Jump to content
Sign in to follow this  
TurionAltec

Deactivate Autorun

Recommended Posts

TurionAltec

Since Autorun is an attack vector of Conflicker, I came up with this script to simply disable Autorun completely for all devices. That way I can easily deploy it to all the users I support.

Just run it and it will try to deactivate it. If there's a problem it will tell you.

;Autorunoff
;Simple script to disable Autorun, attempting both globally (HKLM) and locally (HKCU)
;0xff corresponds to all devices. Default is 0x91. It is set bitwise according to:
;http://www.computerperformance.co.uk/vista/vista_registry_autorun.htm

#RequireAdmin

$CUautoReturn=Regwrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoDriveTypeAutoRun","REG_DWORD",0xff)
$LMautoReturn=RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer","NoDriveTypeAutoRun","REG_DWORD",0xff)
$LMHonorReturn=RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer","HonorAutoRunSetting","REG_DWORD",0x1)
;Success writing returns 1

$CUautoRead=RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoDriveTypeAutoRun")
$LMautoRead=RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer","NoDriveTypeAutoRun")
$LMHonorRead=RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer","HonorAutoRunSetting")

;Debug lines for testing conditions
;$CUautoReturn=0
;$LMautoReturn=0
;$LMHonorReturn=0
;$CUautoRead=0xff
;$LMautoRead=0xff
;$LMHonorRead=0x1

;Smooth sailing
If $CUautoReturn=1 AND $LMautoReturn=1 AND $LMHonorReturn=1 AND $CUautoRead=0xff AND $LMautoRead=0xff AND $LMHonorRead=1 Then
    Msgbox(64,"Success", "Autorun successfully disabled!")
    Exit
EndIf

;Warning ->Values correct, problem writing
If ($CUautoReturn<>1 OR $LMautoReturn<>1 OR $LMHonorReturn<>1) AND $CUautoRead=0xff AND $LMautoRead=0xff AND $LMHonorRead=1 Then
    $outputString= "All values correctly set, however there was a problem writing to "
    If $CUautoReturn<>0 Then $outputString=$outputString&@CRLF&"HKCU NoDriveTypeAutoRun"
    If $LMautoReturn<>0 Then $outputString=$outputString&@CRLF&"HKLM NoDriveTypeAutoRun"
    If $LMHonorReturn<>0  Then $outputString=$outputString&@CRLF&"HKLM HonorAutoRunSetting"
    msgbox(48, "Autorun WARNING", $outputString)
    Exit
EndIf

;Error ->Incorrect Values
$outputString="Some values were incorrectly set!"
;Test $CUautoRead
If $CUautoRead= 0xff Then
    $outputString=$outputString&@CRLF&"CORRECT HKCU NoDriveTypeAutoRun set to 0xff"
Else
    $outputString=$outputString&@CRLF&"ERROR HKCU NoDriveTypeAutoRun set to 0x"&hex($CUautoRead,2)& " NOT 0xff"
EndIf
;Test $LMautoRead
If $LMautoRead=0xff Then
    $outputString=$outputString&@CRLF&"CORRECT HKLM NoDriveTypeAutoRun set to 0xff"
Else
    $outputString=$outputString&@CRLF&"ERROR HKLM NoDriveTypeAutoRun set to 0x"&hex($LMautoRead,2)& " NOT 0xff"
EndIf
; Test $LMHonorRead
If $LMHonorRead=0x1 Then
    $outputString=$outputString&@CRLF&"CORRECT HKLM HonorAutoRunSetting set to 0x1"
Else
    $outputString=$outputString&@CRLF&"ERROR HKLM HonorAutoRunSetting set to 0x"&hex($LMHonorRead,2)& " NOT 0x1"
EndIf   

Msgbox(16,"Autorun ERROR", $outputString)
Exit

autorunoff.exe

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.