On Wed, 21 Jan 2009, Wayne Johnson wrote:
At 08:54 AM 1/21/2009, Christopher Fisk typed:
TA09-020A
http://www.us-cert.gov/cas/techalerts/TA09-020A.html
I know a lot of the collective disable autorun, thought this would be useful
for you.
I don't think I completely agree with this solution especially if you have a
lan.
Alternatively, the following registry key may be deleted:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
If one deletes this then won't they'll lose their mappoints for all the other
drives on the lan?
I do have a reg file that I run that disabled autorun
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\CancelAutoplay\Files]
"*setup*.exe"=""
"*instal*.exe"=""
"*setup*.bat"=""
"*instal*.bat"=""
"*setup*.cmd"=""
"*instal*.cmd"=""
"*setup*.com"=""
"*instal*.com"=""
"Y?kle*"=""
"Felrak.exe"=""
"Imposta.exe"=""
"KUR.exe"=""
"Ayarla.exe"=""
"sfc2.ico"=""
"evanims"=""
"00000001.tmp"=""
"updmoney.exe"=""
"hs\\media\\y\\11399\\11399_cd_fp.jpg"=""
"hs\\media\\y\\9953\\9953_cd_fp.jpg"=""
"hs\\media\\y\\9951\\9951_cd_fp.jpg"=""
"hs\\media\\y\\9964\\9964_cd_fp.jpg"=""
"hs\\media\\y\\9968\\9968_cd_fp.jpg"=""
"inf"=""
And then there is always using TweakUI to disable it.
I'm pretty sure the issue is that the autoplay feature can be susceptable
to a buffer overrun, so it still reads the autorun.inf and if that is
malformed can cause an issue (If I read it right).
Essentially, even with autorun turned off how Microsoft recommends it be
turned off it still parses the autorun (To get things like the icon for
the drive and stuff).
Christopher Fisk
--
You know you're using the computer too much when:
all of the sudden people ask you to many danm questions on aim or msn
messenger
-- RedDawn
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
