How to Disable AutoRun.inf?
Nick Brown came up with a solution to prevent AUTORUN.INF files from being used on a PC, from any medium. This method involved using an initialisation file mapping, to create a mapping between the AUTORUN.INF initialisation file and the Registry. IniFileMapping is a key which tells Windows how to handle the .INI files which those applications typically used to store their configuration data (before the registry existed).This procedure relied on the fact that an autorun.inf file is a standard Windows INI file and so the appropriate API calls are used by Windows, when fetching its settings. These API calls can be redirected using the INI file mapping method. In this case, it says “whenever you have to handle a file called AUTORUN.INF, don’t use the values from the file. You’ll find alternative values at
HKEY_LOCAL_MACHINE\SOFTWARE\DoesNotExist.” So how is this done?
Create a Registry file with the following contents and save it as DISABLEAUTORUN.REG.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"
Double click DISABLEAUTORUN.REG to make the relevant changes to Windows Registry. Now whenever Windows tries to read a file called “autorun.inf” using the INI programming calls, it is forbidden from reading from the actual file. Instead, all settings are read from the HKEY_LOCAL_MACHINE\Software\DoesNotExist Registry key. As this key does not exist, it is as if the autorun.inf file contains no settings information. This applies to any autorun.inf in any location and on any drive.
The only drawback with this approach is you need to manually trigger the setup program in any inserted CD or USB Stick. But isn’t it better to live with this than with AutoRun viruses?
source: JomBlajar
0 comments:
Post a Comment