Disable autorun/autoplay property
Posted by Piyush in 
Disabling Autorun Property
To disable autorun using Group Policy Editor Start ? Run ? gpedit.msc
Go to Computer Configuration ? Administrative Templates ?System
Double-click Turn off Autoplay
Select Enabled Turn off Autoplay on = All Drives
Start ? Run ? Regedit
Go to HKEY_CURRENT_USER ? SOFTWARE ? Microsoft ? Windows ?CurrentVersion ? Policies ? Explorer ? NoDriveTypeAutorun
Set the following value NoDriveTypeAutorun = FF (Hexadecimal) or 255 (Decimal) Disables AutoRun on all kinds of drive
To disable autorun of CD drive Start ? Run ? Regedit
Go to HKEY_LOCAL_MACHINE ? System ?CurrentControlSet ? Services? CdRom
Set following values AutoRun = 0 (to disable autorun on CDs) AutoRun = 1 (to enable)
Hold on SHIFT key while inserting CD in CDROM
Safely Remove/Delete autorun.inf file
Safely Remove Autorun.inf
Start ? Run ? cmd
Type
c:\Documents and Settings\abc\>x:
x:\>dir /a autorun.inf
Check if the autorun file exists
If yes, then change the attributes of the file by typing
x:\>attrib autorun.inf -R -H -S
Now you will be able to see the autorun.inf file visually in Windows Explorer.
View the contents of autorun.inf (using the safe method mentioned above), before you delete them.
Delete the file by typing
x:\>del /P /F /A autorun.inf
If you are unable to delete the autorun.inf file
or
the autorun.inf file appears again and again.
Then you can conclude that your system is infected by some virus.
In such case you have to remove the virus from your system then only you can get rid of this autorun.inf.
Precautions while using pendrives
Precautions
- Double-clicking a drive may infect your computer with the virus on the drive.
- Even
Right-click?OpenorRight-click?Exploremay lead to the virus infection. - If you think that autorun.inf can infect only if its in the root folder of a drive, then you are wrong. Think again. Even network drives have autorun properties. A network drive linked to a folder, containing an infecting autorun.inf file, on a network behaves the same way, when you double-click the drive.
Using Autorun.inf Folder
If you create a folder named AUTORUN.INF in the root directory of a drive, most of the viruses are unable to delete such folders to replace with their own infecting autorun.inf file, this is possible because almost all the virus programs have codes to replace/delete the autorun.inf file and not the folder. You may be safe for sometime, but not longer until a better virus breaks in.
Best Practices
- To view files inside a drive to use the tree-view of Windows Explorer.
My Computer?View?Explorer Bar?Folders
Click on the removable/pendrive on the left side tree-view folder panel to explore, instead of double-clicking the drive. - Typing the drive name on the address-bar of Windows Explorer.
My Computer? click on Address Bar ? Typex:\
How to view contents of Autorun.inf file
Old Practice/Risky Technique:
Type x:\autorun.inf in the address bar of windows explorer. This will open the autorun.inf file in a notepad if it exists.
What’s the problem?
If there exists a virus file named autorun.inf.pif it will get executed.
How to safely view the file?
Safe Method: Start ? Run ? notepad File ? Open ? "x:\autorun.inf"
Autoruns