The other side of autorun.inf

Autorun.inf is the primary instruction file associated with the Autorun function. Autorun.inf itself is a simple text-based configuration file that tells the operating system which executable to start, which icon to use, and which additional menu commands to make available. In other words, autorun.inf tells Windows how to deal open the presentation and treat the contents of the CD.

The autorun.inf defines the following:

• The process or application that will automatically run when a disk is inserted
• Optionally, one can define the process or application that will run for specific Operating environments.
• The icon that will represent your application’s CD or DVD when the drive is viewed with My Computer or Explorer.
• Menu commands displayed when the user right-clicks the CD-ROM icon from My Computer or Explorer.

read more about autorun.inf here

Autorun is intended as a convenience feature: software distributed on a disc can automatically start an installer when the disc is inserted. However, autorun can pose a security threat, when the user does not expect or intend to run the software.
For instance, an attacker with brief and casual physical access to a computer can surreptitiously insert a disc and cause software to run. Alternately, malicious software can be distributed with a disc that the user doesn’t expect to contain software at all — such as an audio compact disc. Even music CD’s from well known name-brand labels have not always been safe. – wikipedia

It’s always been a hassle for us students who are using computers with a lot of malicious software. Some of these software are really getting into my nerve. (Ravmone.exe, Vundo, imgKulot, RECYCLER, more..) These malicious softwares use the power of autorun.inf to be able to gain access of the PC and propagate their selves by sticking their files to the system folders. But usually they reside on USB Flash Drives and infect other PC’s. And recently I’ve been experimenting some ways on getting rid of it. Here are some steps in deleting these malicious softwares.

Precautions:

• Do not enter directly to your USB Flash Drive. Use [right click] -> open or explore
• Make sure there are no running malicious software in the background
• Be sure to have a cmd.exe on your USB. You can copy the cmd.exe from you X:windows\system32\ folder and put it to your Flash drive

General Steps in removing these softwares:

• run cmd.exe
• type in dir /a
• if you can find the autorun.inf delete it by typing del autorun.inf /a /f
• But before you can do this you must first know what are the accompanying files of the malicious software that is in your USB
• Then delete the files that are not yours that you believe to be malicious using
  del <filename> /a /f
• But this files can’t be deleted if its running on your system. Be sure to kill the process before trying to delete it.
• If you can encounter some malicious programs who uses directory such as RECYCLER. First download the eraser portable from the net. [link to download]
• Use the Eraser Portable to delete the directory and its subdirectories. (proceed to help if you need some help in using the program)

If you need more help on removing these softwares please feel free to to contact me at boting_231@yahoo.com .

How would a car function if it were designed like a computer? Occasionally, executing a maneuver would cause your car to stop and fail and you would have to re-install the engine, and the airbag system would say, “Are you sure?” before going off. (Katie Hafner)