DeviceArrival" -Filter @{SystemName = ".*", "PnPDeviceID" = "USBSTOR\\.*"} -Action {
37. # Extract drive letter
38. $driveLetter = Get-CimInstance -ClassName Win32_LogicalDisk -Filter @{DeviceID = $_.DeviceID} | Select-Object DeviceID -First 1
39.  
40. # Check if drive letter is valid
41. if ($driveLetter) {
42. # Notify user and suggest antivirus scan
43. Write-Host "A USB drive has been detected at $driveLetter."
44. Write-Host "Please scan the drive with your preferred antivirus solution."
45.  
46. # Start antivirus scan with user confirmation
47. $confirm = Read-Host "Would you like to start a scan with your preferred antivirus now? (Y/N)"
48.  
49. if ($confirm -eq "Y") {
50. # Modify this line with the actual command and path for your antivirus software
51. Start-Process "C:\Program Files\Antivirus\Scan.exe" -ArgumentList "$driveLetter"
52. }
53. } else {
54. Write-Host "Unable to determine drive letter for the detected USB device."
55. }
56. }
57.