is a text-based configuration file that provides instructions for the autorun feature and contains instructions for the operating system. Essentially it tells the operating system which executable to start, which icon to use, and which additional menu commands to make available. When a computer detects a removable device, it searches for the autorun.inf file for further instructions and writes the values in the MountPoint2 registry key. This registry key holds cached information on every device ever connected to the computer.
Flash (usb, pen, thumb, jump) drive infections usually involve malware that modifies and loads an autorun.inf
(configuration) file into the root folder of all drives
(internal, external, removable) along with a malicious executable. When removable media such as a CD/DVD is inserted (mounted), autorun looks for autorun.inf and automatically executes the malicious file to run silently on your computer. In USB drives, it modifies Windows Explorer's right-click context menu and redirects to executing the malicious file if the "Open" command is used or double-clicking on the drive icon. When a flash drive becomes infected, the Trojan will infect a system when the removable media is inserted if autorun has not been disabled. Microsoft Security Advisory (967940): Update for Windows AutorunHow can I prevent users from connecting to a USB storage device?
Alternatively, you can download and use Panda USB Vaccine
. Computer Vaccination will prevent any AutoRun file from running, regardless of whether the removable device is infected or not. USB Vaccination disables the autorun file so it cannot be read, modified or replaced by malicious code. The Panda Resarch Blog
advises that once USB drives have been vaccinated, they cannot be reversed except with a format
. If you do this, be sure to back up your data files first or they will be lost during the formatting process.