Or How to Disable Autoruns

- to Stop This Particular Infection Route

This is a brief summary of what to do…

1. Make sure you have a proper anti-virus program running
   • NOD32 is a good one!
   • AVG is too
   • Kaspersky, Trend, CA are also good brands
2. Make sure your anti-virus is current and updated.  Check like so:
   • Somewhere on your program will be it’s last update
   • For NOD32, hover your mouse cursor over the little icon next to the taskbar clock (bottom right in XP)
   • As well as version numbers, the last update shows in reverse date format – 6 Feb 2009 is 20090206
   • Other programs are very similar and the last update is usually pretty obvious so you don’t need to fiddle with settiings etc.
3. Disable autoruns as this is a good way for the virus/malware/trojan to get you
   • This is the best and easiest way to do this:

Copy This Text:

REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@=”@SYS:DoesNotExist”

Open Notepad:

start -> run -> type ‘notepad’ (without quotes) and hit Enter on the keyboard

Paste Into Notepad:

Now paste the copied text into Notepad

Now Save the File:

Call the file a handy name like “StopAutoRun” but make sure it has a ‘reg’ extension!

So your file should be called something like StopAutoRun.reg

Now Run The Reg File You’ve Just Made:

Double-click the file – your registry will pick up the change and the handy autorun feature will be disabled!

Of course, you may be used to using this “handy feature”.  If you want to keep it, don’t do any of the above but be very, very, very careful about any USB stick you insert into your computer, any CD you insert or play, any video you watch on DVD, and any network you map or connect to…

What About if I’m Already Infected?

How to Clear and Eliminate Conficker or Downadup?

1. Connect to the internet with a “good”, clean computer.  You may need to borrow one or visit a friend’s house..
2. Download a clean up program – the NOD32 version is here: http://download.eset.com/special/EConfickerRemover.exe Other Anti-virus makers have similar ones.
3. Copy the tool you’ve just downloaded to your own PC and run it.   It may take a while and you’ll definately need a reboot afterwards.
4. Install and/or Update a good Antivirus program (see above at top)

Further Reading and Information Sources

• Conficker Clarified – ESET blog
• How to correct “disable Autorun registry key” enforcement in Windows – really complex Microsoft help article – still leaves vulnerabilities even after all this (see below)
• Virus alert about the Win32/Conficker.B worm – Microsoft help article similar to above
• National Cyber Alert System: Technical Cyber Security Alert TA09-020A archive – US Homeland Security Article saying: Microsoft Windows Does Not Disable AutoRun Properly
  • This is the best explanation and my potted version above is based on this.

Related posts:

1. New Virus

   This is a new kind of virus that attaches itself to the master boot record of your OS, it then...

2. Program problems

   Hi Paul Ableton’s running now in user mode as I explained below! You did send the right one, it just...

3. File Sharing – Good!

   Ode to Ploy caring, sharing, wearing, furring, file-sharey blurring, obfuscatingly daring, morbidly hearing, Hazel Blearing, warring factions, dreadful actions, pink...

4. Filters & OS

   Hey man, hope all is well had major problems today my multi os keeps crashing/restarting probably to do with cracked...

5. Laptop/computer wipe

   Well I think its about that time. Fresh install on the Laptop now that I’ve maxed out the drive and...