Pen drives are very common these days. Everybody has them for their daily data transfer needs and since these are connected to different computers very often, they become a easy carrier of malicious codes (virus, trojans, spywares etc).
How viruses spread from USB/Thumb/Pen drive?
Whenever a USB drive is plugged into a infected computer, virus copies itself to the pen drive and sets it to execute itself when pen drive is accessed by making changes in the autorun.inf. Whenever pen drive is accessed, the autorun.inf calls the executable file of the virus upon which the system gets infected.
How to save your computer from viruses from USB/Thumb/Pen drive?
The most effective method of preventing your system from getting infected is to disable autorun feature of USB devices. DJ tells us about disabling autorun feature on Sizlopedia. He tells us a method in which he uses gpedit.msc and disable autorun feature but the problem is that gpedit.msc is not available under Windows XP Home Edition.
So, I am going to explain how to disable USB autorun feature through registry editing which not only works for WinXP Home but also for any other edition of Windows.
UPDATE : There is a tool for vaccinating against autorun feature too. You better use it. It works far much better than this registry hack.
- Browse to the following key HKEY_CURRENT_USER\Software\Microsoft\Windows\ CurrentVersion\Policies\Explorer
- Modify the value of NoDriveTypeAutoRun to ff (hexadecimal)
Although I must warn you that playing with the registry can be harmful for your system and you might end up re-installing your OS. Before making any changes, I recommend reading How to backup your registry?
And if you don’t want to edit the registry then you can download this registry entry.
Right Click > Save it on your computer > Run it on your computer.
Press Yes when it asks for confirmation for adding the entry into the registry.
This will now prevent any virus from auto executing itself through a USB drive. In addition to this, you must have a good anti virus installed on the system as this method just stops the virus from infecting the system automatically.
This trick will help me a lot. My friend’s PCs get infected by these kinda viruses almost 3-4 times in a month…
Thanks for this.
Thanks for this nice tips
You are welcome.
This is very useful. You don’t know when your system will get infected with viruses. I already implemented it long before.
Really useful!! What a tip!
yaya, this is what im searching for!
Thnx for the tip man!
@Rakshit, Oscar, Joshuatly, Nikolai
You are welcome.
This is nice… Just to explain the registry key. The binary value (8 digits) represent 8 kinds of drives (floppy, CD/DVD ROM, removable…). 1 = don’t allow autorun, 0 = allow autorun, CD/DVD ROM is third from the left, therefore 11011111 (bin) = df (hex) = allow autorun only for CD/DVD ROM. Consequently 11111111 (ff) = forbid autorun for all type of drives. Just to say, HKEY_LOCAL_MACHINE has privilege over HKEY_CURRENT_USER, so check if there is the same key, and if there is, change the value to “df” or “ff”, or add the same key and value to the location as well if you want…
a bit about what we are doing 😉
nice trick =)
Hi, thanks for this great info. It helped me a lot.
How can I enter a site which is blocked by the server manager?
thank you for the reg key, Ashfame! you have really helped me a lot. greetings from Slovakia!
It worked even with my strange laptop version of Home Edition, thanks a lot!
[…] updates or subscribe to my RSS feeds. Thanks for visiting! Earlier I have written about how to disabe USB autorun to save the computer from being infected with various sort of malware which adds action in the […]
The tutorial has been updated to prevent the infection from spreading through optical drives also. Thanks to ggg for the explanation in the comment. Moreover, there is a tool for doing this in a better way. I recommend using that tool instead of this hack now. You can find the link to the tool in the post only.
[…] http://blog.ashfame.com/2008/03/disable-usb-autorun-save-pc-usb-viruses/ […]
IT’S A VERY NICE TRICK
It worked even with my strange laptop version of Home Edition,
Really useful!! What a tip!
It looks like it will only work for the current user that is logged in. Will this work for the Local Machine also.
Hi Ashish ! ur work is really appreciable…really!!!! U hv done a gr8 job by launchin dis website…i wish u al d bst 4 ur future in dis field….keep it up!
Thanks for your kind words! 🙂
reallyy gud advice….
thankss fr d useful info….
works very well..i used your tool to instal it…But now i plug my usb key and she wont appear at all.. no where to be seen. i thauhgt that tool would just stop prog to auto run from it, not even let her show as as an external device..
What do i have to do to go back before i instal your tool. What reg to i have to put back.
Thank you very much for your haelp.
You are having a system specific issue. Are you sure you did the same thing explained in the post and not anything else?
Thanks for your answer, i think the key is dead..that’s all. i should have try with anotherone before posting.
Is there a way to password prompt when a USB device is installed once I disable the autorun for all users/groups.
Never heard of anything like that. Try some googling :/
Is there a way we can undo this?? I used the .reg file you have here. IT works great but my plug and play internet doesnt work. Do you think it is related?
Surely we can change it but I doubt if it has something to do with your plug and play device. May be the autorun tries to start the installation of its drivers and application.
Read this comment above.
Decide what you want to do and enter the value in registry as shown in the post.
Hope that helps! 🙂
you can also check this out
This is an useful article . I was really having a hard time with these USB viruses. They screw me a lot. I couldnt help plugging in different USB’s also . that is part of the work . anyways thanx dude.
hey ashish… i want to disable pen drive on linux operating system.
how do i do that..
plz help me.
Try this – http://www.cyberciti.biz/faq/linux-disable-modprobe-loading-of-usb-storage-driver/
Ashfame I saw ur blog today, it was really helpful. Indeed, I would like to get one more suggestion from you. I am facing a problem everytime I log into my computer showing an error msg “windows cannot find ‘and.’…I believe this has been generated since I used my friend’s pendrive. Can you suggest how to overcome this.
You can most probably try to remove if its something from the startup or some file that went missing (reinstalling to which that file belongs).
Exact Google search will lead you to results where people posted about the exact same thing and hopefully you can find a solution from there.
But sometimes, one has to live with them. I don’t use Windows anymore, shifted to Ubuntu long time back.
Thanks a lot for your reply. I would definitely search for it and see if I can get rid of this problem. Once again, thanks.
it works nicely
To stop USB virus- 1 unmount HDD, 2 turn on view of hidden files, 3 mount usb drive and check it. How to do it? Top secret!