Keeping Autorun enabled
on USB and other removable drives has become a significant security risk
due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
These types of infections usually involve malware that modifies and loads an autorun.inf
(configuration) file into the root folder of all drives
(internal, external, removable) along with a malicious executable. When removable media such as a CD/DVD is inserted (mounted), autorun looks for autorun.inf and automatically executes the malicious file to run silently on your computer. In USB drives, it modifies Windows Explorer's right-click context menu and redirects to executing the malicious file if the "Open" command is used or double-clicking on the drive icon. When a flash drive becomes infected, the Trojan will infect a system when the removable media is inserted if autorun has not been disabled.
ComboFix automatically disables autoruns
the first time it is used. Since malware writers have begun to exploit the autorun/autoplay feature, the author of ComboFix, in an effort to help protect your computer from becoming infected via that avenue, configured ComboFix to disable it. Many security applications disable this feature as well and even Microsoft recommends doing the same
Microsoft Security Advisory (967940): Update for Windows Autorun
...Disabling Autorun functionality can help protect customers from attack vectors that involve the execution of arbitrary code by Autorun when inserting a CD-ROM device, USB device, network shares, or other media containing a file system with an Autorun.inf file...
Disabling autorun/autoplay does not
prevent you from accessing your media sources. They are still available by opening My Computer and accessing the source drive (CD, DVD, USB or external hard drive). Pictures on a camera can still be accessed through My Pictures and selecting "Get Pictures" from a scanner or camera. Media can be accessed via the program you normally use it with such as music CDs via Media Player, blank CDs via burning software, image handling software provided with the camera. We strongly recommend you leave the autorun feature disabled
and get into the habit of accessing your media devices manually.How To Enable/Disable Autorun (Windows XP)
- Open Windows Explorer by pressing the Windows + "e" key
- Right-click the desired CD-ROM and select Properties from the menu.
- Select the AutoPlay tab.
- Select each item from the pulldown list and for the Action to perform, select "Take no action" to disable autorun, or pick the apporpriate action to take if enabling autorun.
- Select OK.
Edited by garmanma, 06 March 2010 - 08:57 PM.