Preventing unwanted autoplay executables

Having recently seen interactual install without permission after inserting a DVD into my D drive , ( see my other recent thread) I’ve been experimenting with other, safer, original DVDs that have executable content in an attempt to figure out how to block this behaviour.

(using windows XP)

I’m not having any success though - I’ve set autoplay so that DVDfab launches when a DVD is inserted, and that’s working for regular DVDs.
All other autoplay types are set either to “always ask” or " no nothing" but neither of those prevents some stuff from running.

I’m testing with s DVD that loads an innocuous macromedia splash screen when it is inserted. i.e. there’s an autorun.inf and an openme.exe on the DVD as well as the regulat video_ts folder. with this DVD, DVDfab does not autorun, the macromedia porgram autoruns instead.

So are there any windows XP settings or hacks which will prevent any executables found on a DVD from executing without asking first; or is there anyway to get DVDFAB to grab the dvd first.

I’ve traid lauching fab before inserting the DVD - doesn’t solve the problem though fab then opens it as usual but the other executable still also runs.

So if that executable was something nasty - like interactual with it’s ability to phone home with my personal details + info on what I’m watching - it would have installed already, before I could stop it.

if I put the DVd into my E drive, which has autorun completely disabled in drive properties, the openme.exe still runs!. so it seems that the autroun info in the DVD overrides the PC drive settings.

NB In this test case the aurorun.inf file on the DVD just contains:
[autorun]
open=“openme.exe”

& Im happy to fool around trying to block this as it’s a harmless little executable.

So are there any Windows hacks or other programs whcih I could consider, since the autorun options are not helping, or is it a “feature” of windows that can’t be blocked ?

To summarise: I want to be able to insert a DVD that may contain Sony or other peoples malware, & be able to rip it without any programs running from the DVD that operate without asking permission first - doesn’t seem like a lot to ask :slight_smile:

is this a reson for upgrading to vista ??? or would it happen there also ?

answering my own question.

I googled to here: http://fileforum.betanews.com/detail/DVD_Popup_Remover/1056866763/1
and did this as per the 1st posting:

Start
Run
gpedit.msc
Computer Configuration
Administrative Templates
System
Turn off Autoplay
Enabled
All Drives

seems to work. I’ll now have to launch DVDfab manually when I insert a DVD but it’s worth it for peace of mind!

Hi cybmole
Could you post a couple of examples you found of DVDs that installed something without a “contiunue” or “yes” or “play video” click from the user? If I can get them I want to experiment with this too. Thanks.:slight_smile:

[QUOTE=signals;1917879]Hi cybmole
Could you post a couple of examples you found of DVDs that installed something without a “contiunue” or “yes” or “play video” click from the user? If I can get them I want to experiment with this too. Thanks.:)[/QUOTE]

the one I was testing with is an NSTC warner bros DVD called beyond basics - blues guitar rhythm chops ( most of my DVds are guitar related).

others which I have with similar macromedia code are B B King blues master highlights. (I’ll zip & attach what’s on that one FYI.), and Carlos Santana influences.
I think the openme.exe is identical on each DVD.

(I think all of the beyond basics… series have the same macromedia front end.)

you’ll find them all cheap on amazon.com

PS the DVD which installed interactual without permission was a SONY DVD - Christy Moore live in Dublin 2006.

[QUOTE=cybmole;1917886]the one I was testing with is an NSTC warner bros DVD called beyond basics - blues guitar rhythm chops ( most of my DVds are guitar related).

others which I have with similar macromedia code are B B King blues master highlights. (I’ll zip & attach what’s on that one FYI.), and Carlos Santana influences.
I think the openme.exe is identical on each DVD.

(I think all of the beyond basics… series have the same macromedia front end.)

you’ll find them all cheap on amazon.com

PS the DVD which installed interactual without permission was a SONY DVD - Christy Moore live in Dublin 2006.[/QUOTE]

the attachment did not seem to work, I’ll try again.

I guess you could easliy create a test Dvd - burn any movie & add an autoexec.inf and openme.exe file as per the attachment.

I use roxio MY dvd creator & can drag & drop whatever contents I want onto the Dvd before burning, ( I guess nero has similar functionality)

It’s harmless code because it does not actually install anything, but it illustrates the principle that a DVd can contain and autorun a damaging executable.

(or you could just add your own code, usign any “safe” .exe file that you happen to have handy, with a matching autorun.inf that you can create using notebook )

Very interesting detective work, thanks:). No need to worry about the attachment, I know what to look for now. I’ll check amazon for one in the series.

the upload failed bacause it was too large.

I’m a guitarist by trade, not a hacker, but what i’m learning here is that if a dvd contains a file called malware.exe and a a file called autoexec.inf , and that .inf file just says

[autorun]
open =“malware.exe”

then you’re screwed as soon as you insert the DVD, unles you apply the earlier instructions !

I just applied the above instructions and it worked.
Thanks for the info.

ok yeah turn that auto play OFF for all drives :iagree:

from what i can find gpedit.msc runs in Windows Server 2003 32-bit/64-bit, Windows XP Professional SP1 or later, Windows XP Professional 64-bit, Windows 2000 Professional and Windows 2000 Server family. i however am running windows xp home sp2 32-bit edition. is there another way to perform the fix if i can not gain access to the gpedit.msc.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\autorun value set to zero but i still get the autoplay on some dvds as explained in above posts.

Windows cannot find ‘gpedit.msc’. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.

you can do it with regedit, if you feel ok editing the registry

When you type like I do, the registry is a dangerous place to visit.:slight_smile:

Hi,[QUOTE=troy512;1918095]i however am running windows xp home sp2 32-bit edition. is there another way to perform the fix if i can not gain access to the gpedit.msc.[/QUOTE]Group policy editor is not supported on XP Home. The most easiest way to prevent autostarting applications off a CD or DVD (this was btw the infection vector of the infamous Sony Rootkit) would be to have the “shift” key pressed during the time of insert and recognising the disc.

See also http://support.microsoft.com/kb/155217 and http://support.microsoft.com/kb/319287

It is also a good idea to have restricted user account set up (and used for working/playback with CD/DVD) since this would prevent installing such crap system wide.

Michael

[QUOTE=troy512;1918095]from what i can find gpedit.msc runs in Windows Server 2003 32-bit/64-bit, Windows XP Professional SP1 or later, Windows XP Professional 64-bit, Windows 2000 Professional and Windows 2000 Server family. i however am running windows xp home sp2 32-bit edition. is there another way to perform the fix if i can not gain access to the gpedit.msc.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\autorun value set to zero but i still get the autoplay on some dvds as explained in above posts.[/QUOTE]

I’m running windows media center edition & the above fix worked for me. try going back to the link where I found the instructions for that fix ( a few posts earlier) - there may be more help there.

Hmmm,

it seems that those earlier instructions which I found & posted, expire when the pc is turned off.

I put in a DVd today , after turning the PC back on & found that autorun had re-enabled itself.

To disable autorun from CDs/DVDs try this little tool from http://xp-antispy.org/index.php?lang=en

It’s Freeware, nice and helpfull. No Install needed, if you download the .zip file.

If after a new start of windows autorun turn automatic on, there must be a rootkit or others I guess.

[QUOTE=Amiga Freak;1918383]To disable autorun from CDs/DVDs try this little tool from http://xp-antispy.org/index.php?lang=en

It’s Freeware, nice and helpfull. No Install needed, if you download the .zip file.

If after a new start of windows autorun turn automatic on, there must be a rootkit or others I guess.[/QUOTE]

thanks for the link - I’ll try that.

maybe autorun was reset because I’d turned off autorun for all drives, not just for all CD-ROM drives. ? I’ll have to experiment some more.

If you want to get sure, no DVD installed something in background, it is necessary to turn off autorun on all cd/dvd drives. But now you have to do all cd/dvds run by hand. That is a problem for some users, because autorun is easier…

Yeah, like rolling, I just have autoplay disabled.
As everyone is aware, there are a number of ways to do this.
Here’s a compilation of methods with the exception of GPEDIT.MSC which does not work with XP home as mciahel pointed out:
http://www.annoyances.org/exec/show/article03-018

My favorite is TweakUI.exe, one of the MS Power Toys:
http://www.microsoft.com/windowsxp/downloads/powertoys/xppowertoys.mspx
Works with all XP OS.

Open TweakUI
Expand [B]My Computer [/B]branch then the [B]AutoPlay[/B] branch, and then select[B] Drives[/B].
Turn off the checkbox next to each drive letter for which you want AutoPlay disabled.
:cool:

[QUOTE=Amiga Freak;1918383]To disable autorun from CDs/DVDs try this little tool from xp-antispy.org[/quote]I wouldn’t trust a software author, who sold his project domain to a pron dialler guy, at all.

[QUOTE=maineman;1918506]
My favorite is TweakUI.exe, one of the MS Power Toys:
[/QUOTE]:iagree: But for some reasons, MS managed to render this function useless if restricted user accounts are used :confused:

Michael