Home > Emerging Threats > disable Autorun registry key

disable Autorun registry key

With significant rise of malwares employing autorun.inf to execute and spread, Microsoft pushed a solution by disabling autorun registry key through Windows Update and Automatic update.  Please refer all the details from this url:  http://support.microsoft.com/kb/967715

Here’s an instruction to do it manually.

How to selectively disable specific Autorun features

To selectively disable specific Autorun features, you must modify the NoDriveTypeAutoRun value under the following registry key subkey:

Autorun is also known as AutoPlay. The following table shows the settings for the NoDriveTypeAutoRun registry value.

Value Meaning
0x1 Disables AutoPlay on drives of unknown type
0x4 Disables AutoPlay on removable drives
0x8 Disables AutoPlay on fixed drives
0x10 Disables AutoPlay on network drives
0x20 Disables AutoPlay on CD-ROM drives
0x40 Disables AutoPlay on RAM disks
0x80 Disables AutoPlay on drives of unknown type
0xFF Disables AutoPlay on all kinds of drives

Personally, I prefer 0xFF value which disables autoplay on all kinds of drives. The draw back here is when you are installing from CD ‘coz you have to manually execute the setup instead of automatically running it. The good thing, you’ll be safe from autorun malwares!

  1. February 28, 2009 at 8:34 pm

    These registry settings can be ineffective under some circumstances, or they can revert their original state. MS released recently several patches trying to fix the issue. You can check out my blogpost with more details about autorun malware and all the different methods I know about to defend against them: http://hype-free.blogspot.com/2008/09/autorun-malware.html

    • Methusela Cebrian Ferrer
      March 3, 2009 at 7:58 am

      Your blog post provides good details.. Thanks!

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: