Sunday, April 5, 2009

How To Disable AutoRun.inf?

printed from:
Earlier we saw how to remove a AutoRun Virus that abuse the autorun.inf file, to spread itself.Now, let us see how to turn off AutoRun.inf and thus protect your PC from AutoRun viruses and malwares.Windows had a bug in the way it handled AutoRun related Registry entries. When AutoRun is disabled, Windows operating system should not go past the Registry check. However, Windows continued to parse autorun.inf found on the removable media and did everything except the final action to invoke AutoPlay or execute an application.
How to Disable AutoRun.inf?

Nick Brown came up with a solution to prevent AUTORUN.INF files from being used on a PC, from any medium. This method involved using an initialisation file mapping, to create a mapping between the AUTORUN.INF initialisation file and the Registry. IniFileMapping is a key which tells Windows how to handle the .INI files which those applications typically used to store their configuration data (before the registry existed).This procedure relied on the fact that an autorun.inf file is a standard Windows INI file and so the appropriate API calls are used by Windows, when fetching its settings. These API calls can be redirected using the INI file mapping method. In this case, it says “whenever you have to handle a file called AUTORUN.INF, don’t use the values from the file. You’ll find alternative values at

HKEY_LOCAL_MACHINE\SOFTWARE\DoesNotExist.” So how is this done?
Create a Registry file with the following contents and save it as DISABLEAUTORUN.REG.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]

Double click DISABLEAUTORUN.REG to make the relevant changes to Windows Registry. Now whenever Windows tries to read a file called “autorun.inf” using the INI programming calls, it is forbidden from reading from the actual file. Instead, all settings are read from the HKEY_LOCAL_MACHINE\Software\DoesNotExist Registry key. As this key does not exist, it is as if the autorun.inf file contains no settings information. This applies to any autorun.inf in any location and on any drive.

The only drawback with this approach is you need to manually trigger the setup program in any inserted CD or USB Stick. But isn’t it better to live with this than with AutoRun viruses?

No comments: