Pinterest Stumbleupon Whatsapp
Ads by Google

thumbnailUSB flash drives are our personal data carriers, but the way we use it to exchange files also makes them open to viruses.

The Achilles heel which viruses exploit is the autorun.inf file. Autorun.inf file is a simple instruction file present in removable media like CDs, DVDs and USB drives. This file contains a series of commands that triggers the operating system to start an executable, tells it which icon to use, and which additional actions to make available. A basic autorun.inf file looks like this ““

[autorun]
open=autorun.exe
icon=autorun.ico

Special Note: Autoplay is the Windows action which asks you to specify the application to use to open a particular file. The autoplay dialog box asks you to select from the options when you insert a media. Autorun on the other hand, is the Windows action which automatically launches applications depending on the commands given in the autorun.inf file when we double click the removable drive icon.

The keyword is automatic. We have to find ways to short circuit the automatic execution of programs (good or bad), so that a hidden malware does not penetrate our system. The idea then is to change the way Windows handles the autorun.inf file. The methods expressed here are majorly for Windows XP.

Use the SHIFT key

Suppress autorun by pressing the SHIFT key when inserting a USB drive. Then, right click on the icon in Explorer and select Explore to access the contents of the drive. This is a one-time action and you have to keep that in mind every time you insert an USB drive. And you have to be ever mindful of never double-clicking your USB drive icon in Explorer.

Ads by Google

Go to the Group Policy Editor

1_gpedit

Group Policy Editor is used to define user and computer configurations for groups of users and computers.

  1. Open GPEditor via Start – Run. Enter gpedit.msc in the Run box.
  2. Navigate to Computer Configuration – Administrative Templates – System.
  3. Highlight System on the left hand pane. On the right hand pane, go down to the entry – Turn off Autoplay and double click on it.
  4. Select the Enabled radio button, then for the Turn off Autoplay on dropdown, select All drives.2_turn-off-autoplay

This will disable the autorun feature and let you explore the drive contents for all drives instead of directly opening it.

Hack the registry

3_registry

We can also disable the autorun feature by making a change in the registry. Be forewarned that if you are not at ease with the registry, it is advisable to skip this step.

  1. Launch the Registry Editor by typing regedit in the Run box (Start -> Run)
  2. On the left hand pane, keep expanding the entries by clicking on the + sign. Search for this entry ““ HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer
  3. For this registry entry, go to the right panel and double click the NoDriveTypeAutoRun registry key.
  4. Change the Value data to FF for Hexadecimal or 255 for Decimal value.
  5. Click OK to close the registry editor and restart the computer.

Fall back on software

If you are the type who hates going into the guts of the operating system, there are of course handy pieces of software available. Here are two examples of such applications.

USB 1.3

4_usb

This 7KB USB anti-virus tool works by detecting the removable drive and renaming the autorun.inf file to autorun.inf_current date_time thus preventing its running by the system. The program loads in the system tray and with just one click, you can turn Autorun on or off. Another option informs the user about all actions on autorun.inf files.

The program works from the system tray and is compatible with Windows XP, Windows 2000, Windows 98 and Windows 95.

TweakUI

5_tweakui

TweakUI, Microsoft’s Power toy for Windows XP Microsoft PowerToys for Windows XP Microsoft PowerToys for Windows XP Read More gives a user access to system settings that are below the visible interface of the OS.

To disable autoplay using TweakUI, go to the My Computer – Autoplay – Drives setting. Deselect the drive you wish to disable the autoplay for. Also, go to My Computer – AutoPlay – Types. Uncheck Enable Autoplay for removable drives. Click OK and you are done.

The 126KB download is compatible with Windows XP and Windows Server 2003.

These methods will prevent the automatic jumpstart of a USB drive. But if a malware sneaks through, then the value of a good, updated anti-virus Panda Cloud - The Antivirus Like No Other You Have Seen Panda Cloud - The Antivirus Like No Other You Have Seen Read More and anti-malware as the first line of defense cannot be exaggerated enough.

Do you let a USB drive run automatically or do you control it with a blocking action? Which is your favored method? Let us know.

While we are learning more about USB drives, also take a look some of our popular posts about the device.

Image credit: Nedko

  1. Hossain Ahmed
    May 2, 2016 at 8:31 am

    Thanks done by me and successful

  2. Kermonk
    December 21, 2009 at 5:55 pm

    Why is the web full of this crap? There is no auto run from USB - and I've been searching for ages for a way to make it work -and the only thing i find are all these "hints" on how to disable it!

  3. Scott
    October 2, 2009 at 1:46 am

    If you do the following startup and logon batch files wont run for that user anymore

    Editor's note: This will disable the command for all users including the local administrator. If you want to disable this for specific users only (and for XP Home users) make the change in the registry. Login to the account you want to change and create the following registry entries:

    HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\
    DisableCMD dword 0x00000001 to disable command prompt and batch files
    or
    DisableCMD dword 0x00000002 to disable command prompt but not batch files

  4. Gates III
    June 22, 2009 at 4:10 am

    Kinda works pretty well .But I need help into formatting a flash drive which come in a RAW format.

    • Scott
      October 2, 2009 at 1:42 am

      Ok what if I want students to be able to use USB drives but I don't want anything to be run from them? I'm particularly interested in preventing the use of BATCH files.

      As the teachers use many applications I'd prefer not to use the GPO that lists all applications that can be run.

      Surely there is a way to allow the use of a USB but not allow anything to run from it?

      • Scott
        October 2, 2009 at 1:45 am

        I should clarify I mean to stop anything from running period. Not just autorun. I dont want students to be able to make batch files at home and then run them from their USB sticks. However I am not allowed to stop the use of USB drives by students as storage.

        I cant find an solution for this.

  5. kash525
    June 19, 2009 at 5:56 am

    I A l s o H a v e A S o l u t i o n O f M y K i n d . I t R e s t r i c t s C r e a t i o n O f A u t o r u n . i n f F i l e.

    6109.kabin.com.np/prevention-from-auturun-virus-is-currupting-autoruninf/

  6. lady_in_red
    June 8, 2009 at 3:31 am

    If you are the type who hates going into the guts of the operating system, there are of course handy pieces of software available

  7. sunny
    June 1, 2009 at 11:09 am

    a gud way to avoid this is to disable autorun across all devices, DVD,CD drives and USB devices..
    jus type the following in Notepad

    REGEDIT4
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
    @="@SYS:DoesNotExist"

    den save d notepad file as "NoAutoRun.reg"
    right click saved file and click MERGE. Click YES and presto alll autorun is disabled

  8. mwa
    May 31, 2009 at 4:17 pm

    Try this one:

    Windows Registry Editor Version 5.00

    ;disables autoplay context menu commands in Windows Explorer
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
    @="@SYS:DoesNotExist"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    "NoDriveTypeAutoRun"=dword:000000ff

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    "NoDriveTypeAutoRun"=dword:000000ff

  9. I am a G
    May 31, 2009 at 11:25 am

    Thanks for these important informations. I think I'll use the "autorun.inf" folder method. Now I dont have to worry about getting infected through flash drives anymore.

  10. Marcel
    May 30, 2009 at 10:48 pm

    I CANNOT BELIEVE YOUR ASKING US TO DOWNLOAD A FILE FROM RUSSIA !!??!!! ???

  11. David
    May 31, 2009 at 3:27 am

    creating an autorun file yourself won't work. virii will delete it, even if it's read only.

    the best way to stop virii from installing their own autorun.Inf file is to use the dos command line and do this:

    mkdir autorun.inf (this creates an autorun folder)
    cd autorun.inf (opens the folder)
    mkdir .\con\ (this creates an undeletable folder inside the autorun folder)

    do this on any USB device and it's impossible for virii to create evil autorun files on that device.

    enjoy

    david

  12. PJB
    May 30, 2009 at 10:03 pm

    wow, windows is just so simple, safe and user-friendly!

    /sarcasm

  13. Tony
    May 30, 2009 at 9:50 pm

    Jon's tip is great, simple and very smart. Also if you had a machine with linux you can insert your usb drive, see this kind of files and delete them easily as a manual antivirus. So seek and destroy!

  14. Jon
    May 30, 2009 at 8:47 pm

    Make an "autorun.inf" FOLDER on the drive, set it to hidden. No more autorun.inf viruses possible.

    • mikosh
      June 22, 2009 at 3:27 am

      thanks jon
      that's what i was looking for... works great!

  15. Island Boy
    May 30, 2009 at 10:51 pm

    There is a small free app that does Jon's “autorun.inf FOLDER on the drive” trick for ALL Flash Drive plugged in to the PC.
    Ninja Pendisk!

    nunobrito.eu/ninja/

    As for hiding the “autorun.inf” FOLDER, create a .txt file containing this line:

    attrib +s +h %1

    Rename .txt file to "hide.bat"

    then simply drag any files you want hiding onto it.
    This will add the system attribute so they will be invisible. (unless you turn off "Hide protected operating system files" in Folder options)

    If a PC has viruses, the “autorun.inf” FOLDER will become visible.(handy)

  16. ShakespeareGeek
    May 29, 2009 at 3:47 pm

    Know what I really want, that I was hoping this article was about? Every single time I plug in my iPhone, which has pictures on it, a stupid dialog comes up asking me how I want to handle the pictures. I don't. That's my wallpaper and other things that I just want to leave on the phone. There is no option for "Don't launch anything, and never ask me again."

    Maybe a good topic for a future article. I'd kill to know how to do it.

    • JustinPlayfair
      May 29, 2009 at 8:37 pm

      ShakespeareGeek, have a look at Autoplay Repair. I don't know of a homepage for it, but here's a download link:

      snapfiles.com/get/AutoplayRepair.html

      This might be what you're looking for.

  17. JK the Fifth
    May 29, 2009 at 2:57 pm

    I use iKill (from arpantech) for detecting and deleting autorun files from removable media. I will also try USB 1.3 now, and keep the lighter one.

    I am still not sure if the other methods (ie Tweak UI, registry hack, group policy editor) suppress the auotrun "file" or just stop the Windows autorun "dialogue box" from popping up; as I have already done that registry hack and found that now the autorun dialog box doesn't come up (I dont know if the hack has any effect on autorun files)

    And also, I think the "exploring instead of opening" method doesn't work and autorun file initiates on both "exploring" and "opening".

  18. Cary Schwartzman
    May 29, 2009 at 2:18 pm

    Just an idea: would creating your OWN autorun.inf file ahead of time, and setting it to hidden/system/read-only work?

    • Saikat
      May 30, 2009 at 12:31 am

      XP and Vista will handle it differently. Autoplay will follow if autorun.inf is not detected. XP+SP2 brings up the Autoplay dialog box with options to handle the files.In Vista, autorun comes under autoplay's control as a safety feature.

Leave a Reply

Your email address will not be published. Required fields are marked *