Stop AutoRun (Part 2)

The most common vector for virus infection thru USB flash drives exploits the AutoRun feature of Windows. Find out how to turn off this feature and hopefully provide you another level of protection. Read the Introduction here.

AutoRun, Be-gone! (Continued)

Solution? Globally block the autorun.infs from executing. Keep in mind, though, that this will block all friendly and hostile autorun.infs - nothing will happen when you insert a USB flash drive or CD and DVDs - but that's what we want. We don't want a rogue virus to execute when we insert a removable media. Of course, your installation CDs might not launch the setup program automatically. You have to manually open the program in Windows Explorer - a minor drawback.

To block autorun.infs from executing, follow these steps

1. Start Notepad or another text editor (don't use Microsoft Word or Wordpad)


2. Copy the following text from this page and paste it into your text editor (everything between the square brackets should be all on one line)
   
   REGEDIT4[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]@="@SYS:DoesNotExist"
   
   


3. Save the file with a name like NoAutoRun.reg, taking care to include the .reg extension


4. Right-click your .reg file and choose Merge. Confirm any warning prompts to add the information to the Registry.

What we did is to nullify the file that Windows searches when you insert a removable drive. Windows was instructed to find the autorun information inside the name autorun.inf. Here, we changed that to nothing, so Windows will attempt to search for the file with no filename (which is impossible since no file has no filename).

The benefit is a big one: a rogue program that you never intended to launch won't silently take over your system if you happen to insert a Trojan-carrying disc into a drive.