Autorun Eater

Posted by Martin in Security, Windows  Tags: , , , , , ,

22

May



One common strategy to infect a computer is to use the autorun information of a removable drive, most likely an USB device, to infect the computer as soon as the user double-clicks the drive. If the computer is protected by antivirus software the attack will most likely be stopped in its tracks but the manipulated autorun.inf file on the USB device will more often than not remain untouched.

Here is a short explanation if you have never heard of autorun.inf files before: It contains information about files and processes that are automatically executed when a disk is inserted or double-clicked. Autorun is often confused with autoplay but they are not the same. Autorun is directly related to the autorun.inf file on the disk while autoplay automatically reacts to new devices or media, for example a music CD is automatically played in Windows when inserted.

Autorun Eater takes care of autorun.inf files before it can be executed on the system. This is done my actively monitoring the system in real time. It will automatically remove suspicious autorun.inf files and store them in a secure space in case of a false positive.

I know that some of you do not like to run a lot of programs in the background which is also my preferred way. It is possible to disable the autorun.inf system wide which is the only protection that works flawlessly. The common Registry keys NoDriveAutoRun and NoDriveTypeAutoRun do not eliminate the dangers of autorun.inf files. When properly configured they prevent that the autorun.inf file on USB devices gets executed automatically but it will still be executed when a user double-clicks the drive.

The only real autorun.inf protection which disables it completely is the following Registry setting. Just copy the following lines into a text document and name it auto.reg.

REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@=”@SYS:DoesNotExist”

Double-click that file and restart your computer afterwards. Autorun should now be disabled for all drives on your system.


Like such posts? Get updates via RSS NEWS FEED. Love Ghacks? Find out how you can help!

Spread The Article: Digg del.icio.us StumbleUpon Reddit Facebook Slashdot TwitThis YahooMyWeb Fark Mixx NewsVine

6 Users Commented In This Post

Subscribe To This Post Comment Rss Or TrackBack URL
Yash says, May 22nd, 2008   

Does pressing shift for 10 seconds disable autorun?

Dante says, May 22nd, 2008   

To Yash, yesh it does :) But how many people are going to remember that? And if you’re IT in a company, how many computer illiterates will even bother to do that before they stick in that freebie USB stick they just got?

Dante says, May 22nd, 2008   

One question, Martin: Is that auto.reg you posted for XP or Vista or Both?

Martin says, May 22nd, 2008   

Dante it’s working in XP, not sure about Vista.

Dante says, May 22nd, 2008   

I’m not seeing the “IniFileMapping” sub-tree in Vista’s registry for “[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion” So I’m hesitant to install this. Definitely a good idea though. I’ll have to look into Vista implementation.

Techbuzzard says, May 23rd, 2008   

I use the USB Firewall 1.1.2 from Net Studio. This detects automatically all the files which tries to launch itself whenever a USB device is inserted.

Leave Your Comments Below
Hello, please leave your thought below

Please Note: Each comment will be manually approved by an admin. There is no guarantee that a comment will be posted. Please do not submit the comment multiple times.