The diversity of the malware system is quite significant. And each type of virus must be fought with its own method. In this article, we will deal with only one type of “malware”; writing to startup is almost a common practice among viruses. The malicious program’s action scheme is as follows:
Option 1
You are editing a working document from a flash drive on an already “infected” home PC.
Option 2
The virus registers in the autoload of your flash drive, and after you bring the flash drive to another computer, the infection of another PC occurs immediately when the drive is inserted into the USB port. Most likely, such a distribution mechanism was provided to circumvent the protection of corporate networks where a reliable firewall is installed, but the system administrator did not take care of the local security of working PCs and employees can bring any removable media.
The distribution of such programs is due to the fact that by default in Windows XP / 7 / Vista, autoload from removable media is allowed. This is done rather for the convenience of the user. But the proverb “well-intentioned paved road to hell” is more suitable for this case . Fortunately, this vulnerability is easy to close with the appropriate settings if you wondered about how to disable the flash drive's autorun and get rid of another problem in Windows. For systems of different generations (Windows XP / Vista and Seven) this procedure is slightly different. So let's get started.
In Windows XP (in Windows 2000 and the Server family, everything follows the same principle), go to the Group Policy Editor. It is most convenient to act through the gpedit.msc script, which is launched from the Start> Run menu. There you should select the subsection "Computer Configuration", and in it "Administrative Templates", where the sub-item "System" should be present. You need a policy setting called Disable Startup. By default, it is not set, you should set it to "Off" and select "All drives" from the drop-down menu, and then click "OK". Now put the flash drive into the slot and make sure that nothing starts. So you have solved the problem of how to disable flash drive autorun . No more viruses spreading in this way will bother you.
In the Windows 7 family of operating systems (excluding Basic and Home editions, where everything is done in the previous way or through the registry), this operation is slightly different in the direction of even greater convenience on how to disable the flash drive autorun. Indeed, the developers of Microsoft largely took into account the weaknesses of the previous generation systems. Perhaps the most important of them is the inconvenient location of quite important settings, which include disabling autorun, so the simple question of how to disable autorun of a Windows 7 flash drive is quickly resolved. You just need to go to the "Startup" menu item of the "All Control Panel Items" icon, which is obviously located in the "Control Panel". Uncheck the box "Use autorun for all media and devices", click "Save." For the changes to take effect, you will need to restart the computer.
This could end our story if there was no other universal way to disable autorun. Of course, we will talk about using the registry editor. Settings relating to autostart are scattered in three different places. Firstly, turn off the CD-ROM, if any, because this component of the system is considered obsolete and in many PCs, including desktop systems and netbooks, it is not used at all. To do this, set the value (0) to the Autorun parameter located in the SYSTEM bush (in the HKEY LOCAL MACHINE subkey) in the following path: CurrentControlServices> Services> CD-ROM.
Then in the same section we go to another bush - SOFTWARE. After all, autorun of removable media in explorer.exe, the system shell, also needs to be configured. Change the value of the NoDriveTypeAutoRun parameter to (FF). Its location is Microsoft> Windows> Current Version> Policies> Explorer. This value is not the only one we need to change. To completely disable autorun, the second parameter of the same name will also need to be assigned a value (FF). This time we go to the registry subkey HKEY_CURRENT_USER, but exactly along the same path as the previous one. The problem of how to remove the autorun flash drive is finally resolved. For the changes to take effect, you will need to restart the computer.