1) Open up Task Manager (Ctrl-Alt-Del)
2) If wscript.exe is running, end it.
3) If explorer.exe is running, end it.
4) Open up “File | New Task (Run)” in the Task manager
5) Run cmd
6) Run the following command del #:’autorun.* /f/a/s/q with other drives in turn
Be careful with this command it can delete your all data one by one from your hdd if execute wrongly so place your mouse on x position of cmd prompt windows and if it starts deleting your files close it
or we can do this step by without ending explorer.exejust hit windows+R it will show you run dialog box now type cmd there,it will give you command prompt
now navigate to #:’ where # replaced with your different drive namei am taking the example of c:’ drive
now write c:’del/a/s/q/f and give a space now press tab until you see autorun.inf press enternow yo done do the rest steps as i said (be careful see clearly autorun.inf before deleting it and don’t delete any ntdelect there it may crash your system)
7) Go to your Windows’System32 directory by typing cd c:’windows’system328 ) Type dir /a amv*.*
9) If you see any files names amv0.dll or amvo.exe or amv0.exe, use the following commands to delete each of them:
attrib -r -s -h amvo.exe
del amvo.exe
11) Navigate to HKEY_CURRENT_USER ’ SOFTWARE ’ Microsoft ’ Windows ’ CurrentVersion ’ Run (as usual, take a backup of your registry before touching it!)
12) If there are any entries for avpo.exe, delete them.
13) Do a complete search of your registry for ntde1ect.com and delete any entries you find.
14) Restart your computer.
SOURCE:www.thehackerslibrary.com
I encountered the autorun.inf virus recently on all three of my flash drives and it was a bugger to remove. I spent (literally) hours on Command Prompt trying to get rid of the ASHR on it. So I finally typed "edit e:\autorun.inf". I found that there was something called "RECYCLER\INFO.exe" that was re-SHR-ing autorun.inf every time that I un-SHR'd it. So, I bagan work on un-SHR-ing RECYCLER\INFO.exe. I would un-SHR it, but when I typed "del e:\recycler\info.exe" it would tell me the file was not found. I was pretty PO'd at this point, so I quit. Then today I had an idea. My mother is a teacher and the school district buys Macintosh computers. Macintosh computers (however lousy they may be) do not have the 'SH' possibility; so, I plugged in my flash drives and the autorun.inf and RECYCLER files popped right up. I deleted autorun.inf with ease, but it wouldn't let me delete RECYCLER. I deleted its contents. I then plugged my flash drives pack in the PC. IT WAS BACK!! So, I moved back to te mac and deleted autorun.inf and RECYCLER's contents again, but this time I made a file named "autorun.inf" and files inside RECYCLER named "desktop.ini" and "info.exe". I plugged my flash drives into the PC, the virus was gone because there were files by their name already, so they could not remake themselves by their appointed name. My problem was solved.
ReplyDeleteSo here are the steps:
1 Plug your infected flashdrive into a Macintosh
2 delete autorun.inf and the files in RECYCLER or whatever your re-shr-er file is
3 make files with the deleted files' names in the same spots the original files were located (i.e. if the original virus path was e:\RECYCLER\ you would put the file with the virus' name in RECYCLER in drive e)
4 your problem is solved!