Microsoft Blocks AutoRun/AutoPlay Vulnerability in XP, Vista, and Windows Server [Updated!]



+ Add a Comment


First of all, this kind of thinking is an american kind of thinking where liberty is understood by taking away rights. There was absolutly no need to remove this feature as long as it could be simply turned off from the registry (although be it not a so practical method). On the other hand just having AutoRun not start if you hold Shift pressed while inserting a USB device, like AutoPlay, is an equally good feature. Instead, you want to completly remove a feature just because you are too stupid, or lazy, to turn it off just for yourself's. I would hope Microsoft reconsiders, but beeing an american corporation...



It's about time, I've had this useles and unsafe feaute disabled on every machine I've ever used.



I'm currently deployed to Afghanistan and a good majority of the people out here have contracted some form of USB transmitted virus. On an infected PC, the virus will copy itself to the drive and set the autorun.inf to automatically run or when the drive is double-clicked from My Computer (which in turn runs the autorun). 

 The viruses that I have found like to sit in C:\Users\<your_username>\ and is set to system and hidden. Using ATTRIB in a command prompt will show the hidden system files (or setting your view in Explorer to show hidden file and not hide system files will do the same). Kill the offensive program in Task Manager; delete the virus (there shouldn't be any .exe or .vbs files in the \<your_username>\ folder); use MSConfig to remove the startup entry.

Same basic steps on a USB drive (thumbdrive, hard drive, digital camera memory card, iPod Classics, etc.). The autorun.inf will be system and hidden along with one or more .exe or .vbs files. The most common is start.exe which would appear to be harmless. Delete them.  

Better yet, edit the autorun.inf and delete everything in it (make it blank) and save. Right click on the autorun.inf and go to Properties and then the Security tab. Click the Advanced button and uncheck the Inherit permission from parent. Click Remove followed by OK as many times as you need to close all the windows. This takes away your permissions to edit the file even if you are an administrator. This will prevent other infected systems from giving your drive the virus. You will still get the hidden executable file on the drive but without the autorun.inf to run it, it won't automatically run. Also note that the drive must be formatted to NTFS and not FAT/FAT32.

 To protect your PC, you can disable the autorun feature with a registry. Open notepad and copy the text below and save as "noautorun.reg" (be sure to use the quotation marks). Double click the file that you just created and click Yes when asked if you want to add it to the registry. Reboot just to be safe. No more autorun. (This is useful for soldiers like myself that are deployed that won't be able to download the Windows Update.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]

Even with current anti-virus definitions, Norton seems to let about 95% of the infections go undetected. Of all the drives and systems that I have checked, Norton has only alerted me to three...




This comment is a must-read for anyone who wants to prevent AutoRun-based malware. Thanks very, very much for what you're doing in Afghanistan.


It's amazing how illogical a business built on binary logic can be.



Portableapps is/are doomed!



An army of pacifists can be defeated by one man with the will to fight.



Autorun has always been a misfeature, so I don't mind seeing it go at all. I think this was a good move.



Auto play/Auto run Should have never been introduced IMO. It was something to make it easy to install programs and run games. It also runs bad stuff easy. What is so hard about clicking on a icon to start a program.



First why don't you describe the difference between autorun and autoplay. autorun and autorun.inf files are what malware uses. autorun has been a pain in the rear ever since it began, and personally I have no problem with USB key not being able to autorun there crapware and sometimes malware straight from the factory. 

We're talking computers here people if you want one specific usb key, card or drive to run this can be done, each drive is different, each connection is different, 

If you want a security program to check autorun.inf file before they run this could be done too. 
Maybe it's time to get people with experience with computers working on security rather than teenagers.



I've added an in-article link back to the original article about changes to Windows 7's AutoPlay/AutoRun and have also written a new section for the current article that contrasts these features. If you want more control over AutoPlay than Windows XP provides, you will like the level of control in Windows Vista and Windows 7.


It's amazing how illogical a business built on binary logic can be.



I prefer to have auto-run off anyway, as I don't like a pop up when I insert a disc.

Log in to MaximumPC directly or log in using Facebook

Forgot your username or password?
Click here for help.

Login with Facebook
Log in using Facebook to share comments and articles easily with your Facebook feed.