The latest security threat to your Windows operating system is a computer worm called Conficker that has already infected over 9 million PCs worldwide with maximum victims in China, Brazil, Russia, and India.
Conficker first disables system services like Windows Automatic Update, Windows Error Reporting, etc. and then connects to a web server from where it downloads additional malware onto the victim’s computer. The worm also attaches itself to certain Windows processes such as svchost.exe, explorer.exe and services.exe.
Prevent Conficker on your Windows machine
To prevent Conficker virus from infecting your Windows computer, you first need to disable the AutoRun feature. This can be done by downloading and installing certain updates manually for Windows XP or Windows 2000. Windows Vista users can skip this step as this is taken care of via automatic updates.
Now click Start, Run and enter gpedit.msc and click OK.
Under Computer Configuration, expand Administrative Templates. Now for Windows XP, click System and for Windows Vista, click Windows Components then Autoplay Policies. In the Settings pane, right-click Turn off Autoplay, and then click Properties.
Click Enabled, and then select All drives in the Turn off Autoplay box to disable Autorun on all drives. Click OK and restart the computer.
Find this article at: http://www.labnol.org/software/tutorials/secure-computer-disable-autorun/6698/
Tags: autorun, feature, security, virus, windows, Tips, Tricks, Tutorials
Reader Comments
In Vista, you can also open the Control Panel:
Control Panel > Hardware and Sound > AutoPlay
and set the options as per your preferences.
Written by AnandK on 01.22.09
Windows 98 screenshots amit ;)
Written by Alsiladka on 01.22.09
What about Windows Home Edition?
I don’t have this file: “gpedit.msc” in my system.
Written by pelsta on 01.22.09
Strangely, my computer doesn’t have those system, network, printers directories under administrative templates.
Is something wrong with my computer?!
Written by Srikanth on 01.22.09
Will this applies to Thumb drive also…
Since most of the virus now days comes from sharing pen drive…
Written by fasil on 01.22.09
I have Wndows XP and I am not finding the systems displayed under administrative templates.
Written by rsmanyan on 01.22.09
thanks amit my pc is already infected by this virus as seems by your article, my internet always gets open and automatically connects to any random site and download malware..thanks amit for this info….
Written by Funkruti on 01.22.09
Amit, Thanks for sharing this info.
I tried, but my PC says gpedit.msc missing.
Whats wrong?
Written by Abhijit Dharmadhikari on 01.22.09
And if you are interested in the CERT CC advisory with additional details, see link
Written by mo on 01.23.09
To disable autorun in Windows XP Home Edition, do the following:
Start > Run > regedit
Find HKEY_CURRENT_USER\SOFTWARE\Microsoft\Win…
Make a new value called NoDriveTypeAutoRun of type DWORD. Make its value 0×000000b1 (hex)
Written by Raleigh on 01.23.09
I have been telling people to turn off autorun/autoplay since I became aware of it. It used to be a huge problem on Mac and Apple turned it off so long ago that they apparently forgot Windows still did it… a CD duplicating machine at an Apple factory in the far east got infected that way a few years back.
I honestly can’t understand why ANY variant of this (including automatically using the Windows file type bindings for helper apps, or Apple ‘Open “Safe” files after downloading’) is considered acceptable by ANYONE.
Written by Peter da Silva on 01.23.09
Biggest problem with this one – it is not only infecting flash drives but also really good at jumping through local network.
Unless network is completely ready – one infected flash drive is enough for avalanche of problems.
Written by Rarst on 01.23.09
I have XP Home & don’t have gpedit.msc either. I believe it may be in XP Pro only.
Written by John B on 01.23.09
Raleigh–what win…folder do you put the new value under? I don’t know programming…thanks.
Written by Janice on 01.23.09
Also, I have over 1000 pass-protected /recycler.exe files I can’t delete. Tried rebooting with F8 key and starting in safe mode, but didn’t get anywhere. Have BitDefender, which is not able to eradicate the files..Thanks.
Written by Janice on 01.23.09
thanks for sharing nice info.
Written by falaque on 01.23.09
in case you dont have that gpedit.msc in your system
you can try this one…
1> create a text file called “antiautorun.inf”
2> open and edit it using your text editor ( notepad )
and enter the script below…
;start of file
;AntiAutorun.inf
[Version]
Signature=”$Chicago$”
Provider=”FREE”
[DefaultInstall]
AddReg=RegN3
[RegN3]
HKCU,SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoDriveAutoRun,0×00010001,0XFF
HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoDriveAutoRun,0×00010001,0XFF
; end of file
; Antiautorun.inf
3> save it and close the file.
4> then in your Windows Explorer, browsing in the
location where you saved antiautorun.inf
right click it and select “INSTALL”.
Written by Mark M on 01.23.09
For Xp Home Users : Microsoft Power Tool TweakUI to the rescue !!
Written by Cees on 01.23.09
To those having problems with this you better start looking for the rootkit it has installed =( gmer was a great help in this.
Written by Dave on 01.23.09
Turn off autorun via regedit / group policy / Tweak UI are not a good method, sometimes the autoplay can still be triggered when doubleclicking the icon / via right click menu / etc.
To COMPLETELY disable autorun ,you need to modify widows installation file with nLite (if its XP), check disable autorun and I would also suggest to check disable *.vbs, then Burn & Install. In this case Windows will not recognize any *.inf files.
Written by reed on 01.25.09
What I don’t understand is the purpose of this MS Uptate if it calls a gpedit.msc which has never existed on Windows XP Home Edition and says the update applies to XP SP2/SP2 as a whole ? I’m reverting this Update.
Written by Transcontinental on 01.26.09
gpedit.msc is not present in Vista home edition.
I fould a link…hope this helps
link
Written by bizztra on 01.26.09
>Strangely, my computer doesn’t have those system, network, >printers directories under administrative templates.
>
>Is something wrong with my computer?!
Adding the missing items as follow:
In Group Policy windows
1. Right click Administrative Templates
2. Click Add/Remove Templates
3. Click Add
4. Select system.adm
5. Click Open then Close.
Written by James Le on 01.28.09
@James Le
Thanks Mr James Le.
Followed your instructions.
They worked and I disabled the Autorun option.
Thanks.
-Srikanth
Written by Srikanth on 01.28.09
I’ve saw another recommendation to prevent autorun some where, it’s by creating a folder “autorun.inf” in all your thumbdrive, it will prevent those malware from infecting it, then there’s even a software called “Flash_Disinfector.exe” that sits in your systray to do that for any thumbdrive that’s being plugged into your pc. Quite a smart and effective way actually
Written by faulty on 01.31.09