Embed Doc
Copy Link
Readcast
Collections

2
CommentGo Back

Download

Remove autorun.inf manually

so i will tell u how to remove autorun.inf virus which is cause of openingof your drives in separate window when u click on the drive name in my computer There is a Trojan/virus (either the Win32/Pacex virus or the Win32/PSW.Agent.NDP trojan) that usesthose two files. Here is how you can get rid of them:1) Open up Task Manager (Ctrl-Alt-Del)2) If wscript.exe is running, end it.3) If explorer.exe is running, end it.4) Open up “File | New Task (Run)” in the Task manager5) Run cmd6) Run the following command del #:autorun.* /f/a/s/q with other drives in turnwhere # is replaced by drive name e.g-c,d,e etcBe careful with this command it can delete your all data one by one from your hdd if execute wronglyso place your mouse on x position of cmd prompt windows and if it starts deleting your files close itor we can do this step by without ending explorer.exe Just hit windows+R it will show you run dialog box now type cmd there, it will give you commandpromptNow navigate to #: where # replaced with your different drive namei am taking the example of c: drivenow write c:del/a/s/q/f and give a space now press tab until you see autorun.inf press enternow you done do the rest steps as i said (be careful see clearly autorun.inf before deleting it and don’tdelete any ntdelect there it may crash your system)7) Go to your WindowsSystem32 directory by typing cd c:windowssystem328 ) Type dir /a avp*.*9) If you see any files names avp0.dll or avpo.exe or avp0.exe, use the following commands to deleteeach of them:attrib -r -s -h avpo.exedel avpo.exe10) Use the Task Manager’s Run command to fire up regedit11) Navigate to HKEY_CURRENT_USER SOFTWARE Microsoft Windows CurrentVersion Run (as usual,take a backup of your registry before touching it!)12) If there are any entries for avpo.exe, delete them.13) Do a complete search of your registry for ntde1ect.com and delete any entries you find.14) Restart your computer.

Remove autorun.inf the said virus hides itself inside a folder named Recycled/Recycler. The folder has a hidden/system/read-onlyattribute, that’s why you can’t see it if you will use the Search window. When your system is infected by the saidvirus, it infects every drive connected to your PC by dropping VCAB.DLL to the internet temporary folder andcreating the CTFMON.EXE to folder Recyled & AUTORUN.INF to the root directory of every drive. That’s why whenyou connect your USB sticks to the infected PC it will be infected immediately; the USB disks will be the new carrierfor the virus. The program runs every time you start your computer because it copies itself in the Startup folder of the Start Menu. It also run every time your insert the infected USB disk and it triggers every time you Double-Clickthe infected drive (bcoz of the AUTORUN.INF). The virus infects .EXEs and .DLLs. To check if your system is infected by the said virus without using an antivirus, do the following steps:1. Go to command prompt.2. Type CD\ in drive C: to go to the root directory3. Type DIR /AH and press ENTER key. This will display all hidden files in your drive C:4. If you see a file AUTORUN.INF and a folder Recycled, then your system is infected.5. Try doing this to your USB drive and check if your USB stick contains the same folder and AUTORUN.INF, if itdoes then your system is really infected..? To manually remove it follows the following steps (Note: you should understand what you’re about to do, you try itat your own risk!)Boot your system in Safemode1. Go to command prompt, in Drive C do the following commands.2. Type -> ATTRIB -H -R -S AUTORUN.INF then press enter3. Type -> DEL AUTORUN.INF then press enter4. Type -> ATTRIB -H -R -S Recycled then press enter

5. In Windows Explorer in Safemode, remove the folder Recycled in drive C use Shift-Delete to delete the folder.6. Repeat Step 3 to 6 for all drives of your system including the USB drive.7. Search for CTFMON.EXE in your system using the Search of Windows found in Start Menu. If you find a file that isnot located in C:\WINDOWS\SYSTEM32, delete it immediately. Don’t forget to empty the recycle bin afterwards(Usually the virus will copy itself in the Startup folder of the Start menu. Check if the file is present there and deleteit then.)?To disable autorun of drives (i.e. every time you double-click a drive or cd or USB, it is auto open) follow thefollowing step:? Click Start->Run->type REGEDIT.EXE1. Go to this key from the register HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer2. Look for the entry NoDriveTypeAutoRun, double click the entry3. Type a new value:?0FF?(Hex) for the NoDriveTypeAutoRun, this will turn off the Autorun for all drives, and pressENTER4. Reboot the system.Viruses that uses Autorun.Inf ? There are several viruses that use the autorun.inf to spread itself such as the Bacalid (hides itself in ctfmon.exe)and the RavMon.EXE. These viruses set its file attributes to System+Hidden+Read-Only attributes so some anti-viruses will have a hard time detecting or finding them. These viruses save itself in the root directory of everyavailable drives of the current infected computer and run it every time you Double-Click the drive. In USB Sticksand CDs that are infected by the virus runs automatically especially if drive autorun is enabled for the currentdrives (which is usually by default, autorun for drives are enabled).?Disable AUTORUN from Registry?Now you can disable the AUTORUN for all drives by configuring the registry. Open the registry by typing regedit.exeto the command prompt (if your still at the command prompt) or execute it in Run. Look for theHKEY_CURRENT_USER\Software\ Microsoft\Windows\CurrentVersion\Policies\ExplorerDouble-click the NoDriveAutorun DWORD entry and type the value HEX: FF (255 in Decimal). (If theNoDriveAutorun does not exists, you can create it by right-clicking the right side area of the regedit window, thenclick New->DWord Value -> type NoDriveAutorun) Close the registry and restart the computer. This procedure willdisable all the autorun for all drives of your computer and at least will prevent the autorun function of infected USBdrives or CDs and avoid the infection of viruses like the Bacalid and RavMon.exeIf you want to prevent viruses that uses autorun.inf? to infect your USB flash drive, try to do this:1. Open your flash drive via Command Prompt (do this via Start->Run->cmd.exe)?2. Change your logged drive to your USB flash drive (e.g. if your drive is at drive E: then type E: on the commandprompt then press enter)3. Create a folder named: AUTORUN.INF on the root directory of your flash drive. (To do this type the command:MD\AUTORUN.INF). If an error: a subdirectory already exists… shows, try to follow the instruction above to removeexisting autorun.inf before doing this instruction. The reason why this will avoid future infection is that autorun.inf viruses usually generate a file autorun.inf. Havingan AUTORUN.INF folder on the root directory of your drives will make virus programs unable to create their ownautorun.inf file; virus can’t even overwrite it because it’s a folder and not file.

Autorun.inf Virus Removal

what is autorun.inf?

Autorun.inf

is a setup information file or INF used to install or setup software’s and drivers. This is usually usedand seen on the CD ROM with the

Autoplay

. The

autorun.inf

makes the CD ROM will Autoplay, it means this willautomatically play or setup upon clicking or play itself or what we called auto installation. If you can see an

autorun.inf

in your CD ROM drive, this is normal.When do we say that

Autorun.inf

is a Virus?Some people say

autorun.inf

is a virus but the reality is not.

Autorun.inf

was only used by the virus to executeor install them by clicking. On the

autorun.inf

it contains setup information or a program setup that will triggerthe virus to execute when they are being clicked by the user. This

autorun.inf

was usually found in the

windowsC:

or in the

removable disk

. And it is mostly set to invisible or hidden in the windows drive or removable drive.Ok here we go, let start removing the

autorun.inf

in your system drive.First you must enable your

Folder Options

, make your hidden files be visible to your eyes. You can enable byclicking-left to your

My Computer > Tools > Folder Options

You can follow this configuration when you enable the

Folder Option

to visible all the hidden files in to yoursystem drive.After this, you can now start deleting the

autorun.inf

into your drive C: or removable drive. And you can alsoremove the unknown files like

Braviax.exe, Ravmon.exe,Kxvo.exe, Amvo.exe

,Bar311.exe,Svchost.exe

orany unknown files that are exist in to the system drive.

Step 1: Use Windows File Search Tool to find autorun.inf Path

Go to

Start > Search > All Files or Folders

In the

"All or part of the the file name"

section, type in

"autorun.inf"

file name(s).

To get better results, select

"Look in: Local Hard Drives"

"Look in: My Computer"

and then click

"Search"

button.

When Windows finishes your search, hover over the "In Folder" of

"autorun.inf"

, highlight the file and copy/paste the path intothe address bar. Save the file's path on your clipboard because you'll need the file path to delete autorun.inf in the followingmanual removal steps.

•

Step 2: Detect and Delete Other autorun.inf Files

To open the Windows Command Prompt, go to

Start > Run > cmd

and then press the

"OK"

button.

Type in

"dir /A name_of_the_folder"

(for example, C:\Spyware-folder), which will display the folder's content even the hiddenfiles.

To change directory, type in

"cd name_of_the_folder"