Sunday, March 7, 2010


Autorun.inf can pose a security threat, when the user does not expect or intend to run the software, such as in the case of some viruses, which take advantage of this feature to propagate, especially on USB FLASH DRIVES.


For instance, an attacker with brief and casual physical access to a computer can surreptitiously insert a disc and cause software to run. Alternately, malicious software can be distributed with a disc that the user doesn't expect to contain software at all -- such as an audio compact disc. Even music CDs from well known name-brand labels have not always been safe.


To erase this, restart your window to Safe Mode Command Prompt. (Do this by rebooting your computer and pressing F8 before windows go out and select from the boot menu). On drive C and other drives type the following commands: 1. attrib -h -r -s autorun.inf    2. del autorun.inf

Do this steps to other drives to disable the autorun.inf.

Now,Disable autorun.inf from Registry.

Now you can disable the AUTORUN for all drives by configuring the registry. Open the registry by typing regedit.exe to the command prompt (if your still at the command prompt) or execute it in Run. Look for the HKEY_CURRENT_USER\Software\ Microsoft\Windows\CurrentVersion\Policies\Explorer as shown below:
Double-click the NoDriveAutorun DWORD entry and type the value HEX: FF (255 in Decimal). (If the NoDriveAutorun does not exists, you can creat it by right-clicking the right side area of the regedit window, then click New->DWord Value -> type NoDriveAutorun) Close the registry and restart the computer. This procedure will disable all the autorun for all drives of your computer and at least will prevent the autorun function of infected USB drives or CDs and avoid the infection of viruses like the Bacalid and RavMon.exe.

If you want to prevent viruses that uses autorun.inf  to infect your USB flash drive, try to do this:

1. Open your flash drive via Command Prompt (do this via Start->Run->cmd.exe)

2. Change your logged drive to your USB flash drive (e.g. if your drive is at drive E: then type E: on the command prompt then press enter)

3. Create a folder named: AUTORUN.INF on the root directory of your flash drive. (to do this type the command: MD\AUTORUN.INF). If an error: a subdirectory already exists… shows, try to follow the instruction above to remove existing autorun.inf before doing this instruction.

The reason why this will avoid future infection is that autorun.inf viruses usually generates a file autorun.inf. Having an AUTORUN.INF folder on the root directory of your drives will make virus programs unable to create their own autorun.inf file, virus can’t even overwrite it because it’s a folder and not a file.

No comments:

Post a Comment