Recently i noticed that quite of  number visitor came to my blog view my post ‘how  to disable autorun.inf to prevent virus attack computer ‘ .I don’t know either they want to get the  preventive action or need to find the solution that computer infected  by autorun virus.Here i will conclude my solution or method to help all  of you.(i use this solution help my friend to ‘kill’ these virus and  worked).
1 – Disable system  restore.step 1 – Click ‘Control Panel’ -> ‘System’,
step 2 – Select ‘system restore’,then put check for ‘turn off system store on all devices’.
2 – Clear IE temporary internet files.
step 1 – In IE,select ‘Tool’ -> ‘internet option’,
step 2 – In internet temporary file,select ‘delete file’ -> check for ‘delete all offline content’.,then click ‘ok’.
3 – Disk clean up. 
step 1 – ‘Start’ ->’All Program’ ->’Accessories’ ->’System Tool’ ->’Disk cleanup’,
step 2 – Select C drive and click ‘ok’.then starting C drive cleanup.
step 3 – After complete disk cleanup,put check to all file and click ‘ok’.
step 4 – Repeat step 2 to step 3 for other drive ( D,E,F…) to have disk cleanup.
step 1 – ‘Start’ ->’All Program’ ->’Accessories’ ->’System Tool’ ->’Disk cleanup’,
step 2 – Select C drive and click ‘ok’.then starting C drive cleanup.
step 3 – After complete disk cleanup,put check to all file and click ‘ok’.
step 4 – Repeat step 2 to step 3 for other drive ( D,E,F…) to have disk cleanup.
Now all the temporary internet files clean up already.Normally  autorun virus are caused by flash memory or other removable devices to  transfer,save file from one computer to another computer,these autorun  virus have three execute file,kavo.exe,autorun.inf and ntdelect.com .
These 3 files all are hidden files,they will disable or hidden your  folder option ‘show hidden files and folder’ and make you can’t run in  ‘show hidden files and folder’,then you can’t search for these 3 files  in window and deleted it (very clever,isn’t ?).   
How to showed these 3 files in window ?you have to use DOS  command.Below are the step to show you how to delete autorun virus.
step 1 – Click ‘Start’ -> ‘Run’ ->key in ‘cmd’,then ‘Enter’,it  will show command prompt,
step 2 – Check every drive (C,D,E,…).If you wanted to check the  Cdrive,
key in dir c:\ /a/w in command prompt.
key in dir c:\ /a/w in command prompt.
If for drive D,key in 
dir d:\ /a/w
dir d:\ /a/w
step 3 – All the system and  exe.files will show up in the command prompt,please check is there any  autorun.inf and ntdeleted.com inside.Before  delete these 2 files.we need  to disable ‘hidden’,'system’ and ‘read  only’ attributes.
For C drive,key in (in command  prompt) 
attrib -s -h -r c:\autorun.inf
attrib -s -h -r c:\ntdelect.com
attrib -s -h -r c:\autorun.inf
attrib -s -h -r c:\ntdelect.com
For D drive
attrib -s -h -r d:\autorun.inf
attrib -s -h -r d:\ntdelect.com
attrib -s -h -r d:\autorun.inf
attrib -s -h -r d:\ntdelect.com
step 4 – after disable the  attributes,then start to manual delete these 2 files.
(Be careful don’t key in ntdetect.com,the actual virus file is ntdelect.com. ntdetect.com is important start up system file,you will know what will happen if deleted ntdetect.com)
(Be careful don’t key in ntdetect.com,the actual virus file is ntdelect.com. ntdetect.com is important start up system file,you will know what will happen if deleted ntdetect.com)
C drive key in
del c:\autorun.inf
del c:\ntdelect.com
del c:\autorun.inf
del c:\ntdelect.com
D drive key in 
del d:\autorun.inf
del d:\ntdelect.com
del d:\autorun.inf
del d:\ntdelect.com
step 5 – After manual delete  ‘autorun.inf’ and ‘ntdelect.com’,the next step is ‘kavo.exe’.You need to  delete kavo.exe file in C:\windows\system32\ .Repeat the step 3 to step  4 to disable the attributes and delete the file procedures,key in
attrib -s -h -r c:\windows\system32\kavo.exe
Then delete it with key in  
del c:\windows\system32\kavo.exe
del c:\windows\system32\kavo.exe
step 6 – Delete ‘kavo.exe’ in registry.
Open registry editor,go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows \CurrentVersion\Run,and
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows \CurrentVersion\Run
Open registry editor,go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows \CurrentVersion\Run,and
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows \CurrentVersion\Run
What you need to do is delete kavo  and c:\windows\system32\kavo.exe  value.
step 7 –  to enable ‘show hidden files and folder’ 
Open Notepad with new file,copy and paste below registry value and rename as .reg file and save it,then double click on it to save into registry.
Windows Registry Editor Version 5.00
Open Notepad with new file,copy and paste below registry value and rename as .reg file and save it,then double click on it to save into registry.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
“RegPath”=”Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced”CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
“Text”=”@shell32.dll,-30500″
“Type”=”radio”
“CheckedValue”=dword:00000001
“ValueName”=”Hidden”
“DefaultValue”=dword:00000002
“HKeyRoot”=dword:80000001
“HelpID”=”shell.hlp#51105″

 
.png)












 
 
0 comments:
Post a Comment