Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Autorun.inf on my usb


  • Please log in to reply
1 reply to this topic

#1 Si_

Si_

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 07 February 2010 - 05:44 PM

Hey guys I got infected with an autorun.inf on my usb and i cant figure out how to remove it. Avast keeps reporting that im infected with BV:AutoRun-AG [Wrm] , i keep choosing to delet it or move to chest and it keeps recreating it self. So i found out how to open the file inorder to see what other files it executes and this is what it showed:

lknhkjgbkjhv*&*&^T^Y&IHBhJkhvfgfjhd354e6tyghliIUWBD<w
autorun]
[autorun[
[autorun]
open=vlsdgsdsafkjbsdgkjbsdgkjbsdkgjgweagi\sadhhregdfskxjansfkjnllaskjnags\autorun.exekljkjgkjhf786rtuhgkjjkgkjgkjg
icon=%SystemRoot%\system32\SHELL32.dll,4
action=Open folder to view files
UseAuTOPLAY=1
shell\\open\\command=vlsdgsdsafkjbsdgkjbsdgkjbsdkgjgweagi\sadhhregdfskxjansfkjnllaskjnags\autorun.exeivh76r87ygjhfougoiuhiug
shell\\Explore\\Command=
bleepaksfkonafoknkhfouiyt8976t87uygvlsdgsdsafkjbsdgkjbsdgkjbsdkgjgweagE:\aUtORUN.inf

I was following a tutorial for how to manually remove it and it said to follow these steps:

- Type d: (This is the drive letter of USB. It can be e: or f: defending on how many hard disk or cd drive is installed)
- Type attrib -h -r -s autorun.inf
- Type “edit autorun.inf” it will open DOS Editor and display contents as follows
==========================
[autorun]
open=file.exe
shell\Open\Command=file.exe
shell\open\Default=1
shell\Explore\Command=file.exe
shell\Autoplay\command=file.exe
==========================
Take note on the file that it called to open (in above example it is file.exe)

10. Exit DOS Editor and return to command prompt, D:\>
11. Delete the file that was called to open on DOS Editor
- Type del /f /a file.exe

12. Delete autorun.inf file
- Type del /f /a autorun.inf


i did those but i cant delet the autorun.exe from the looks. Im probably doing this all wrong and any help you guys can give would be greatly appreciated. Also iv tried using autorun virus remover and that just deleted the file like avast would.
Im running on windows 7, help please anyone :thumbsup:

****EDIT****
Theres a word filter on the forums and for the part where it says
shell\\Explore\\Command=
bleepaksfkonafoknkhfouiyt89

change bleep to the N word

Edited by Si_, 07 February 2010 - 05:50 PM.


BC AdBot (Login to Remove)

 


#2 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:08:37 AM

Posted 07 February 2010 - 06:48 PM

Download and Run FlashDisinfector

You may have a flash drive infection. These worms travel through your portable drives. If they have been connected to other machines, they may now be infected.
  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
    Note: Some security programs will flag Flash_Disinfector as being some sort of malware, you can safely ignore these warnings
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users