Autorun.inf|Digesting an Autorun.inf File

“An ant may well destroy a whole dam” , well it’s a famous Chinese proverb , so why we highlight this proverb is in the case by relating it to  a virus affecting a secure PC. Of course it might be a tiny hidden file  that’s able to destroy the whole  PC/network of Computers.But in case of autorun.inf files it’s basically definitely not a virus  but it can call virus files.However  we could well differentiate  a file like autorun.inf  is a friendly file  or not.Most of the readers might be friendly/ knowing  with autorun.inf file , however let’s have a cheat list of  idea behind this famous file.

For going to basics an Autorun.inf is a text-based configuration file that instructs the PC on what to do upon insert of a media such as flash drive, or CD.Today Normally  every antivirus security software’s hesitates to allow an autorun.inf file.But Autorun.inf in actual fact is not a virus, but can be infected by a virus.In the other way round Auto run is file that trigger or launches other programs,documents ,other files to be opened when the CD or pen drives are inserted.
Autorun basically operates for :

  •  For launching a  process or application that will automatically run when a CD/usb is inserted.
  •  The icon that will represent your application’s CD or DVD when the drive is viewed with My Computer or Explorer.
  •  Menu commands displayed normally when the user right-clicks the CD-ROM icon from My Computer or Explorer.

When cd or pen drives are inserted, windows will search for the autorun.inf file and follow the instructions of autorun.inf file(instructions have written inside the autorun.inf file).
Skelton Behind Autorun.inf file

You could view an autorun.inf file  simply with a notepad /wordpad .A basic autorun.inf file has below structure.
[Autorun]
Open=
Explore=
AutoPlay=
shell\Open\Command=
shell\Open\Default=
shell\Explore\command=
shell\Autoplay\Command=
To begin with what does   [Autorun] says. it’s simply  used to identify  that the file as autorun.
OPEN=
An OPEN Command indiactes which application should be opened when the CD  or flash driveis opened.
OPEN = APPLICATION.EXE
This will launch the APPLICATION.EXE file when cd or pen drive is opened.  To Specify a file in Sub directory OPEN = DIRECTORY \ APPLICATION.EXE
Explore=
This command will be run. When we right click and select explore option in CD  or flash drive.As above you could specify the path in this command
AutoPlay=
Same as the above , but it will launch the the program when auto played.
icon=
Specify the icon / Change the icon of your pen drive or cd.  you can use .ico,.bmp images(also .exe,.dll)
SHELL\ =
The SHELL\VERB command adds a custom command to the drive’s shortcut menu. This custom command can for example be used to launch an application on the CD/DVD.Use a series of shell commands to specify one or more entries in the pop-up menu that appears when the user right-clicks on the CD icon.
Label=
Specifies a text label to displayed for this CD in Explorer
A sample Autorun.inf file
[autorun]
open=Setup.exe
icon=Setup.exe,1
label=My Presentation
shell\readme\command=notepad README.TXT
shell\readme=Read &me
shell\software\command=Setup.exe
shell\software=Setup the software

Disabling / Removing an autorun.inf file
We could well disable /enable autorun.inf to launch in Windows OS  on Autoplay settings(From Control panel) or through registry editing.Mostly many antivirus detecs it and block it.Autorun.inf is not a malware, but a virus might use autorun.inf to get access to your computer programs and files. Common virus like bacalid, ravmon.exe and even Trojan virus hides in autorun.inf to easily spread to your computer. These viruses save themselves in the root directory of the infected hard disks and will run themselves every time you double click the drive. Usually if a USB stick or a CD was infected by a virus, once it was plugged to your computer the device automatically runs itself especially with the device where autorun was enabled.
If autorun.inf was detected by your anti-virus as a threat to your computer but not yet tried to make an action then here are some tips to remove autorun.inf which are infected by virus.
You can disable autorun.inf for all drives by configuring the registry of your computer. First you need to open the registry by typing regedit.exe to the command prompt or you may execute it in run. Then look for this registry: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Double-click the NoDriveAutorun DWORD entry and type the value  FF (OR 0xFF OR 255 in Decimal). (If the NoDriveAutorun does not exists, you can create it by right-clicking the right side area of the regedit window, then click New->DWord Value -> type NoDriveAutorun) Close the registry and restart the computer. This procedure will disable all the autorun for all drives of your computer and at least will prevent the autorun function of infected USB drives or CDs and avoid the infection of viruses like the Bacalid and RavMon.exe.
Another procedure to disable or delete autorun.inf that has been infected by virus is by using the command prompt, type cd\ then press enter. You may type the letter of your USB drive or CD drive, for example F: then press enter. Type this attrib –h –r –s (or could try dir /ah  command )autorun.inf  then press enter, type del autorun.inf.That’s the easiest way to avoid spreading virus from your computer especially using autorun.inf.
If any thing goes wrong or unable to delete using above command try  the below method

  • select the drive containing autorun.inf in same way as shown in above .
  •  type attrib -s -h *.* /s /d
  •   check the contents of the drive for possible autorun.inf (or any other virus that u can recognize) by typing “dir”
  •  once u find it just rename it to any other name (possibly making it unusable) by typing “rename autorun.inf abcd” (without quotes)
  •   now you can delete this newly named file by typing “del abc” (without quotes) or directly going in that respective drive.reason for typing “attrib -s -h *.* /s /d” (an additional /d)  is for checking drive contents  that some of the viruses are hidden and bypass the “dir” command and are not listed in cmd window.

Prevent autorun.inf  to infect your USB flash drive
If you want to prevent viruses that uses autorun.inf  to infect your USB flash drive, try to do this:

  • Open your flash drive via Command Prompt (do this via Start->Run->cmd.exe)
  •   Change your logged drive to your USB flash drive (e.g. if your drive is at drive E: then type E: on the command prompt then press enter)
  •   Create a folder named: AUTORUN.INF on the root directory of your flash drive. (to do this type the command: MD\AUTORUN.INF). If an error: a sub directory already exists… shows, try to follow the instruction above to remove existing autorun.inf before doing this instruction.
  •  The reason why this will avoid future infection is that autorun.inf viruses usually generates a file autorun.inf. Having an AUTORUN.INF folder on the root directory of your drives will make virus programs unable to create their own autorun.inf file, virus can’t even overwrite

Note:Did we miss any , feel free to comment out

Advertisements

About Technology Timely

Aimed on updated tech news

Posted on April 29, 2011, in Security, Windows. Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: