Re: AUTORUN.INF Vulnerability

From: Philip Hannay (philip.hannayat_private)
Date: Tue Feb 22 2000 - 01:10:27 PST

Next message: Alan Ramsbottom: "Re: Microsoft signed software can be install software without pro"

Previous message: Alexander Kiwerski: "Re: Doubledot bug in FrontPage FrontPage Personal Web Server."
Maybe in reply to: Eric Stevens: "AUTORUN.INF Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>To disable the autoinsert notification:
>
>Win9x - HKEY_LOCAL_MACHINE\Enum\SCSI\Name_of_cdrom\MF&...(nasty long key)\
>AutoInsertNotification (binary value, default 01) set to 00
>
>WinNT - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\
>Autorun (hex DWORD value, default 0x00000001) set to 0x00000000
>
>Secondary workaround:
>
>Win9x -
>HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
>NoDriveTypeAutoRun (binary value, default 95 00 00 00) set to 9d 00 00 00
>
>WinNT -
>HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
>NoDriveTypeAutoRun (hex DWORD, default 0x00000095) set to 0x0000009d

An alternative method for NT, which seems to have disabled autorun completely,
is to change the all the security settings on the HKEY_CLASSES_ROOT\AutoRun key
to read-only.

Philip Hannay,       Virus Analyst,       Sophos Anti-Virus
email philip.hannayat_private        http://www.sophos.com
US Support +1-888-SOPHOS-9       UK Support +44-1235-559933

Next message: Alan Ramsbottom: "Re: Microsoft signed software can be install software without pro"
Previous message: Alexander Kiwerski: "Re: Doubledot bug in FrontPage FrontPage Personal Web Server."
Maybe in reply to: Eric Stevens: "AUTORUN.INF Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:36:38 PDT