Tuesday, December 4, 2007

Prevent autorun.inf Viruses from Infecting Your Pc

Prevention is better than cure.

Here are some examples of autorun viruses which rely on the autorun function of Windows to infect PC’s and flash drives.

Funny UST Scandal.avi.exe (latest one in the Philippines)
Autorun.vbs
win32.autorun.k
copy.exe
imgkulot
taga lipa are
autorun.vbs
recycler
FS6519.dll.vbs
strawberry from baguio
W32/Perlovga (copy.exe | host.exe)
VBS_RESULOWS.A (Hacked by Godzilla, Hacked by Moozilla)
Bha.dll.vbs
w32automa worm (Autorun.vbs)
Trojan.Win32.VB.atg | Win32/Dzan | Worm_vb.bnr (tel.xls.exe | mmc.exe)
W32/RJump.worm (RavMonE)
Worm.Win32.Delf.bf | W32.Fujacks (spoclsv.exe)
W32.Fujacks.BH (Fucker.vbs)
WORM_AGENT.PGV (soundmix.exe)
W32/Hakaglan.worm (RVHost.exe)
Trojan.Win32.VB.ayo [AVP] (Macromedia_Setup.exe)
Trojan.VBS.DeltreeY.b#1 (Destrukto!!! | destrukto.vbs)
etc.


To prevent these kinds of viruses on infecting your PC, you need to disable autorun function in your computer, unfortunately, just shutting down autoplay is not a fix. You might think that you could protect yourself from AutoRun by adding two (2) keys to your Registry (NoDriveAutoRun and NoDriveTypeAutoRun) but these keys can be overridden by some programs.


Solution is here:

1. Start Notepad [Start Menu-All Programs-Accessories-Notepad] or right-click any empty space in your desktop then select New-Text Document
2. Copy the following text. (note: Everything in between the square brackets should be in one line)

REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"


3. Save the file with a name (anything) like DisableAutoRun.reg (The extension .reg is the important part)
4. Double Click your newly created registry file. Choose yes or continue to the warning that will appear.

Credits goes to: OverBurned Thanx man

4 comments:

burning shadow said...

Thanks, this is what I was looking for! :)

Anil said...

even if u diable autorun.inf if u still clicm on the drive the virus will execute.. some virus even run the virus when u click on open 2..

Check out this link for more info for a work aorund this as i previously mentioned
http://13r4v0.blogspot.com/2008/07/contaning-spread-of-usb-viruses.html

Chummy said...

i tried it and it works but another thing, autorun.inf (also with a hidden folder called "driver")keeps reattaching to my USB even if i have deleted manually and also applied ur technique, the virus just keeps coming back...any tips?

Assumpta said...

Hi there, just wondering how the disable autorun can be undone? My mobile broadband connection does not seem to be working properly since I executed it. I can get it connected but it keeps going down