Best Practices - Disabling Autorun through Regedit

Version 1

    The autorun worms have been quite prevalent on PCs due to their exploitation of a built in Windows feature for autostarting once a removable media has been inserted.


    A typical scenario is that a college student takes his/her USB drive to the computer lab to finish up a term paper.  Little do they know, that the computer they used had a Autorun worm on it which infected their thumb drive.  Now that thumb drive is taken to another system and that system becomes infected as well.

     

    How bad is the problem?  There was an article about how malware was being shipped on picture frames to unsuspecting users.  Please read more about this via our VIL description:

    http://vil.mcafeesecurity.com/vil/content/v_142518.htm

     

    Steps to disable the Autorun feature on Windows:

    1. Click Start, click Run, type regedit  in the Open box, and then click OK.

    2. Locate and then click the following entry in the registry:

    • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\No DriveTypeAutorun

    3. Right-click NoDriveTypeAutoRun, and then click Modify.

    4. In the Value data box, type 0xFF to disable all types of drives. Or, to selectively disable specific drives, use a different value as described in the "How to selectively disable specific Autorun features" section.
    5. Click OK, and then exit Registry Editor.
    6. Restart the computer

     

    Note:  If you are not familiar with registry editing, please take caution as you could end up hurting your system.  Please try this at your own risk.

     

    This document was generated from the following thread: Best Practices - Disabling Autorun through Regedit