Preventing AutoRun Attacks From Malicious CDs

How many times have you innocently inserted a CD or flash drive into your computer, only to find out it has infected your PC with a virus? How did that happen? Why did that happen? Well, one of the causes could be the AutoRun feature in Windows. If you have your computer set up to run the AutoRun, it can launch installers and other programs automatically as soon as you insert any removable hard disk. Luckily, there are two ways you can save yourself from a possible virus spread. Let’s check them out!

Turn AutoPlay Off

The next time you want to prevent Windows from launching applications automatically from an external device containing the necessary AutoRun information, this is how you do it:

In Windows XP, you can change the defaults for AutoPlay by right clicking on the selected drive and choosing Properties (find the drive in your My Computer folder). Choose the AutoPlay tab and change the settings for the different types of media you use.

Similarly, in Windows Vista, you can choose one of many options: “Always launch the program,” “Always open a listing of the disk in a Windows Explorer window,” “Always prompt for a choice” or “Take no action.”

If That Fails

However, hackers will tell you that turning the AutoPlay feature off may not be 100 percent safe if you’re up against a malicious AutoRun error. There are ways to make an AutoRun file run even if AutoPlay is disabled in XP and the “Take no action” option is selected in Vista. This is what happens: turning AutoPlay off seems to work, but when you double click on the drive you’re using, it will launch whatever commands are in the AutoRun file. The worst part is, you’re completely unaware this is happening while the hacker goes on and spreads the virus all over your computer. It’s all done without you knowing anything unusual has happened.

Another Way of Tackling the Problem

You may think you can protect yourself from AutoRun by using two keys in the Registry Editor, known as NoDriveAutoRun and NoDriveTypeAutoRun. However, those keys can be overridden. The solution is to globally block the AutoRun files (autorun.inf) from executing, without trying to use the dialogue boxes in XP and Vista to do so. Here’s the procedure:

Step 1: Open Notepad (Start, All Programs, Accessories, Notepad) or any other text editor you may have on your computer.

Step 2: Copy the following text from this page and paste it into the text editor. (Make sure you copy everything as is. For example, each entry needs to be on its own line):


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]


Step 3: Save the file under a name such as “NoAutoRun.reg” (make sure you include the .reg extension).

Step 4: Right click on the .reg file and choose Merge. Next, confirm any warning prompts to add the information to the Registry Editor.

And Finally…

The next time you insert a flash drive, CD, DVD or other removable disk into your computer, Windows will not execute the information on any AutoRun file that may be present. Naturally, taking those steps means the next time you put a game or installer disk into your CD or DVD ROM drive, the software will not launch automatically. You will have to do it manually. The benefit is big though! If you ever happen to insert another malicious disk into your computer, your system will have no choice but to fight it. Now, that’s bliss!

~ Zahid H. Javali