Method 1:
Step 1:
Remove autorun.inf virus from computer.
Create .bat file like "KillAutorun.bat" paste below code to bat file.
attrib -r autorun.inf
del autorun.inf
md autorun.inf
attrib +r +h autorun.inf
Dissable_auto_run.reg
Create .bat file like "KillAutorun.bat" paste below code to bat file.
attrib -r autorun.inf
del autorun.inf
md autorun.inf
attrib +r +h autorun.inf
Dissable_auto_run.reg
Step 2:
Creating .reg File "Dissable_auto_run.reg" to stop windows Auto run.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDriveAutoRun"=dword:000000ff
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Policies"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,\ 77,69,6e,64,6f,77,73,33,32,5f,72,61,69,6e,73,74,65,72,5c,6d,79,73,6c,69,64,\ 65,73,2e,65,78,65,00
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDriveAutoRun"=dword:000000ff
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Policies"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,\ 77,69,6e,64,6f,77,73,33,32,5f,72,61,69,6e,73,74,65,72,5c,6d,79,73,6c,69,64,\ 65,73,2e,65,78,65,00
Step 3:
Palce both files (Dissable_auto_run.reg and KillAutorun.bat) in USB root.
Execute(doubble Click) KillAutorun.bat
Execute(doubble Click) KillAutorun.bat
Step 4:
Assume USB drive id is "I:"
Open I:\RECYCLER\S-1-5-21-1482476501-3352491937-682996330-1013\
in this folder will have some exe file Eg: myslides.exe
Create one batch file same as Step 1.
Eg: Create .bat file like "KillAutorun.bat" paste below code to bat file.
attrib -r myslides.exe
del myslides.exe
md myslides.exe
attrib +r +h myslides.exe
Run this bat file from "I:\RECYCLER\S-1-5-21-1482476501-3352491937-682996330-1013\"
Note: S-1-5-21-1482476501-3352491937-682996330-1013 this folder name will differ from one system to another system.
Open I:\RECYCLER\S-1-5-21-1482476501-3352491937-682996330-1013\
in this folder will have some exe file Eg: myslides.exe
Create one batch file same as Step 1.
Eg: Create .bat file like "KillAutorun.bat" paste below code to bat file.
attrib -r myslides.exe
del myslides.exe
md myslides.exe
attrib +r +h myslides.exe
Run this bat file from "I:\RECYCLER\S-1-5-21-1482476501-3352491937-682996330-1013\"
Note: S-1-5-21-1482476501-3352491937-682996330-1013 this folder name will differ from one system to another system.
Method 2:
Step 1: Use Windows File Search Tool to Find autorun.inf Path
Autorun.inf removal
1. Go to Start > Search > All Files or Folders.
2. In the "All or part of the the file name" section, type in "autorun.inf" file name(s).
3. To get better results, select "Look in: Local Hard Drives" or "Look in: My Computer" and then click "Search" button.
4. When Windows finishes your search, hover over the "In Folder" of "autorun.inf", highlight the file and copy/paste the path into the address bar. Save the file's path on your clipboard because you'll need the file path to delete autorun.inf in the following manual removal steps.
1. Go to Start > Search > All Files or Folders.
2. In the "All or part of the the file name" section, type in "autorun.inf" file name(s).
3. To get better results, select "Look in: Local Hard Drives" or "Look in: My Computer" and then click "Search" button.
4. When Windows finishes your search, hover over the "In Folder" of "autorun.inf", highlight the file and copy/paste the path into the address bar. Save the file's path on your clipboard because you'll need the file path to delete autorun.inf in the following manual removal steps.
Step 2: Detect and Delete Other autorun.inf Files
1. To open the Windows Command Prompt, go to Start > Run > cmd and then press the "OK" button.
2. Type in "dir /A name_of_the_folder" (for example, C:\Spyware-folder), which will display the folder's content even the hidden files.
3. To change directory, type in "cd name_of_the_folder".
4. Once you have the file you're looking for type in del "name_of_the_file".
5. To delete a file in folder, type in "del name_of_the_file".
6. To delete the entire folder, type in "rmdir /S name_of_the_folder".
7. Select the "autorun.inf" process and click on the "End Process" button to kill it.
2. Type in "dir /A name_of_the_folder" (for example, C:\Spyware-folder), which will display the folder's content even the hidden files.
3. To change directory, type in "cd name_of_the_folder".
4. Once you have the file you're looking for type in del "name_of_the_file".
5. To delete a file in folder, type in "del name_of_the_file".
6. To delete the entire folder, type in "rmdir /S name_of_the_folder".
7. Select the "autorun.inf" process and click on the "End Process" button to kill it.
Method 3:
Step 1:
Delete Autorun.inf virus
To Remove autorun.inf based virus, open command prompt (type cmd in Run found on Start Menu), type cd\ and hit enter,
Now type ATTRIB -A -H -R -S autorun.inf and Hit enter
then type del autorun.inf and Hit enter
then type MD autorun.inf and Hit enter
thats it, again that virus wont be able to create autorun.inf file. similarly do it for other drives
to go to D drive type d: in cmd prompt, and repeat previous procedure,
To remove Autorun.inf totally you 've to even remove from registry, type regedit in run menu
go to--> HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Double click the NoDriveAutorun DWORD entry & type the value HEX:FF
Now Reboot
If This Method Does Work , Same Procedure Has to be followed in Recovery Console, To Perform in RECOVERY CONSOLE, Insert Bootable Windows cd & boot into cd, After Initialization process you will be Asked to Press Enter for Setup Or R to Repair, Press R, You Will be Taken To Recovery Console Similar to Ms-Dos prompt, Then You have to follow Procedure
To Remove autorun.inf based virus, open command prompt (type cmd in Run found on Start Menu), type cd\ and hit enter,
Now type ATTRIB -A -H -R -S autorun.inf and Hit enter
then type del autorun.inf and Hit enter
then type MD autorun.inf and Hit enter
thats it, again that virus wont be able to create autorun.inf file. similarly do it for other drives
to go to D drive type d: in cmd prompt, and repeat previous procedure,
To remove Autorun.inf totally you 've to even remove from registry, type regedit in run menu
go to--> HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Double click the NoDriveAutorun DWORD entry & type the value HEX:FF
Now Reboot
If This Method Does Work , Same Procedure Has to be followed in Recovery Console, To Perform in RECOVERY CONSOLE, Insert Bootable Windows cd & boot into cd, After Initialization process you will be Asked to Press Enter for Setup Or R to Repair, Press R, You Will be Taken To Recovery Console Similar to Ms-Dos prompt, Then You have to follow Procedure
Step 2:
1. Type 1 to select Your OS (Default C Drive)
Step 3:
2) Then type admin password , if not set(default not set) Just hit enter
Then Follow Procedure Which Was Stated Above About Removing Virus from Command Prompt.
Then Follow Procedure Which Was Stated Above About Removing Virus from Command Prompt.
Method 4:
Step1:
How to remove Autorun.inf virus.
a. Search for autorun.inf file. It is a read only file so you will have to change it to normal by right clicking the file , selecting the properties and un-check the read only option
b. Open the file in notepad and delete everything and save the file.
c. Now change the file status back to read only mode so that the virus could not get access again.
d. Click start->run and type msconfig and click ok.
e. Go to startup tab look for regsvr and uncheck the option click OK.
f. Click on Exit without Restart, cause there are still few things we need to do before we can restart the PC.
g. Now go to control panel -> scheduled tasks, and delete the At1 task listed their.
a. Search for autorun.inf file. It is a read only file so you will have to change it to normal by right clicking the file , selecting the properties and un-check the read only option
b. Open the file in notepad and delete everything and save the file.
c. Now change the file status back to read only mode so that the virus could not get access again.
d. Click start->run and type msconfig and click ok.
e. Go to startup tab look for regsvr and uncheck the option click OK.
f. Click on Exit without Restart, cause there are still few things we need to do before we can restart the PC.
g. Now go to control panel -> scheduled tasks, and delete the At1 task listed their.
Step:2
a. Click on start -> run and type gpedit.msc and click Ok.
b. If you are Windows XP Home Edition user you might not have gpedit.msc in that case download and install it from Windows XP Home Edition: gpedit.msc and then follow these steps.
c. Go to users configuration->Administrative templates->system
d. Find “prevent access to registry editing tools” and change the option to disable.
e. Once you do this you have registry access back.
b. If you are Windows XP Home Edition user you might not have gpedit.msc in that case download and install it from Windows XP Home Edition: gpedit.msc and then follow these steps.
c. Go to users configuration->Administrative templates->system
d. Find “prevent access to registry editing tools” and change the option to disable.
e. Once you do this you have registry access back.
Step:3
a. Click on start->run and type regedit and click ok.
b. Go to edit->find and start the search for regsvr.exe,
c. Delete all the occurrence of regsvr.exe; remember to take a backup before deleting. KEEP IN MIND regsvr32.exe is not to be deleted. Delete regsvr.exe occurrences only.
d. At one ore two places you will find it after explorer.exe in theses cases only delete the regsvr.exe part and not the whole part. E.g. Shell = “Explorer.exe regsvr.exe” the just delete the regsvr.exe and leave the explorer.exe
b. Go to edit->find and start the search for regsvr.exe,
c. Delete all the occurrence of regsvr.exe; remember to take a backup before deleting. KEEP IN MIND regsvr32.exe is not to be deleted. Delete regsvr.exe occurrences only.
d. At one ore two places you will find it after explorer.exe in theses cases only delete the regsvr.exe part and not the whole part. E.g. Shell = “Explorer.exe regsvr.exe” the just delete the regsvr.exe and leave the explorer.exe
Step:4
a. Click on start->search->for files and folders.
b. Their click all files and folders
c. Type “*.exe” as filename to search for
d. Click on ‘when was it modified ‘ option and select the specify date option
e. Type from date as 1/31/2008 and also type To date as 1/31/2008
f. Now hit search and wait for all the exe’s to show up.
g Once search is over select all the exe files and shift+delete the files, caution must be taken so that you don’t delete the legitimate exe file that you have installed on 31st January.
h. Also selecting lot of files together might make your computer unresponsive so delete them in small bunches.
i. Also find and delete regsvr.exe, svchost .exe (notice an extra space between the svchost and .exe)
b. Their click all files and folders
c. Type “*.exe” as filename to search for
d. Click on ‘when was it modified ‘ option and select the specify date option
e. Type from date as 1/31/2008 and also type To date as 1/31/2008
f. Now hit search and wait for all the exe’s to show up.
g Once search is over select all the exe files and shift+delete the files, caution must be taken so that you don’t delete the legitimate exe file that you have installed on 31st January.
h. Also selecting lot of files together might make your computer unresponsive so delete them in small bunches.
i. Also find and delete regsvr.exe, svchost .exe (notice an extra space between the svchost and .exe)
Step:5
Now do a cold reboot (ie press the reboot button instead) and you are done.
Method 5:
Step 1:
Remove autorun.inf virus manually.
1). Go to any folder.In that on the top menu go to Tools--> Folder Options, which will be beside File, Edit, View, Favourites.
2). A window pops up after you click on folder options.In that window go to View tab and select the option Show hidden files and folders.Now uncheck the option Hide protected Operating system files.Click Ok
3). Now Open your drives (By right click and select Explore. Don't double click!) Delete autorun.inf and MS32DLL.dll.vbs or MS32DLL.dll (use Shift+Delete as it deletes files forever.) in all drives include Handy Drive and Floppy disk.
4). Open folder C:\WINDOWS to delete MS32DLL.dll.vbs or MS32DLL.dll (Use Shift+Delete ) 5). Go to start --> Run --> Regedit and the Registry editor will open
6). Now navigate in the left pane as follows: HKEY_LOCAL_MACHINE --> Software --> Microsoft --> Windows --> Current Version --> Run .Now delete the entry MS32DLL (Use Delete key on keyboard)
7). Go to HKEY_CURRENT_USER --> Software --> Microsoft --> Internet Explorer --> Main and delete the entry Window Title "Hacked by Godzilla"
8). Now open the group policy editor by typing gpedit.msc in Start --> run and pressing enter.
9). Go to User Configuration --> Administrative Templates --> System. Double Click on entry Turn Off Autoplay then Turn Off Autoplay Properties will display.Do as follows: Select Enabled
10). Select All drives and Click OK
11). Now go to start --> Run and type msconfig there and press Enter.A system configuration utility dialogue will open.
12). Go to startup tab in it and uncheck MS32DLL .Now click Ok and when the system configuration utility asks for restart ,click on exit without restart.
13). Now go to Tools --> Folder Options on the top menu of some folder again and select the Do not show Hidden files and check Hide operating system files.
14). Go to your recyclable bin and empty it to prevent any possiblity of MS322DLL.dll.vbs lying there.
Now restart your PC once and you can now open your hard disk drives by double clicking on them
1). Go to any folder.In that on the top menu go to Tools--> Folder Options, which will be beside File, Edit, View, Favourites.
2). A window pops up after you click on folder options.In that window go to View tab and select the option Show hidden files and folders.Now uncheck the option Hide protected Operating system files.Click Ok
3). Now Open your drives (By right click and select Explore. Don't double click!) Delete autorun.inf and MS32DLL.dll.vbs or MS32DLL.dll (use Shift+Delete as it deletes files forever.) in all drives include Handy Drive and Floppy disk.
4). Open folder C:\WINDOWS to delete MS32DLL.dll.vbs or MS32DLL.dll (Use Shift+Delete ) 5). Go to start --> Run --> Regedit and the Registry editor will open
6). Now navigate in the left pane as follows: HKEY_LOCAL_MACHINE --> Software --> Microsoft --> Windows --> Current Version --> Run .Now delete the entry MS32DLL (Use Delete key on keyboard)
7). Go to HKEY_CURRENT_USER --> Software --> Microsoft --> Internet Explorer --> Main and delete the entry Window Title "Hacked by Godzilla"
8). Now open the group policy editor by typing gpedit.msc in Start --> run and pressing enter.
9). Go to User Configuration --> Administrative Templates --> System. Double Click on entry Turn Off Autoplay then Turn Off Autoplay Properties will display.Do as follows: Select Enabled
10). Select All drives and Click OK
11). Now go to start --> Run and type msconfig there and press Enter.A system configuration utility dialogue will open.
12). Go to startup tab in it and uncheck MS32DLL .Now click Ok and when the system configuration utility asks for restart ,click on exit without restart.
13). Now go to Tools --> Folder Options on the top menu of some folder again and select the Do not show Hidden files and check Hide operating system files.
14). Go to your recyclable bin and empty it to prevent any possiblity of MS322DLL.dll.vbs lying there.
Now restart your PC once and you can now open your hard disk drives by double clicking on them
.png "English"){kind=small}
0 comments:
Post a Comment