lately we discover a new trojan/virus that uses autorun.inf to infect other drive. most of the time it infect any removable media (external hdd or flash drive) that is connected to the infected unit. you will not notice it since the script runs at startup.
here is how you can get rid of them:
- open task manager and in processes tab end explorer.exe and wscript.exe process
- open up file > new task (run) in the task manager
- go to your windows\system32 directory by typing cd c:\windows\system32
type dir /a:h /f hbq*.*
- if you see any files named hbq0.dll or hbq0.exe or hbo.exe, use the
del /a:h /f avp*.exe
del /a:h /f avp*.dll
- open up file > new task (run) in the task manager, type regedit
- navigate to:
if there are any entries for kxvo.exe, delete them. also delete all suspicious
2) type the following (or cut and paste it) into the run line
rundll32 advpack.dll,launchinfsection %windir%\inf\msmsgs.inf,blc.remove
3) click on ok
if the computer is running, shut down windows, and then turn off the power
wait 30 seconds, and then turn the computer on.
start tapping the f8 key. the windows advanced options menu appears. if you begin
tapping the f8 key too soon, some computers display a "keyboard error" message. to
resolve this, restart the computer and try again.
ensure that the safe mode option is selected.
press enter. the computer then begins to start in safe mode.
when you are finished with all troubleshooting, close all programs and restart the
computer as you normally would.
to use the system configuration utility method
close all open programs.
click start, run and type msconfig in the box and click ok
the system configuration utility appears, on the boot.ini tab, check the
"/safeboot" option, and then click ok and restart your computer when prompted.
the computer restarts in safe mode.
perform the troubleshooting steps for which you are using safe mode.
when you are finished with troubleshooting in safe mode, open msconfig again, on
if you dont want to use "fast user switching", you may want to disable the welcome
screen. you must be logged in as an administrator to do this. note:to do this
follow the directions below:
1) click on start
2) click on control panel
3) double-click on user accounts
4) click on "change the way users log on or off"
5) uncheck "use the welcome screen" (note: this will also disable "fast user
6) click on apply options
7) close the user accounts window and the control panel
8) the next time you reboot your computer, the classic login prompt will be used
1) open my computer
2) click on tools
3) click on folder options
4) click on the view tab
5) place a check in the option "do not cache thumbnails"
6) click ok
7) close my computer
1) click on start
2) click on search
3) click on all files and folders
4) type the following in the section called "all or part of the file name"
5) in the look in box, make sure local hard drives is chosen
6) click search
7) a long list of thumbs.db files should appear, click on edit, select all
8) click on file, and choose delete
9) close the search results window
This action might not be possible to undo. Are you sure you want to continue?