The AutoRun technology is a Windows operating system feature Microsoft introduced in Windows 95. It allows Windows Explorer to automatically launch programs from inserted storage drives and other media. Its command is rooted into the applications themselves and can't be edited by users, however, they can choose to go through with it or not using another Windows technology, AutoPlay. The autorun.inf text file, used for both the AutoRun and AutoPlay features, is placed in the root directory of a volume or storage drive to launch specific applications, such as installation files. Cybercriminals use this technology to get into user systems using worm type malware. AutoRun malware is the most prevalent in the Asia Pacific. It can infect USBs, hard drives, flash drives, and mapped drives; and is hard to remove. Malware categorized as AutoRun include the following: WORM_SOHANAD, WORM_SILLY, PE_SALITY, WORM_VB, and WORM_DOWNAD (Conficker).
Trend Micro released INF_AUTORUN.A, a Damage Cleanup Template (DCT) package that automatically disables the AUTORUN feature. It is also capable of the following:
Below are the steps in using this DCT package: