autorun.inf virus removal needed

[ranjan2001]

MY laptop was infested by a friend who connected a usb drive inspite my warning not to do so, now all drives are infected.

I use CFcards & on connecting to laptop they get the autorun.inf file. If I format these cards the file is gone but on next connection with laptop they again get infected.

C:\AUTORUN.inf (I see this directory but I cannot delete this, same is on D:\ too)

I installed KIS trial version but that too is only reporting detection of the virus but not able to delete it. see screen shot.

Need help!

 

[blueren]

Unfortunately, there are no softwares out there which can remove your friend from your laptop.

You can download this handy tool to remove suspicious autorun.inf files - Autorun Eater

I haven't tried it before but have heard that its effective. Please report back if successful / unsuccessful.

 

[ranjan2001]

Thanks,

I have already tried 5 such software but they don't do the job,

they are all said to be FREE but they all want you to pay to remove it with no guarantee weather they actually can remove it or not.

I found this post seems useful but i cant get the bat file remove it as mentioned.

How to remove autorun.inf virus , open hidden [Solved]

 

[pavasedge]

Try with Trojan remover.It works best for such stuff.

 

[ranjan2001]

there are many such remover which claim, can you tell me the url of that software?

 

[logistopath]

I hope you've tried the simple command prompt way..

Reboot system in Safe mode with command prompt.
Open Start >> Run >> Type cmd and press enter
Execute the following commands in order one by one:
1. cd\
2. attrib -r -s -h autorun.inf
3. del autorun.inf
After this type d: and press enter for changing to d drive. Execute commands 1 to 3 as above. Repeat the same for e, f, g, etc. drives and also the pen drive.

This should do the trick. Immediately after this, run your antivirus and do a complete system scan.

 

[manu1991]

autorun.inf is just an autorun file . It will be harmful only if it executes some malware . So , a normal antivirus / antispyware is sufficient . I'd suggest SuperAntiSpyware / Malwarebytes . Both are free .

 

[ranjan2001]

Thanks Guys for the help but i cant delete with cmd bcoz there is no file by name autorun.inf on C & D instead a folder.

C:\AUTORUN.inf (this is a folder)

C:\AUTORUN.inf\immunity. (dot) this is sub folder which is blank

D:\AUTORUN.inf (this is a folder)

D:\AUTORUN.inf\immunity. (dot) this is sub folder which is blank

In safe mode or normal mode i cant delete these folders

when I connect a usb drive i see

F:\autorun.inf (this is a file) which is blank & when i open it say cant read as the file is being used by another program.

Kaspersky reports a trojan but cant do anything about it (screen shot in 1 st post)

 

[johnie1]

I had the same problem.Tried everything i knew but the autorun.inf file just would not go.Instead I found a method which works.

Install a firewall.In my case it is outpost firewall.Now connect the usb drive which is infected.When the usb device tries to connect onto the autorun.inf infected file on the lappy the firewall stops it.Then you can delete the file from ur usb drive without formatting the drive.I dont remember how i deleted the file from the machine but afterthat i did not have any problems with autorun.inf virus.The firewall stops the execution of the autorun.inf and hence when the process stops you are able to delete it.If there is no firewall there is a hidden process which you cannot terminate because of the permissions.just try this.It worked for me.

hope it helps.

 

[ranjan2001]

Using KIS

it is a antivirus & firewall, but all its doing is reporting it but unable to disinfect, see screen shot in 1st post.

The trojan is named as

Trojan.Win32.Autorun.hb

 

[johnie1]

try outpost na.

 

[blueren]

KIS usually deals with these sorta problems. But unfortunately in this situation, you installed it after you got infected. KIS always notifies me of suspicious files / programs and also warns me that it won't be able to monitor the activities of those programs once I've given it permission.

Have you tried malwarebytes yet? Also try booting through linux and deleting the directory

 

[madnav]

for next time.

just keep autorun disabled for all devices.

 

[nvidia10]

As said above, try the malware bytes anti malware software. It's very effective for those type of stubborn viruses.

 

[ranjan2001]

Ok i installed malware bytes anti malware, scanning will take a lot of time i will report back the results.

just keep autorun disabled for all devices

How do you do that on XP pro SP3?

Also try booting through linux and deleting the directory

I have linux dvd I will try doing that next.

 

[blueren]

How do you do that on XP pro SP3?

1. Click Start, type Gpedit.msc in the Start Search box, and then press ENTER.

2. If you are prompted for an administrator password or for confirmation, type the password, or click Allow.

3. Under Computer Configuration, expand Administrative Templates, expand Windows Components, and then click Autoplay Policies.

4. In the Details pane, double-click Turn off Autoplay.

More references can be found here

5. Click Enabled, and then select All drives in the Turn off Autoplay box to disable Autorun on all drives.

6. Restart the computer.

 

[ranjan2001]

expand Windows Components, and then click Autoplay Policies.

4. In the Details pane, double-click Turn off Autoplay.

I dont see autoplay policies under Windows Components, all I see is sub categories, i went through all of them but cant find anything related to autoplay.

Malwarebytes can find the virus & cannot delete it bcoz its under C:\RECYCLER\S-1-5-21-0074887890-8991008150-914631753-1911\hd1.exe (Worm.Autorun.B)-> delete on reboot.

After restarting it does not delete it.

 

[blueren]

Please try Computer Configuration > Administrative Templates > System and in the Details pane, double-click Turn off Autoplay.

Info found here

OR you could just download and run this script

This must be getting quite troublesome for you. Have you given SpywareBlaster a try?

However, theres just one other thing. Did you by chance use flash disinfector? If so, then the autorun.inf folder has a purpose of being there.

Another person in this other forum has the exact same problem as you.

To delete the autorun.inf folder just install Unlocker from http://ccollomb.free.fr/unlocker/

Then go to the folder in windows explorer and right click and choose Unlocker. Then choose the delete option from the drop down list and hit ok. It deleted it for me 1st try without a reboot.

 

[ranjan2001]

Thanks for all the help i finally disabled autorun & got rid of the virus, one last time i am rescanning the drives to confirm.

Now on connecting the usb i don't get autorun.inf file & reading the other forum i now understand that i should not delete those folder which must have been created by autorun remover which i tried earlier before posting here.

This must be getting quite troublesome for you

Yes but i know that the forum members here will finally solve the problem, all you need is patience & a sane mind to follow the advise correctly.

I never lost cool & wasn't ever tempted to do a reformat of drives. Reformat stops you from learning.

UPDATE

C:\ scanned report show

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent)

file deleted successfully

2nd UPDATE

Scanned with KIS full scan reports no virus so all is well now.

Good learning experience for me.

Thanks

 

[CA50]

try usb disk security
download link