One of the ways the Conficker worm and other, similar malware slimes its way from computer to computer is by taking advantage of the Autorun feature in Windows. If Conficker finds removable media (like a USB drive) on a PC it infects, it will infect that media in such a way that it will exploit Autorun to attempt to automatically infect a new computer when the drive is connected.
Microsoft has shared instructions for manually disabling Autorun, but the steps are really meant for systems administrators rather than the average person. And up until this week, when Microsoft released a patch, the steps may not have even worked correctly, according to US-CERT.
An easier solution, first posted by Nick Brown and then recommended by US-CERT, involves far fewer steps, but you’d still need to copy a few lines of code and create your own script. Not a big deal, but it could be easier.
Enter your friendly neighborhood security blogger. I followed the steps described by Brown to create a ready-to-go script that you can simply download and double-click to disable AutoRun. And just to be thorough, I did the same for the step to turn it back on.
I believe the script only works for Windows XP, but if you know differently, by all means let us know with a comment below. Also, it’s important to note that if you turn off Autorun, you’ll have to manually find and double-click installation programs and other things that would have been automatically started by Autorun.
You might also run into trouble with U3 usb drives. But you will block off one of malware’s dirty tricks.