Malware Infections Through AutoRun Files

AutoRun, a feature of Windows Explorer (actually of the shell32 dll) introduced in Windows 95, enables media and devices to launch programs by use of commands listed in a file called autorun.inf, stored in the root directory of the medium.

This feature was introduced in Windows way back during the development of Windows 95 and has been continuing with Windows since then on the pretext of adding user convenience.

AutoRun functionality has been used as a malware vector for some time. Since you never know, what is configured in the Autorun files of the removable media, which your inserting in your computer, there is a huge risk, that a malware script might get executed without your knowledge as soon as you insert that innocent looking USB in your computer.

Prior to Windows Vista, the default action with a CD-ROM drive type was to follow any autorun.inf file instructions without prompts or warnings. This makes rogue CD-ROMs one possible infection vector.

How to Block Block Malware Infections from Autorun Files in USB

There are tools and tricks, which will allow you to completely block the execution of any AutoRun files on your computer through USB Flash Disks or any other removal media.

But in case, you are fond of AutoRun functionality and want only the malware files to be blocked, then you might need a simple utility, which can monitor and stop the execution of AutoRun files, which can harm your computer.

AutoRun Easter is one such useful utility for your PC Security. It is fast and prompt in detecting the execution of malicious files in the inserted USB Autorun file. It is in the form of a downloadable .exe file, which will sit silently in your system tray on execution.

autorun eater

As soon as any USB Disk or CD is inserted in your computer, it will quicklu check the contents of AutoRun file even before your Windows is able to check the directory structure of the inserted disk.

How Does AutoRun Eater determine if the AutoRun File contains any Malware

Autorun Eater determines whether an ‘autorun.inf’ file is malicious or not by checking for certain strings in the file. You are then warned and asked for further action if ‘autorun.inf’ files containing those strings are detected.

As soon as AutoRun Eater detects any malicious content in the AutoRun file, the original file gets deleted and a backup copy of the suspicious ‘autorun.inf’ file is first made.

Backup copies of the removed ‘autorun.inf’ file(s) can be viewed by clicking on ‘View Backup’ under the ‘Autorun Backup’ menu option or you could manually navigate here: Documents and Settings\All Users\Application Data\Autorun Eater\Autorun Backup.

Here is a YouTube video, which displays the functionality of Autorun Eater.

[Download AutoRun Eater]