Bugtraq mailing list archives

Re: AUTORUN.INF Vulnerability

From: philip.hannay () SOPHOS COM (Philip Hannay)
Date: Tue, 22 Feb 2000 09:10:27 +0000

To disable the autoinsert notification:

Win9x - HKEY_LOCAL_MACHINE\Enum\SCSI\Name_of_cdrom\MF&...(nasty long key)\
AutoInsertNotification (binary value, default 01) set to 00

WinNT - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\
Autorun (hex DWORD value, default 0x00000001) set to 0x00000000

Secondary workaround:

Win9x -
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoDriveTypeAutoRun (binary value, default 95 00 00 00) set to 9d 00 00 00

WinNT -
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoDriveTypeAutoRun (hex DWORD, default 0x00000095) set to 0x0000009d


An alternative method for NT, which seems to have disabled autorun completely,
is to change the all the security settings on the HKEY_CLASSES_ROOT\AutoRun key
to read-only.

Philip Hannay,       Virus Analyst,       Sophos Anti-Virus
email philip.hannay () sophos com        http://www.sophos.com
US Support +1-888-SOPHOS-9       UK Support +44-1235-559933

Current thread:

Re: AUTORUN.INF Vulnerability jeremy logan (Feb 18)
- <Possible follow-ups>
- Re: AUTORUN.INF Vulnerability Philip Hannay (Feb 22)