One common strategy to infect a computer is to use the autorun information of a removable drive, most likely an USB device, to infect the computer as soon as the user double-clicks the drive. If the computer is protected by antivirus software the attack will most likely be stopped in its tracks but the manipulated autorun.inf file on the USB device will more often than not remain untouched.
Here is a short explanation if you have never heard of autorun.inf files before: It contains information about files and processes that are automatically executed when a disk is inserted or double-clicked. Autorun is often confused with autoplay but they are not the same. Autorun is directly related to the autorun.inf file on the disk while autoplay automatically reacts to new devices or media, for example a music CD is automatically played in Windows when inserted.
Autorun Eater takes care of autorun.inf files before it can be executed on the system. This is done my actively monitoring the system in real time. It will automatically remove suspicious autorun.inf files and store them in a secure space in case of a false positive.
I know that some of you do not like to run a lot of programs in the background which is also my preferred way. It is possible to disable the autorun.inf system wide which is the only protection that works flawlessly. The common Registry keys NoDriveAutoRun and NoDriveTypeAutoRun do not eliminate the dangers of autorun.inf files. When properly configured they prevent that the autorun.inf file on USB devices gets executed automatically but it will still be executed when a user double-clicks the drive.
The only real autorun.inf protection which disables it completely is the following Registry setting. Just copy the following lines into a text document and name it auto.reg.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"
Double-click that file and restart your computer afterwards. Autorun should now be disabled for all drives on your system.
Related posts:
Autorun from USBUSB Flash Drives: USB Vaccine
Increase USB Security With USB Cop
Autoplay Cleanup and Removal
Autoplay Repair
Does pressing shift for 10 seconds disable autorun?
To Yash, yesh it does :) But how many people are going to remember that? And if you’re IT in a company, how many computer illiterates will even bother to do that before they stick in that freebie USB stick they just got?
One question, Martin: Is that auto.reg you posted for XP or Vista or Both?
Dante it’s working in XP, not sure about Vista.
I’m not seeing the “IniFileMapping” sub-tree in Vista’s registry for “[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion” So I’m hesitant to install this. Definitely a good idea though. I’ll have to look into Vista implementation.
I use the USB Firewall 1.1.2 from Net Studio. This detects automatically all the files which tries to launch itself whenever a USB device is inserted.
Autorun Eater v2.3 will be released on the 28th of November, 2008(Friday). Do check it out. :)
WARNING IF YOU HAVE A U3 DRIVE
I followed these same instructions from another site and now cannot run my U3 drive at all. I don’t mean it doesn’t autorun on insert, I now cannot run the program to unlock the protected portion of the U3 drive at all. Still trying to restore my registry to it’s prior state so I can work with files on my U3 flash drive.