Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Question about autorun/autoplay

  • Please log in to reply
2 replies to this topic

#1 Scott00


  • Members
  • 1 posts
  • Local time:03:52 PM

Posted 09 November 2009 - 08:57 PM


I have noticed that after Combofix has been run, it disables the autorun/autoplay feature within Windows.

After reading a number of posts on this forum, I have seen a few mods simply say "yup, it's been disabled...get used to it". Granted, they say it with more detail, but that is pretty much what they are saying.

I would like to know the steps to re-enable the autorun/autoplay functionality.

I understand that there is a risk associated with having autorun/autoplay enabled...but I can say without question that the spyware infection that I suffered from did in no way come from a CD/DVD or USB key. I do not use CDs/DVDs or USB keys from any outside source and am 100% confident that "if" I am infected with spyware/malware...it will not be from any sort of autorun/autoplay infected media.

Knowing this...I would like instructions on how to enable the functionality that Combofix has removed.

Thank you and I look forward to receiving the required steps associated with turning it back on.


BC AdBot (Login to Remove)


#2 garmanma


    Computer Masochist

  • Members
  • 27,809 posts
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:07:52 PM

Posted 09 November 2009 - 09:44 PM

I assume you read this:

How To Enable/Disable Autorun (Windows XP)
  • Open Windows Explorer by pressing the Windows + "e" key
  • Right-click the desired CD-ROM and select Properties from the menu.
  • Select the AutoPlay tab.
  • Select each item from the pulldown list and for the Action to perform, select "Take no action" to disable autorun, or pick the apporpriate action to take if enabling autorun.
  • Select OK.

Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 52,068 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:52 PM

Posted 10 November 2009 - 03:23 PM

Even if you were not infected via autorun this time, please be aware that:

Keeping Autorun enabled on USB (pen, thumb, jump) and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:These types of infections usually involve malware that modifies and loads an autorun.inf (text-based configuration) file into the root folder of all drives (internal, external, removable) along with a malicious executable. When removable media such as a CD/DVD is inserted (mounted), autorun looks for autorun.inf and automatically executes the malicious file to run silently on your computer. For flash drives and other USB storage, autorun.ini uses the Windows Explorer's right-click context menu so that the standard "Open" or "Explore" command starts the file. Malware modifies the context menu (adds a new default command) and redirects to executing the malicious file if the "Open" command is used or double-clicking on the drive icon. When a flash drive becomes infected, the Trojan will infect a system when the removable media is inserted if autorun has not been disabled.

ComboFix automatically disables autoruns the first time it is used. Since malware writers have begun to exploit the autorun/autoplay feature, the author of ComboFix, in an effort to help protect your computer from becoming infected via that avenue, configured ComboFix to disable it. Many security applications disable this feature as well and even Microsoft recommends doing the same.

...Disabling Autorun functionality can help protect customers from attack vectors that involve the execution of arbitrary code by Autorun when inserting a CD-ROM device, USB device, network shares, or other media containing a file system with an Autorun.inf file...

Microsoft Security Advisory (967940): Update for Windows Autorun

Disabling autorun/autoplay does not prevent you from accessing your media sources. They are still available by opening My Computer and accessing the source drive (CD, DVD, USB or external hard drive). Pictures on a camera can still be accessed through My Pictures and selecting "Get Pictures" from a scanner or camera. Media can be accessed via the program you normally use it with such as music CDs via Media Player, blank CDs via burning software, image handling software provided with the camera. We strongly recommend you leave the autorun feature disabled and get into the habit of accessing your media devices manually.

If you are insistent on enabling Autorun be aware that future versions of ComboFix will not run properly, IF NEEDED, after a fix has been applied. If you're sure you will never become infected again and never be asked to use ComboFix by someone who is assisting you with malware removal, then enabling it is your choice to make.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users