Disable USB Autorun to Save PC from USB Viruses

March 22nd, 2008 | Tagged as: ¤ ¤ ¤ ¤ | Download as PDF

If you are new here. You may want to sign up for e-mail updates or subscribe to my RSS feeds. Thanks for visiting!

Pen drives are very common these days. Everybody has them for their daily data transfer needs and since these are connected to different computers very often, they become a easy carrier of malicious codes (virus, trojans, spywares etc).

How viruses spread from USB/Thumb/Pen drive?

Whenever a USB drive is plugged into a infected computer, virus copies itself to the pen drive and sets it to execute itself when pen drive is accessed by making changes in the autorun.inf. Whenever pen drive is accessed, the autorun.inf calls the executable file of the virus upon which the system gets infected.

How to save your computer from viruses from USB/Thumb/Pen drive?

The most effective method of preventing your system from getting infected is to disable autorun feature of USB devices. DJ tells us about disabling autorun feature on Sizlopedia. He tells us a method in which he uses gpedit.msc and disable autorun feature but the problem is that gpedit.msc is not available under Windows XP Home Edition.

So, I am going to explain how to disable USB autorun feature through registry editing which not only works for WinXP Home but also for any other edition of Windows.

UPDATE : There is a tool for vaccinating against autorun feature too. You better use it. It works far much better than this registry hack.

  • Browse to the following key HKEY_CURRENT_USER\Software\Microsoft\Windows\ CurrentVersion\Policies\Explorer
  • Modify the value of NoDriveTypeAutoRun to ff (hexadecimal)

disable_autorun

Although I must warn you that playing with the registry can be harmful for your system and you might end up re-installing your OS. Before making any changes, I recommend reading How to backup your registry?

disable_autorun_reg

And if you don’t want to edit the registry then you can download this registry entry.

Download Disable_autorun.reg.

Right Click > Save it on your computer > Run it on your computer.

Press Yes when it asks for confirmation for adding the entry into the registry.

This will now prevent any virus from auto executing itself through a USB drive. In addition to this, you must have a good anti virus installed on the system as this method just stops the virus from infecting the system automatically.

 
{ 29 Comments }
  1. Quiz_Master says:

    This trick will help me a lot. My friend’s PCs get infected by these kinda viruses almost 3-4 times in a month…

    Thanks for this.

  2. Ebook says:

    Thanks for this nice tips :mrgreen:

  3. Ashfame says:

    @Quiz_Master, Ebook
    You are welcome.

  4. Rakshit says:

    This is very useful. You don’t know when your system will get infected with viruses. I already implemented it long before.

  5. Oscar says:

    Really useful!! What a tip!

  6. joshuatly says:

    yaya, this is what im searching for!

  7. Thnx for the tip man!

  8. Ashfame says:

    @Rakshit, Oscar, Joshuatly, Nikolai
    You are welcome.

  9. ggg says:

    This is nice… Just to explain the registry key. The binary value (8 digits) represent 8 kinds of drives (floppy, CD/DVD ROM, removable…). 1 = don’t allow autorun, 0 = allow autorun, CD/DVD ROM is third from the left, therefore 11011111 (bin) = df (hex) = allow autorun only for CD/DVD ROM. Consequently 11111111 (ff) = forbid autorun for all type of drives. Just to say, HKEY_LOCAL_MACHINE has privilege over HKEY_CURRENT_USER, so check if there is the same key, and if there is, change the value to “df” or “ff”, or add the same key and value to the location as well if you want…

  10. maxrioseco says:

    a bit about what we are doing ;)

    nice trick =)

  11. zplits says:

    Hi, thanks for this great info. It helped me a lot.

  12. Amani says:

    How can I enter a site which is blocked by the server manager?

  13. Stefan says:

    thank you for the reg key, Ashfame! you have really helped me a lot. greetings from Slovakia!

  14. Alessi says:

    It worked even with my strange laptop version of Home Edition, thanks a lot!

  15. Ashfame says:

    The tutorial has been updated to prevent the infection from spreading through optical drives also. Thanks to ggg for the explanation in the comment. Moreover, there is a tool for doing this in a better way. I recommend using that tool instead of this hack now. You can find the link to the tool in the post only.

  16. GAURAV VERMA says:

    IT’S A VERY NICE TRICK

  17. GAURAV VERMA says:

    It worked even with my strange laptop version of Home Edition,
    Really useful!! What a tip!
    Thanks

  18. PC_MAC says:

    It looks like it will only work for the current user that is logged in. Will this work for the Local Machine also.

  19. Jaya Motwani says:

    Hi Ashish ! ur work is really appreciable…really!!!! U hv done a gr8 job by launchin dis website…i wish u al d bst 4 ur future in dis field….keep it up!

    • Ashfame says:

      @Jaya
      Thanks for your kind words! :)

  20. shivansh says:

    reallyy gud advice….
    thankss fr d useful info….

  21. Fred says:

    works very well..i used your tool to instal it…But now i plug my usb key and she wont appear at all.. no where to be seen. i thauhgt that tool would just stop prog to auto run from it, not even let her show as as an external device..
    What do i have to do to go back before i instal your tool. What reg to i have to put back.
    Thank you very much for your haelp.

    • Ashfame says:

      You are having a system specific issue. Are you sure you did the same thing explained in the post and not anything else?

  22. fred says:

    Thanks for your answer, i think the key is dead..that’s all. i should have try with anotherone before posting.
    Thanks.

  23. eric b says:

    Is there a way to password prompt when a USB device is installed once I disable the autorun for all users/groups.

    • Ashfame says:

      Never heard of anything like that. Try some googling :/

Leave a Reply

(required)

(required)