Autorun.inf is a text file which instruct Windows about the execution priority when an operation is performed . Autorun command is associated with CDs ,DVDs, USB etc. If autorun.inf is specified in a CD or DVD , Windows then reads and follows the specific instructions this file defines.
Autorun virus (Actually its a worm) manipulates the autorun.inf files . Autorun worm is capable of spreading through computer networks and USB disks . It will either replace or modify the existing settings in these devices . It is very difficult to remove autorun virus as it modifies many of the system settings . It will block access to internet , disable show hidden files and folders , blocks access to antivirus websites , disable msconfig etc .Formatting Windows will not work for the effective removal of autorun virus as the infection still exists in other hard disk partitions .
Autorun virus : Symptoms of infection
Hard disk autoplay
msconfig disabled
Hidden files and folders disabled .
Remove Autorun virus
1.Get autorun virus removal tool here
2.Now Press Win+R and enter cmd open Windows command prompt .
Now we are about to list hard disk files from command prompt .
for C drive type dir c: /a/w
If Autorun virus is present , It will get listed as shown above . There would be many other files like onlinegames , kavo.exe,.vbs , Heap41a , newfolder.exe,.com, ppt.exe etc .
These files include read only, archive, system and hidden file attributes associated with them.
So in next step we will remove these restrictions from the above suspicious files .
attrib -s -h -r c:autorun.inf
or attrib -s -h -r c:autorun.vbs ( Change the hard disk partitions as required)
Now remove all those files associated with autorun virus using del instruction .
Del autorun.inf or Del kavo.exe ( repeat the procedure for all the files and hard drives )
Or you can automate the process by notepad
dir c: /a/wattrib -s -h -r c:autorun.infdel autorun.inf
dir d: /a/wattrib -s -h -r d:autorun.infdel autorun.inf
dir e: /a/wattrib -s -h -r d:autorun.infdel autorun.inf
(Add the necessary hard disk partitions and files as per requirement ). Now copy the completed document in notepad and save as remove.bat . This file will remove all the autorun virus traces on execution .
After removing all the infected autorun virus files from hard drives , execute autorun virus removal tool on step 1 to remove further traces .
3. Repair registry to enable hidden files and folders .
Press Win+R and enter regedit . Now this will open the Windows registry . Move on to the following registration entries .
HKEY_LOCAL_MACHINE >SOFTWARE>Microsoft>Windows>CurrentVersion>Explorer>Advanced>Folder>Hidden>SHOWALL
Autorun virus usually alter this registration entry . Double click on CheckedValue and enter value data as 1 . Now you would be able to enable hidden files and folders .
4. Turn off autorun feature in Windows .
This will avoid the execution of existing autorun worms in a PC and also one on USBs and CDs .
Copy the following command in notepad and save as removeautorun.reg
REGEDIT5[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionIniFileMappingAutorun.inf]@=”@SYS:DoesNotExist”5. Restart your PC for the complete removal of Autorun virus .
No comments:
Post a Comment