Stop Windows From Executing Instructions Found In AUTORUN.INF
Author: Raymond22 Apr
I’ve never had any antivirus installed in my computer because I am confident that it won’t be infected by viruses as I am always very careful on the files downloaded from Internet. After so many years of using the computer, so far only 3 times my computer has been infected by virus and believe it or not, all 3 times are infected from USB flash drive. The virus that I encountered infects all executable files in my flash drive, then creates a hidden autorun.inf file at the roof of the pendrive.
In my opinion, the autorun.inf file that is placed at the root of drive is pretty useless and Microsoft shouldn’t have introduce this feature. It is intended as a convenience where an installer can automatically start when the disc is inserted. However, autorun can pose a security threat, when the user does not expect or intend to run the software, such as in the case of some viruses, which takes advantage of this feature to propagate. A feature in Windows has became a flaw…
Turning AutoPlay off is not a solution because when you open the drive from My Computer, Windows will still execute the instructions found in autorun.inf. Here is the solution to this problem to this Windows flaw.
There is a difference between AutoPlay and AutoRun. AutoPlay is when you insert a USB flash drive, you get a dialog box that ask you what do you want Windows to do.
As for AutoRun, it will run an executable file instructed by autorun.inf file. There’s no chance for you to Cancel autorun at all. Microsoft way of disabling autorun is editing the NoDriveTypeAutoRun value from registry. However, this is hard to do in practice. First, it’s a per-user key, which in a corporate environment is harder to manipulate reliably than a per-PC key. Secondly, there are several bugs known for it. And thirdly, a little-known registry key called MountPoints2 contains cached information about every memory stick or other removable device which your PC has ever seen, and that overrides the NoDriveTypeAutoRun value if you insert a volume which the PC already knows about.
Here is the registry key that you should use to globally block autorun.inf. Open notepad or any text editor, copy the text below and save it as NoAutoRun.reg. Make sure the extension is .reg and not .txt. Run it and click Yes if you’re asked “Are you sure you want to add the information in C:\NoAutoRun.reg to the registry?”
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"
This hack tells Windows to treat AUTORUN.INF as if it were a configuration file from a pre-Windows 95 application. The next time you insert a flash drive, CD, DVD, or other removable disc into your system, Windows will not execute the information in any autorun.inf file that may be present. This is a great method to prevent Windows from being infected by virus through autorun.inf method without installing any security software. The only downside of this is that if you insert a CD or DVD with software on it, you have to explore it by hand to find the setup program which I think isn’t a big deal compared to being infected by virus and having to spend hours to scan and clean it.
Technorati Tags: autorun, autoplay, virus, security, windows
: Copying this article to your website is strictly NOT allowed. However, if you like this article, you can use the HTML code below to directly link to this article.
Related Articles
Protect Windows From USB Autorun.inf Virus With USB Firewall One Click to Protect Your Computer Against USB Virus Have Your Missing or Lost USB Flash Drive Returned Back To You Prevent Spread of Viruses through Removable Drives with iKill Schedule BitTorrent to Automatically Start and Stop Downloading Download from RapidShare Without Limit with Premium Link Generator How To Disable, Uninstall or Remove Windows Defender in Vista
Top incoming search terms for this post
stop autorun.inf - how to stop autorun.inf - autorun inf registry - stop autorun - how to stop autorun.inf virus - how to stop autorun - block autorun - disable autorun.inf registry - prevent autorun.inf - how to block autorun - IniFileMapping\Autorun.inf - autorun block - how to prevent autorun.inf - stop autorun.inf from running - inifilemapping autorun.inf - autorun.inf registry - autorun.inf doesnotexist - prevent autorun.inf virus - autorun.inf registry key - disable autorun.inf regedit - how to stop autorun of pen drive - registry autorun.inf - block autorun.inf - preventing autorun.inf - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf - how to stop autorun virus - autorun.inf virus registry - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf] - force delete autorun.inf - autorun - noautorun.reg - stop autorun usb drive - autorun.inf inifilemapping - how to kill autorun.inf - regedit autorun.inf - autorun.inf - disable usb autorun inf - disable autorun.inf usb - autorun.inf regedit - blocking autorun.inf - how to stop pen drive autorun - block autorun - how to stop autorun in pen drive - stopping autorun.inf - registry hack which will stop Windows from executing instructions found in autorun.inf. - disable autorun - Autorun.inf hack - disable usb autorun.inf - stop running autorun.inf - stop executing autorun.ini -
Categories
Recent Comments
- tomasson: I see many people use
- Anonymous: Thany you soo much
- Tebas': Muito obrigado, solucionou o problema
- twinkle tyagi: where i can learn to
- Amit: usb not recognized error windows
- thami: plz raymond send me a
- kadidi: Hi people!!!! How do i remove
- sunny jain: thanks umair...
- RONIL: where did you get the
- Suvi: Thank you so much!! I
Have computer technical problems? Get FREE help from Raymond.CC FORUM
50 Responses for "Stop Windows From Executing Instructions Found In AUTORUN.INF"
why don’t you use anti virus software. you should use anti virus software.
Thanks Raymond! So this is to disable the AutoRun from USB/CD/DVD but what if i am gonna enable it back?
Hi!
Thank you for this very useful tip. Can you please tell me this also:
After once we have done this, suppose if we want to go back to the old status of allowing AUTORUN.INF to run, how do we do this?
Thanks!
hi there, thanks for all your tips. there is another method to avoid this problem, if u search internet for “flash disinfector” u will find a program that create a little autorun.inf that cannot be modified in every drive, so u can still use the autorun feature in cds
Again thanks
If you hold shift upon inserting dubious media, and also in my computer: right click and select open, rather than the bold option. Will you be safe from autorunning virii?
@dom: I don’t use antivirus because I don’t like false positives and also the slowing down of my computer.
@Deacon and Saral: To re-enable back, open regedit, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping and delete the Autorun.inf key.
@iomicifikko: A good trick on flash disinfector. I once noticed that I had an autorun.inf folder at the root of my drive created by flash disinfector. Tried to delete but unable to. I then used Unlocker which it successfully removed it.
@Ian: Hold shift will prevent cd autorun. Right click and select open on usb drive will not necessary prevent autorun. The below command will run the virus when you right click on the flash drive letter and select open.
shell\open\command=virus.exe
shell\open=Open
Thanks for all your suggestions. I was looking for a fool proof way in case I forget to be cautious.
Thank You! Thank You! Thank You Raymond!
Best Blog Eva!!!
Hey Ray, thanx again for the neat info, but I found it strange that you don’t have an AV, it’s pretty hard for me to survive without one, how do you hack it??
nice one thank you
When I ran the file I received the message \”… NoAutoRun.reg: The specified file is not a registry script. You can only import binary registry files from within the registry editor.\”
Thanks for this great info
smart one there on the NoAutoRun.reg stuff. Again thx 4 a wonderful blog.
but tell me, how do i flush out the bugs in the System Volume Information folder!!!
all this time i have been Complaining about Mcaffee using 125 megs and Raymond doesn’t even use AV lol Maybe i should try it . But i D/L alot form the net.Surely Raymond you msut use a spyware program or something. That really seems to be my biggest threat is Spyware and tracking cookies
Thanks Ray!!!!
Your tip is very useful…great!!!
Thank you… this will help very much indeed. b4 i didn’t noticed theres diff in autorun & autoplay so i treat it as same func. thanx again.
Thanks Raymond
Good Information.
Thanks A lot
Hey Raymond…
Nice post there..
However, one problem remains.. the autorun.inf file in the root directory of the flash drive.
This file is NOT deleted by the antivirus even though the virus has been neutralised.
Here’s the tip to delete the autorun.inf file (which restores your USB Drive to normal when ‘Right Clicked’)…
Start -> Run -> Type ‘cmd’ (without quotes)
Type your drive letter (suppose Drive D is infected)
Type ‘D:’ (Press Enter)
Type the following:
“del /f /q /a s r h autorun.inf” (no quotes)
What does it do?
It instructs the system to
/f -> Force Delete
/q -> Quite Delete (no prompt)
/a -> Outline Attributes (s=System, r=Read Only, h=Hidden)
Since the virus has been neutralized, it’ll be removed permanently and not replaced or copied again.
To see the changed effects in the right click menu, simply plug your USB flash drive again or restart your PC (in the case of internal partition being infected)
Heh.. hope that was useful to some of you
With all the free antivirus that you have supplied us before, you should get one for your computer too Raymond. Lol!
Well, i use NOD32 and in my experience it can pretty much handle the Autorun.ini problem by itself and its not heavy on the system anyway.
WIN WIN situation for me.
u dont use AV?!
wow lol
at least i hope u run a free online virus scan of your c drive every few days just to check?
i dont know yet if u are brave or stupid, but after being \\\\\\\”brave\\\\\\\” before, thinking i could do without as an IT expert, it bit me in the ass. And for a really pretty small system overhead on say a 5ghz system these days, is it worth being without? u can always temporarily disable real time scanning etc.
You could also use TweakUI from Microsoft to turn off Autorun on removable devices
Maybe some of you missing the point of this tips.
By doing this, it remove any possibility of any virus infection via flashdrive (new, old, future) that use autorun.inf to run.
And doing it with just a plain notepad. no other software needed (tweakui, etc)
I install kaspersky, but most of the time, i disable it. unnecessary to run it all the time as i am very confident of my action and dont need protection all the time. But i don’t recommend anyone to do what im doing.
How can I get the previous registry information after this modification
Raymond
to avoid virii infections.
you a MAster … I dont use antivirus at all, and this was ecxactly what a was looking for
I search for 2 hrs on microsoft and everything wikes , cause the NoDriveTypeAutoRun and the NoDriveAutoRun leave the manual autorun infeccious .. THANKYOU VERY MUCH,, I don know haw you realize this but it works
Raymond….finding this website and this information, ie this tweak and disk heal has saved my rear hindquaters. Thanks so much.
Hello Raymon!
I already used the script you gave us, in my two computers with windows XP sp2. In one, it worked, but in the other the autorun is still enabled. I don’t know why!
Nice articles
Great work!
One of the user posted that right click and open and you have mentioned that it will still infected, I wonder if I right click and Explore, will that execute the autorun.inf file too? As I saw from some site mentioned that explorer is a safe way to prevent the autorun.inf been executed.
It is an useful knowledge. Thx a lot, Raymond!!
Hello Raymond, I’m new here, and I want to thank you for this very useful information, however, I still have some specific questions…
1) If I use this key (to disable Autorun), will Autoplay still be on?… Or is it better if I disable both? (I assume that Autoplay is not the enemy here, and if I kill Autorun, I can access my flash drive from Autoplay at any time)
2) If I use this key, and THEN open any trusted software with Autorun in it, can I choose to run it? or it definitely kills all Autorun? (even from a consious choice of executing it?)
Thanks a lot!!!
Working REG file, Tray 2:
=================================
Windows Registry Editor Version 5.00
;Total disable with hack
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\IniFileMapping\\Autorun.inf]
@=\”@SYS:DoesNotExist\”
; Some blank rows
=================================
Hint: quotes
my regedit version is 5.1 so can you tell me what addition to the code should i do so that this code run on my computer
One reason for not using antivirus:
It slows down your computer by consuming RAM, CPU and it searches your harddisk.
When I get a virus I download the 30-day trial of Kaspersky antivirus and scan and remove the virus.
But most people that don’t have a good firewall (i use Windows firewall + WLAN Firewall) should get the antivirus.
I\’m using Kerio-firewall, the unlimited 4.1.3 free version that\’s not downloadable anymore… but you can find it in some places….
It blocks ALL programs from executing unless you agree, BUT (unlike in VISTA you can remember your action, and it will also notice if the program has changed (size/date?).
Except for being an outstanding firewall (i\’ve never gotten anything more then tracking cookies in 5 years time)
this feature is GREAT.
some other antivirus programs have this function, but they are usually much bigger. Kerio is 5-7mb (depending on version)
It does need to learn to handle the program (making special rules is neccessary for programs that use dynamic incomming connections with portnumbers over 30000, like: Skype, Windows messenger, ?Utorrent, Emule) but after making a special rule it\’s fine.
it can show you all the ipadresses you connect to if you click on the + signs in the overview tab.
Also you can disable it with gpedit.msc
hi
i hav come across a severe prob in my sys.plz help me out. i got dis autorun.inf in my d drive n c drive am unable to get over it inspite of using antivirus.plz can u drop me da solution 4 it?
hi,
Does this mean it is possible for someone to go up to a computer that is turned on but is in standby mode (with only the login screen visible) – connect a malicious USB drive and basically disable the person\\\’s computer?
It\’s pretty good tip for every windows XP users. But if your windows XP already infected with intelligent virus then it can\’t help to you. It will forever cheat you. You can\’t manually delete autorun.inf, ini or edit registers. I think you better use antivirus program or otherwise boot… I better won\’t tell this because Microsoft doesn\’t this like it. By the way antivirus programmers also the biggest silent virus spreaders to the world and microsoft always happily supporting them. Microsoft always hiding the truth.
Try it…
===================================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\\\\SYSTEM\\\\CurrentControlSet\\\\Services\\\\Cdrom]
\\\”AutoRun\\\”=dword:00000000
[HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\policies\\\\Explorer]
\\\”NoDriveTypeAutoRun\\\”=dword:000000ff
[HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\IniFileMapping\\\\Autorun.inf]
@=\\\”@SYS:DoesNotExist\\\”
=======================================
Hey, Raymond!
Thanks a lot for the useful advice! I spent some hours trying to clean my pc, and your solution is so simple and works perfectly. My flash drives are clean now
I believe all the downfalls of turning off the autorun are nothing compared to the damage such a virus can do to the regular users like me. I have had a lot of trouble with other viruses in the past but this was my first one on a flash, and it caught me unprepared.
I use this:
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@=”@SYS:DoesNotExist”
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
“NoDriveTypeAutoRun”=dword:000000FF
Hi Raymond,
I’m getting the following message whenever I perform any entry
“The application or DLL c:\WINNT\System32\nonanuku.dll is not a valid Windows image. Please check this against yout installation diskette.”
Is this some kind of virus. Thank you.
Can you provide a reg file to reverse the edit in case someone likes the autorun? – thanks
Hi Raymond,
i have no idea what you sent me, but no key for Kaspesrsky 2009.
never mind, thank you.
thanx raymon this very usefull for my PC coz my friend always plug and unplug his flasdisk on my PC everyday.
that’s posibble to virus in
I was plagued by these things on six different USB sticks used between home and work. Both computers infected… what a mess. I finally reinstalled Windows XP Pro, but I was afraid to use the flash drives.
How can you detect and remove invisible files from the root of a flash drive? That one’s easy!
I downloaded the free SliTaz Linux operating system that runs from RAM, and burned the image to a CD.
http://www.slitaz.org/en/
Then I booted from the Linux SliTaz CD and examined all my USB drives with the Linux file manager. GOOD LORD! There were virus files in all the roots, that were hidden to windows, but quite visible to Linux OS. Some drives had two, one had five of these. Each file had a safe sounding name like rundll.exe. Each file was exactly the same size, about 45 Kb. I was able to delete all these with Linux file manager. But I still have not connected any of the flash drives to my newly installed Windows XP system. Call me superstitious
More bad news. You say the virus may infect every Executable file on a flash drive? Some of mine have many exe files. I just disabled autoplay from gpedit.msc. And I will never open drives from My Computer. I put Windows Explorer on the Quickstart bar, for convenience, dragging it from Programs.
Thanks- this is useful, but after I did it, my ACER couldnt see my camera at all, except in file manager (camera wizard that is). And I can’t boot up onto an AV boot disc- it ain’t seeing the CD drive. Now, I also had Kapsersky shut off Autoplay in their vulnerability check, so not sure which is causing the problem. How do you force it to boot up a CD? Delete autorun.inf key to restore the default? And it will be recreated??
Please be more specific.
I have no Windows NT under that registry address, WINDOWS/CURRENT VERSION/ has no IniFileMapping key. If I don’t have these keys (home XP SP3 on Acer AMD Turion-32), where did your regit get installed, which it seemed to do successfully. If you have such a powerful hack, you must have clear reversal instructions. If my disc goes down and I can’t boot from anything, I am screwed.
I listed this on a big AV sequential virus prevention + removal instructions, but it seems a little dangerous
I just want to to autoboot from CD’s (which I specified in the boot order)
its not working. i tried it again and again
its a great tips it not have to used any antivirus thrust me i do partical
#
Maxa January 15th, 2009 at 7:19 pm 38
Try it…
===================================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\\\\SYSTEM\\\\CurrentControlSet\\\\Services\\\\Cdrom]
\\\”AutoRun\\\”=dword:00000000
[HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\policies\\\\Explorer]
\\\”NoDriveTypeAutoRun\\\”=dword:000000ff
[HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\IniFileMapping\\\\Autorun.inf]
@=\\\”@SYS:DoesNotExist\\\”
=======================================
#
Can someone explain the difference in this version? Is this more secure? What changes are made?
Leave a reply