Autorun.inf is a text-based configuration file that provides instructions for the autorun feature and contains instructions for the operating system and many external hard drives...i.e. options for how to view the contents. Essentially it is a loading point that tells the operating system which executable to start, which icon to use, and which additional menu commands to make available. When a computer detects a removable device, it searches for the autorun.inf file for further instructions and writes the values in the MountPoint2 registry key. This registry key holds cached information on every device ever connected to the computer. For flash drives and other USB storage, autorun.ini uses the Windows Explorer's right-click context menu so that the standard "Open" or "Explore" command starts the file.
Autorun.inf can be exploited to allow a malicious program to run automatically without the user knowing since it is a loading point for legitimate programs. Such an exploit involves malware that modifies/loads an autorun.inf file into the root folder of all drives (internal, external, removable) along with a malicious executable. When removable media is inserted (mounted), autorun looks for autorun.inf and automatically executes the malicious file to run silently on your computer. Since autorun.ini can be a legitimate file which other legitimate programs depend on, the presence of that file may not always be an indication of infection. Usually when it is bad, there will be other signs or symptoms of infection to include other malicious files.
Note: Some usb protection tools will create a hidden "dummy" autorun folder/file with special permissions in each partition and every external drive that was connected when the tool was run. The dummy folder is inteded to provide some security against certain malware you may encounter but it's presence does not guarantee full protection.
USB Protection Tools:
- Ariad (AutoRun.Inf Access Denied)
- Windows USB Blocker
- McAfee VirusScan USB
- MCShield Anti-Malware Tool
- Autorun Eater
- Autorun Protector
- Autorun USB Virus Finder
- USB Protector
- Antirun to disable or manage autorun on USB drives
- Autorun Deleter
- USB Flash Drives Control
- USB Defender
- Flash_Disinfector for XP
- Panda USB Vaccine.
- Computer Vaccination will prevent any AutoRun file from running, regardless of whether the removable device is infected or not.
- USB Vaccination disables the autorun file so it cannot be read, modified or replaced and creates an Autonrun.inf as protection against malicious code. The Panda Research Blog advises that once USB drives have been vaccinated, they cannot be reversed except with a format. If you do this, be sure to back up your data files first or they will be lost during the formatting process.