Autorun/Autoplay

Sorry for my late reply.

Not sure abt (1), so I tried another CD which never ran on my PC before. Setup still ran when I double-clicked on drive in My Computer.

Weird. Anyway just a reminder, I'm on XP SP3 Home, TweakUI same settings as post #1.

 

Did you notice this behavior before installing SP3?

--

 

It was the same when I had SP2. But it's only now that I know it's not supposed to happen

 

OK - looking at your Image Gallery, your NoDriveAutoRun value is the same as I have.

Remove all removable media, then

Go to this Key in the Registry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2


See if yours looks like this with no + sign preceding any sub Key (your sub keys will have different numbers):


________________________________________________________

 

Hi Rmus,

With any removable media removed, this is what I see. Some have "+" in front of them. They mostly expand to "shell/Autoplay/DropTarget".

One expands to "_Autorun/DefaultIcon" and has a "Name" which is the game cd I tested.

Then there's another "CPC/Volume/..."

THANKS again.

 

OK, this means that your Registry has stored a history of your removable media, meaning that the Autorun commands are invoked when you access the drive in My Computer, even though Windows cannot read the current autorun.inf file because of your TweakUI settings.

If you delete the sub keys with the + [except the CPC key] you erase the history, and Windows creates a new key when it detects a drive in use.

I've done this many times, but if you want to play safe, you can export the entire MountPoints2 Key to your desktop before deleting keys.

Now, I never experienced what you have because on my XP laptop when I reboot, the entries do not stick in the Registry.

But I know a couple of people who say the entries do stick, and have set up a .reg file to delete the MountPoints2 key on reboot.

The CPC key by the way is just a list of the drives used. It usually purges as the drive is no longer in use.

Now you know why for home users I recommend accessing the drive via Windows Explorer rather than My Computer if you have concerns about an untrusted/unknown USB drive, or maybe even a CD.

EDIT: I found this explanation in my notes:

In my article referenced in an earlier post, I show how the Shell commands are written to the MountPoints2 Key:

Analysis of an AutoRun.inf File
http://www.urs2.net/rsj/computing/tests/digiframe/InfFile.html

Post back what you find out!


----
rich

 

HI Rmus

1. I deleted all the very long {...} subkeys regardless of whether there was "+" preceding them.

2. After I rebooted PC, 5 long {...} subkeys were recreated. Probably relates to my a: c: d: e: f: drives? No "+" sign on them. 1st pic.

3. But when I insert game cd and refresh registry, a "+" sign appears, which I expanded in the 2nd pic.

4. Double-clicking on drive icon runs game setup.

Tried again 1-4, but same thing happens. I guess my case is just abnormal

 

Hello yeow,

I assume you have your drive unchecked in TweakUI. If so, then your case does not follow the normal pattern.


----
rich

 

Hi Rmus,

Yes, in TweakUI they are still unchecked. I also tried re-checking & unchecking them, but still the same.

Much thanks for ur time looking into it. I'll just right-click> open, or navigate with the left-pane instead.

THANKS!

 

Hello yeow,

You are welcome.

This is the second "method" of disabling AutoRun which has not proved to be reliable for all systems.

Above, I questioned Mrk about the configuration using Group Policies because in another discussion, a user found that setting that policy did prevent AutoRun.inf from invoking the commands when the CD was inserted, but the setup.exe on the CD launched when the drive icon was clicked My Computer.

In other words, both methods did not prevent the Shell commands from writing to the Registry in those cases.

There is another rather brutal method you might try -- it cripples AutoRun for the entire system. See

Memory stick worms
http://nick.brown.free.fr/blog/2007/10/memory-stick-worms


----
rich

 

Hello,

For clarification:

The Group Policy method = NoDriveTypeAutorun set to 255, disables autorun on all drives and prevents creation of registry keys by the shell.

Manual cd registry key hack alone change does not prevent the shell ...

Mrk