Where I live (Bolivia), it seems that around 2/3 of USB sticks that I encounter have malware that executes via autorun.inf and tries to infect the host machine. Most internet access here is conducted on public computers where security and malware prevention is often lax.

After reading about Panda USB Vaccine recently I've been offering to "vaccinate" colleagues' USB sticks to prevent the crippling effects of this plague (autorun is disabled on all our machines but colleagues often work from home computers which kept getting b0rked this way). The vaccine works by creating a harmless autorun.inf and attemtping to prevent other programs replacing it (I assume via ownership/permissions but I'm not a Windows guy so I don't really know).

This seemed to be working well until recently when many disks started to show up with rogue autorun.inf files again. I'd like to try to understand how this could have happened and whether it's worth trying out other similar vaccine applications.

To put it another way, is realistic to expect any removable media vaccine to work or do insurmountable loopholes exist (if so what are the loopholes)?

3 Answers 3


Putting a blank autorun.inf and setting the file permission so it cannot be changed will only stump viruses does not expect such tricks. For more sophisticated virus that expects this, it is rather trivial for the virus to override the protected autorun.inf (though admittably, it does help to cut down some older virus). As you can guess, this loophole cannot be closed except by making the USB drive totally unwritable.

Quite a common practice is to buy a USB drive that have a write switch, and only turn on the write switch when you need to write data and only on trusted computers.


A good trick is to disable autorun.inf completely from all your machines. Save the following code in a notepad and make sure it has the .reg extension, not .txt and run it.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]

You can disable autorun.inf completely. I think you could do it through the hardware settings for each device or disable it for all in the registry.

More information on how to disable it:


  • The question states that autorun is already disabled for all our computers. The subject of the question is a preventative measure that resides on the drives themselves. Commented Sep 28, 2010 at 12:51

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .