Hacking Autorun.inf virus attack|Is autorun.inf virus?

[jamadari]

Hacking Autorun.inf virus attack Is autorun.inf virus?

​

When i studied second year(cse), my friends told that autorun.inf is virus. I thought so. Because my antivirus blocks autorun.inf files. In third year when i search about autorun.inf file in net, i realize about the auto run file.

Today i bring some files from my college system. When i insert the pen drive in my system, there are lot of exe files.They are viruses. I delete all of them. Finally i opened the autorun.inf file in notepad and saw the instructions. Then only i remembered that i forget to post about autorun file. This article will give you complete details about the autorun.inf file.
This is the instructions that saved in the infected(call virus programs) autorun.inf file:

[Autorun]
Open=RECYCLER\QqFvXcB.exe
Explore=RECYCLER\QqFvXcB.exe
AutoPlay=RECYCLER\QqFvXcB.exe
shell\Open\Command=RECYCLER\QqFvXcB.exe
shell\Open\Default=1
shell\Explore\command=RECYCLER\QqFvXcB.exe
shell\Autoplay\Command=RECYCLER\QqFvXcB.exe​

is autorun.inf virus file? no. Then why antivirus block the autorun.inf files? Go ahead to know the full details about auto run file.

Introduction to Autorun.inf File:
Auto run is file that triggers other programs,documents ,other files to be opened when the cd or pen drives are inserted. Simpy triggers.

When cd or pen drives are inserted, windows will search for the autorun.inf file and follow the instructions of autorun.inf file(instructions have written inside the autorun.inf file).

How to create Autorun file?
Open notepad
type this command:

[Autorun]​

save the file as "autorun.inf" (select all files, not text )

Complete Syntax and instructions inside the Autorun file:
Basic syntax must be inside the autorun.inf file is :

[Autorun]​

This will be used to identify the the file as autorun.

OPEN=
This will specify which application should be opened when the cd or pen drive is opened

Example:

open=virus.exe​

This will launch the virus.exe file when cd or pen drive is opened. The file should be in root directory.
if the file is in any other sub directories ,then we have to specify it.

Open=RECYCLER\Virus.exe​

Explore=
Nothing big difference. if you right click and select explore option in cd or pen drive. This command will be run.

AutoPlay=
Same as the above , but it will launch the the program when auto played.


SHELL\VERB =

The SHELL\VERB command adds a custom command to the drive's shortcut menu. This custom command can for example be used to launch an application on the CD/DVD.

Example:

shell\Open\Command=RECYCLER\QqFvXcB.exe
shell\Open\Default=1
shell\Explore\command=RECYCLER\QqFvXcB.exe
shell\Autoplay\Command=RECYCLER\QqFvXcB.exe​

Use a series of shell commands to specify one or more entries in the pop-up menu that appears when the user right-clicks on the CD icon. (The shell entries supplement the open command.)

Icon=
Change the icon of your pen drive or cd. you can use .ico,.bmp images(also .exe,.dll)

Example:

icon=breakthesecurity.ico​

Label=

Specifies a text label to displayed for this CD in Explorer
Note that using the LABEL option can lead to problems displaying the selected ICON under Windows XP.

Example:

Label=Ethical hacking​

Why Antivirus Block Autorun.inf file?
From above ,you come to know that autorun.inf file is not virus. But why antivirus blocks it? Because as i told autorun file call or launch any application or exe files. It will lead to virus attack. If the autorun.inf is blocked,then there is no way to launch the virus code.

Autorun is not virus but it can call virus files.

 

[jamadari]

How to block or Disable Autorun.inf file in windows xp,Windows 7-Registry Edit
[FONT=Tahoma, Calibri, Verdana, Geneva, sans-serif]
[/FONT]

​

Block Autorun

Depending on the version of Windows that you are using, there are different updates that you must have installed to correctly disable the Autorun functionality:
To disable the Autorun functionality in Windows XP, in Windows Server 2003, or in Windows 2000, you must have security update 950582, update 967715, or update 953252 installed.



Simple way to disable autorun.inf :
Follow this link and download the msi file:

http://go.microsoft.com/?linkid=9741395​

Fix it yourself-Manually disabling the autorun feature:
To disable Autorun yourself on operating systems that do not include Gpedit.msc, follow these steps:
Click Start, click Run, type regedit in the Open box, and then click OK.
Locate and then click the following entry in the registry:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDrive​

TypeAutorun
Right-click NoDriveTypeAutoRun, and then click Modify.
In the Value data box, type 0xFF to disable all types of drives. Or, to selectively disable specific drives, use a different value as described in the "How to selectively disable specific Autorun features" section.
Click OK, and then exit Registry Editor.
Restart the computer.

you can re-enable the autorun feature :
Follow this link:

http://go.microsoft.com/?linkid=9743275​

Actually i get this information from here:

How to disable the Autorun functionality in Windows​

if you want more information or want to disable in vista, just visit the above link: