Microsoft Windows Does Not Disable AutoRun Properly

[jerryctx]

From US-CERT Technical Cyber Security Alert TA09-020A

Microsoft Windows includes an AutoRun feature, which can automatically run code when removable devices are connected to the computer. AutoRun (and the closely related AutoPlay) can unexpectedly cause arbitrary code execution in several situations:such as loading a CD or DVD or attaching a USB or Firewire device. Malicious software, such as W32.Downadup are using this feature to spread. Microsoft's guidelines for disabling AutoRun are not fully effective.

To effectively disable AutoRun in Microsoft Windows, import the following registry value:

REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"

To import this value, perform the following steps:

* Copy the text
* Replace the smilie with a colon and upper case D if it doesn't convert automatically
* Paste the text into Windows Notepad
* Save the file as autorun.reg
* Navigate to the file location
* Double-click the file to import it into the Windows registry

Reboot Windows to purge previously cached mount points

[jdc2000]

Code:

REGEDIT4 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"

[lgbpop]

All of the existing keys in my IniFileMapping are .ini values; is this one supposed to be autorun.ini or .inf?

[jerryctx]

.inf

[SpywareDr]

Tip: To disable smilies in your Post, click "Go Advanced" under the "Quick Reply" box. Then down in "Additional Options", (under the "Reply to Thread" box), select the "Disable smilies in text".

[SpywareDr]

How to correct "disable Autorun registry key" enforcement in Windows
http://support.microsoft.com/kb/953252

[jerryctx]

Thanks Doc. I knew the option was available. I just couldn't find it at the time.

As to Microsoft's instructions, CERT's are much simpler.

[SpywareDr]

Know what you mean. Been there.