Autorun or “Autoplay” are extended automatic functions. Windows looks in the disk’s root directory, finds, reads, and follows specific instructions defined in a text based configuration file, Autorun.inf. Spyware and trojans uses autorun feature to spread from removable drives to PC. I would recommend that you disable the autorun feature to prevent malware from spreading.
Use the following instructions to disable/enable the autorun feature.
1. Manually.
- Click Start -> Run.
- In the type box enter regedit and press Enter.
- In the left panel, navigate to:
HKEY_CURRENT_USER
Software
Microsoft
Windows
CurrentVersion
Policies
Explorer. - In the right-panel right click the value NoDriveTypeAutoRun and select Modify from the drop down menu. The base value will be set to Hexadecimal. If not, select Hexadecimal.
- To set default value (enable autorun).
Type 91 and click OK.
- To stop Autorun on removable/USB drives, but still allow it on CD ROM drives.
Type 95 and click OK.
- To disable autorun on all drives include harddrive.
Type FF and click OK.
- Close regedit.
- Reboot your computer.
2. Automatically.
- Click Start -> Run.
- Type notepad and press Enter.
- To set default value (enable autorun). Copy all the text below into Notepad.
Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091 - To stop Autorun on removable/USB drives, but still allow it on CD ROM drives. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000095[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000095 - To disable autorun on all drives include harddrive. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=dword:000000ff[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:000000ff - Save this as autorun.reg to your Desktop (remember to select Save as file type: All files in Notepad.)
- Double Click autorun.reg , click YES for confirm.
- Reboot your computer.
Note: Combofix can to disable the autorun feature of all CDs, floppies and USB devices
found it very useful
Ok, I was trying and this is my conclusion:
With 91×00 (Hex) the Autorun.inf (In the USB) isn’t executed.
With 95×00 (Hex) the Autorun.inf (In the USB) was executed.
With FFx00 (Hex) the Autorun.inf (In the USB) was executed.
I don’t know but I tried 6 times on a diferent USB ports, now I realize…that was the reason why I never get infected, because some fella (Me? I dont remember when) change it to 91×00.
Just checked:
91 (hex) autorun worked for USB
95 (hex) autorun disabled for USB
I tried to enable autorun on Vista and Win2k8 using these registry values but it didn’t work. Any suggestions on how can I enable auto run in vista and win2k8 ,
Do NOT use auto run in Vista and win2k8