From US-CERT Technical Cyber Security Alert TA09-020A

Microsoft Windows includes an AutoRun feature, which can automatically run code when removable devices are connected to the computer. AutoRun (and the closely related AutoPlay) can unexpectedly cause arbitrary code execution in several situations:such as loading a CD or DVD or attaching a USB or Firewire device. Malicious software, such as W32.Downadup are using this feature to spread. Microsoft's guidelines for disabling AutoRun are not fully effective.

To effectively disable AutoRun in Microsoft Windows, import the following registry value:

REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"

To import this value, perform the following steps:

* Copy the text
* Replace the smilie with a colon and upper case D if it doesn't convert automatically
* Paste the text into Windows Notepad
* Save the file as autorun.reg
* Navigate to the file location
* Double-click the file to import it into the Windows registry

Reboot Windows to purge previously cached mount points