Skip navigation.
Home

Locking the autorun.inf file

|

Is this possible on FAT/32 ? I have some ideas for NTFS ( symlink ? ) but I think its just too much trouble ... I know that autorun.inf folder would stop spreading but ... ( or not? ) I use INF file b-coz of icon and other things. I read ( not really ... just 1st post) on expert-exchange that there is some tool which locks that file upon insertion ( possible .. but probably u3 drive or some expensive usb thumb)

Regards.

I wrote a tool some time ago

I wrote a tool some time ago to help users on my forum from emerging autorun.inf spreading infections:
http://amf.mycity.co.yu/personal/bobby/USB_blocker/

USB_blocker will rename autorun.inf at the same moment Windows detect the insertion of the USB mass media devices.
It is faster than Explorer, so the autorun.inf will never get read by Explorer if USB_blocker is active.
Home version is for home use, and other one is a diagnostic tool for making reports that I need on forum.

Now, if I understood your request, you still need autorun.inf, but you want it locked so that no malware can alter it. I think it is quite impossible without writing a driver for such task.

Abt the tool

obviously bobby and i have a better solution.. Creating a file autorun.inf in every drive which will request a permission from the user when some files are replacing it from that drive..

I think it will work..

RE:

I think I havent uderstood you ... you made some tool on your local box? I use this Autorun.inf on every box INFECTED with some malware ... it kinda anti-malware toolkit ... on every unplugging I do "copy H:\Autorun.inf_ H:\Autorun.inf as a workaround ... FOR NOW :)

EDIT: I own U3 ... so I will play with this also ... encryption too...

Bobby NOT that I dont trust u but :) any source code? (Thats like they used to call me too ... bobby XD)

Hi, Forget about

Hi,

Forget about USB_blocker.
As it was to complicated to work with, I developed another tool, but it is still in testing:
http://amf.mycity.co.yu/personal/bobby/USBNoRisk/

I will not release the source code, sorry.
Although I'm a big fan of Open Source (just take a look at my Malzilla at malzilla.sourceforge.net) I do not release the source code of every app I made.

Well that uber-fast

Well that uber-fast detection will come handy for future relases ... :) if you upload it somewhere ... please post link here ( a mozemo i na pice pa da te castim :D ... )

autorun.inf in windows/system32

I am a newbie but last time i found a trojan loading from
autorun.inf located in windows/system32.
It was my first experience with this...