Home > Uncategorized > How to disable Autorun, AutoPlay and EDDC (avoid infection from USB Memory Stick worms)

How to disable Autorun, AutoPlay and EDDC (avoid infection from USB Memory Stick worms)

A good way to disable AutoRun and EDDC (Execution of the Drive’s Default Command [e.g. upon double-clicking the drive icon]) at Microsoft Windows is the following one:

Create and save using Notepad’s "Save As…" command) a text file named NoAutorun.reg (any filename with .reg file extension will do) with the following contents:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]

Then close Notepad and double-click on that file, replying Yes when asked to merge that file contents into the Windows registry (where the Windows OS [Operating System] keeps most of its settings). This will tell Windows to treat Autorun.inf as a Windows 3.x configuration file and ignore values in it, reading replacement values from the registry key HKEY_LOCAL_MACHINE\SOFTWARE\DoesNotExist, which does not exist, so nothing gets read from there.

In fact I’d suggest you use "@SYS:DoesNotExistSomeRandomNumberHere", replacing "SomeRandomNumberHere", in case the above trick becomes common practice and malware start creating that non-existent key and adding values to it, leaving the user with a fake feeling of security.

Useful references:

  1. Nick Brown’s blog- Memory stick worms (Nick Brown is the inventor of the trick mentioned above).
  2. One quick trick prevents AutoRun attacks (Some more explanation of this trick).
  3. Dan McCloy’s Autorun Reference Guide (Also mentioning the classic way to disable AutoRun and AutoPlay [which fails to disable EDDC], and the AutoRunGuard tool to run custom scripts [e.g. a virus scanner] upon connection of a removable drive, and the related USBVirusScan and USBDLM tools).
  4. How to Disable Autorun (Also listing some other method to disable AutoRun, involving a Microsoft patch and some system policy changes [although I couldn’t spot those policy entries at Windows XP Pro]).
  5. Autorun – Turn On and Off, Enable, Disable (This one explains how to disable AutoRun using the Windows Registry Editor [RegEdit.exe] – note that this method fails to disable EDDC which is what most memory stick viruses use to infect a machine when you double-click to open the removable disk in Windows Explorer).
  6. How To Disable ‘Autorun.Inf’ To Prevent Virus Attack Computer. ~ WongSK Blog (This one lists an alternative method to disable the attachment of AutoRun menu entries at a removable drive’s popup menu [including the menu’s default command – the EDDC – that gets executed upon double-clicking the drive] by using the registry editor to change registry access rights for the HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 key).
  7. You can also read some information from Microsoft Support on how to disable the Autorun functionality in Windows (may be confusing to most users though).

In fact I’d suggest employing all the methods mentioned at #1 (with the random key variation I suggested above), #5 and #6 above (maybe also install the Microsoft patch mentioned at #4 [and the policy changes if you can spot those policy entries in your system] and #7), for extra safety.

Categories: Uncategorized Tags:
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: