remove autorun.inf

There is a Trojan/virus (either the Win32/Pacex virus or the Win32/PSW.Agent.NDP trojan) that uses those two files. Here is how you can get rid of them:

1) Open up Task Manager (Ctrl-Alt-Del)
2) If wscript.exe is running, end it.
3) If explorer.exe is running, end it.
4) Open up “File | New Task (Run)” in the Task manager
5) Run cmd
6) Run the following command del #:’autorun.* /f/a/s/q with other drives in turn

where # is replaced by drive name e.g-c,d,e etc

Be careful with this command it can delete your all data one by one from your hdd if execute wrongly so place your mouse on x position of cmd prompt windows and if it starts deleting your files close it

or we can do this step by without ending explorer.exe

just hit windows+R it will show you run dialog box now type cmd there,it will give you command prompt

now navigate to #:’ where # replaced with your different drive name

i am taking the example of c:’ drive

now write c:’del/a/s/q/f and give a space now press tab until you see autorun.inf press enter

now yo done do the rest steps as i said (be careful see clearly autorun.inf before deleting it and don’t delete any ntdelect there it may crash your system)

7) Go to your Windows’System32 directory by typing cd c:’windows’system32
8 ) Type dir /a amv*.*
9) If you see any files names amv0.dll or amvo.exe or amv0.exe, use the following commands to delete each of them:

attrib -r -s -h amvo.exe
del amvo.exe

10) Use the Task Manager’s Run command to fire up regedit
11) Navigate to HKEY_CURRENT_USER ’ SOFTWARE ’ Microsoft ’ Windows ’ CurrentVersion ’ Run (as usual, take a backup of your registry before touching it!)
12) If there are any entries for avpo.exe, delete them.
13) Do a complete search of your registry for ntde1ect.com and delete any entries you find.
14) Restart your computer.

SOURCE:www.thehackerslibrary.com

1 comment:

  1. Sinjid FragmenteauJune 10, 2009 at 11:41 PM

    I encountered the autorun.inf virus recently on all three of my flash drives and it was a bugger to remove. I spent (literally) hours on Command Prompt trying to get rid of the ASHR on it. So I finally typed "edit e:\autorun.inf". I found that there was something called "RECYCLER\INFO.exe" that was re-SHR-ing autorun.inf every time that I un-SHR'd it. So, I bagan work on un-SHR-ing RECYCLER\INFO.exe. I would un-SHR it, but when I typed "del e:\recycler\info.exe" it would tell me the file was not found. I was pretty PO'd at this point, so I quit. Then today I had an idea. My mother is a teacher and the school district buys Macintosh computers. Macintosh computers (however lousy they may be) do not have the 'SH' possibility; so, I plugged in my flash drives and the autorun.inf and RECYCLER files popped right up. I deleted autorun.inf with ease, but it wouldn't let me delete RECYCLER. I deleted its contents. I then plugged my flash drives pack in the PC. IT WAS BACK!! So, I moved back to te mac and deleted autorun.inf and RECYCLER's contents again, but this time I made a file named "autorun.inf" and files inside RECYCLER named "desktop.ini" and "info.exe". I plugged my flash drives into the PC, the virus was gone because there were files by their name already, so they could not remake themselves by their appointed name. My problem was solved.

    So here are the steps:
    1 Plug your infected flashdrive into a Macintosh
    2 delete autorun.inf and the files in RECYCLER or whatever your re-shr-er file is
    3 make files with the deleted files' names in the same spots the original files were located (i.e. if the original virus path was e:\RECYCLER\ you would put the file with the virus' name in RECYCLER in drive e)
    4 your problem is solved!

    ReplyDelete