Autorun

Autorun is a feature of Windows Operating System generally used by CD’s to automatically load desired application when you insert the CD or double-click the CD drive. This feature is exploited by virus writers to spread virus via removable drives, so that when you double-click your removable drive (pen drive, thumb drive, usb mass storage devices, mobiles, digital camera, etc.), the desired virus application runs on your system without your knowledge and infects your computer.

You always have questions like:
What is autorun.inf?
Is autorun.inf a virus?
How is autorun.inf help virus to execute?
How to use safely view files inside a removable drive or pendrive?
How to safely remove autorun.inf file?
What are the precautions measures?
Does autorun.inf folder really prevents virus infection?
How Right click and Explore on removable drive can still infect your system?
How to create your own autorun.inf file for CDs?

Autorun.inf

This is a configuration file that has the instructions to be performed when you double-click / right-click the drive icon.

It may also contain information about the icon of the drive.

This file can be found in the root directory of the removable drive or CD drives. E.g., “E:\autorun.inf”

Most people think it’s a virus, but it’s not. But it is of great help for the spread of virus. It is effective only if there also exists some infecting virus file along with it. All alone, this file is harmless. The only use of autorun.inf to to execute the targeted virus file.

Autorun.inf controls the following

-Icon of the drive
-Double-click
-Right-click menu
-Autoplay
-Autoplay menu

Safely Remove Autorun.inf

Start » Run » cmd
Type
c:\Documents and Settings\abc\>x:
x:\>dir /a autorun.inf
Check if the autorun file exists
If yes, then change the attributes of the file by typing
x:\>attrib autorun.inf -R -H -S
Now you will be able to see the autorun.inf file visually in Windows Explorer.
View the contents of autorun.inf (using the safe method mentioned above), before you delete them.
Delete the file by typing
x:\>del /P /F /A autorun.inf

If you are unable to delete the autorun.inf file
or
the autorun.inf file appears again and again.
Then you can conclude that your system is infected by some virus.

In such case you have to remove the virus from your system then only you can get rid of this autorun.inf.

Precautions

1. Double-clicking a drive may infect your computer with the virus on the drive.
2. Even Right-click » Open or Right-click » Explore may lead to the virus infection.
3. If you think that autorun.inf can infect only if its in the root folder of a drive, then you are wrong. Think again. Even network drives have autorun properties. A network drive linked to a folder, containing an infecting autorun.inf file, on a network behaves the same way, when you double-click the drive.

Using Autorun.inf Folder

If you create a folder named AUTORUN.INF in the root directory of a drive, most of the viruses are unable to delete such folders to replace with their own infecting autorun.inf file, this is possible because almost all the virus programs have codes to replace/delete the autorun.inf file and not the folder. You may be safe for sometime, but not longer until a better virus breaks in.

Best Practices

1. To view files inside a drive to use the tree-view of Windows Explorer.
   My Computer » View » Explorer Bar » Folders
   Click on the removable/pendrive on the left side tree-view folder panel to explore, instead of double-clicking the drive.
2. Typing the drive name on the address-bar of Windows Explorer.
   My Computer » click on Address Bar » Type x:\

Old Practice/Risky Technique:
Type x:\autorun.inf in the address bar of windows explorer. This will open the autorun.inf file in a notepad if it exists.
What’s the problem»
If there exists a virus file named autorun.inf.pif it will get executed.
How to safely view the file?
Safe Method:
Start » Run » notepad
File » Open » x:\>autorun.inf