Even if you were not infected via autorun this time, please be aware that:Keeping Autorun enabled
on USB (pen, thumb, jump) and other removable drives has become a significant security risk
due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
These types of infections usually involve malware that modifies and loads an autorun.inf
(text-based configuration) file into the root folder of all drives
(internal, external, removable) along with a malicious executable. When removable media such as a CD/DVD is inserted (mounted), autorun
looks for autorun.inf and automatically executes the malicious file to run silently on your computer. For flash drives and other USB storage, autorun.ini uses the Windows Explorer's right-click context menu so that the standard "Open" or "Explore" command starts the file. Malware modifies the context menu (adds a new default command) and redirects to executing the malicious file if the "Open" command is used or double-clicking on the drive icon. When a flash drive becomes infected, the Trojan will infect a system when the removable media is inserted if autorun has not been disabled.
ComboFix automatically disables autoruns
the first time it is used. Since malware writers have begun to exploit the autorun/autoplay feature, the author of ComboFix, in an effort to help protect your computer from becoming infected via that avenue, configured ComboFix to disable it. Many security applications disable this feature as well and even Microsoft recommends doing the same
Microsoft Security Advisory (967940): Update for Windows Autorun
...Disabling Autorun functionality can help protect customers from attack vectors that involve the execution of arbitrary code by Autorun when inserting a CD-ROM device, USB device, network shares, or other media containing a file system with an Autorun.inf file...
Disabling autorun/autoplay does not
prevent you from accessing your media sources. They are still available by opening My Computer and accessing the source drive (CD, DVD, USB or external hard drive). Pictures on a camera can still be accessed through My Pictures and selecting "Get Pictures" from a scanner or camera. Media can be accessed via the program you normally use it with such as music CDs via Media Player, blank CDs via burning software, image handling software provided with the camera. We strongly recommend you leave the autorun feature disabled
and get into the habit of accessing your media devices manually.
If you are insistent on enabling Autorun be aware that future versions of ComboFix will not run properly, IF NEEDED, after a fix has been applied. If you're sure you will never become infected again and never be asked to use ComboFix by someone who is assisting you with malware removal, then enabling it is your choice to make.