Disable Autorun.ini – Malwares Loveliest file

Autorun.INI…….Most Loveliest file for malwares. It is the heart of its life for propagation. As most of the users double click the pendrives, infected folders to open them and gets infected.

Look at the contents of a sample autorun file

[AUtoRUn]
aCTION=Open folder to view files
SHeLLEXECuTe=FOeUVE.EXE
IcoN=%syStEMRoOt%sySTEm32Shell32.dll,4

It says to execute a file foeuve.exe, a malware. It appears as a folder for the user to lure the user to click on it.

So the way to deal this is, right click the drive to check if it shows “autoplay” in the menu. If it shows autoplay, in most cases the pendrive is infected.

  • Type the drive letter in the Address Bar to open.
  • Enable Show the hidden folders and also uncheck hide
    operating system files in the Folder Options
  • Now you can see virus/Trojan/worm in the Drive, which you should delete.

In many of the cases, all the folders are also infected to contain malwares. So when you double click to open them, you still get infected.

Remedy:

The best way is to disable Autorun

  • Go to Run > regedit
  • In the left pane, open HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Explorer
  • Change the Value of “NoDriveTypeAutoRun” to 95 (Default value is 91)

This will disable autorun from Removable Media, Unknown Drive, Network Share. This value decides which drives to exclude autorun.
To completely disable autorun, Set the value to FF.

Settings for NoDriveTypeAutoRun Registry Entry – Sum the values to decide for which locations autorun should be disabled

Value

Meaning

0x1 or 0x80

Disables AutoRun on drives of unknown type

0x4

Disables AutoRun on removable drives

0x8

Disables AutoRun on fixed drives

0x10

Disables AutoRun on network drives

0x20

Disables AutoRun on CD-ROM drives

0x40

Disables AutoRun on RAM disks

0xFF

Disables AutoRun on all kinds of drives

 

 

 

 

Advertisements

About wikihead

A security freak
This entry was posted in Articles and tagged , . Bookmark the permalink.

One Response to Disable Autorun.ini – Malwares Loveliest file

  1. Pingback: USB thumb drives with Read-Only/Write-Protect hardware switch « Eikonal Blog

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s