Example: Most disc installers uses the AutoPlay feature of Windows, it uses the file "Autorun.inf" so that once the disc is inserted in a cd/dvd drive, Windows will launch the setup of the installer from the disc automatically.
This feature is exploited by the malwares for its propagation routine, they usually drop a copy of itself in all drives (from A to Z) together with the file "Autorun.inf". Their objective is to infect the removable drives (such as floppy disk, flash drives, usb hard disks) so that when these infected drives are inserted to another machine with the AutoPlay/Autorun feature turned on, that machine will also be infected by the malware.
Here is the solution to block the autorun for all devices:
1. Open Notepad.
2. Copy the following to the Notepad:
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\autorun.inf]
@="@SYS:DoesNotExist"
3. Save the file as DisableAutorun.reg.
4. Right click on the file DisableAutorun.reg and click on Merge
5. Click Yes on the Prompt.
6. Restart Windows to take effect.
For a brief explanation, this registry entry will make Windows tag the autorun.inf as not present in all drives, like it doesn't exist.
Well, this is only tested on Windows XP, I haven't tried it in Windows Vista or earlier version.
===========================================
Update - March 15, 2011 - 6:00 AM PST
This is tested only in Windows XP and is _NOT_ applicable on Windows 7.
For Windows 7 instructions please click below:
No comments:
Post a Comment