Autorun Virus [Solved/Closed]

Report
-
 hotbelle -
Hello,





I tried to remove the autorun virus by reading in this website. Someone said that I should go to cmd and type dir/ah and do the attrib filename -r -a -s -h. When i first tried that, it worked. I was able to view my files. But then now, when i tried it again, when i typed dir/ ah, all it said was 16 Autorun.inf 1 file 16 bytes 1 Dir 63, 291, 392 bytes free. I couldn't see the hidden files anymore so i could not use the attrib filename -r -a -s -h. i didn't memorize all my filenames in my flash drive usb so i don't know the file names. Anyhow, how do i view my hidden files now? Hope someone could help me cause i really need those files. I've tried everything but nothing really works... Pls pls help me!

3 replies

Posts
26
Registration date
Friday July 23, 2010
Status
Member
Last seen
April 26, 2011
12
1.Install autorun virus removal tool

2.Now Press Win+R and enter cmd open Windows command prompt .
Now we are about to list hard disk files from command prompt .
for C drive type dir c: /a/w

If Autorun virus is present , It will get listed as shown above . There would be many other files like onlinegames , kavo.exe,.vbs , Heap41a , newfolder.exe,.com, ppt.exe etc .

These files include read only, archive, system and hidden file attributes associated with them.
So in next step we will remove these restrictions from the above suspicious files .
attrib -s -h -r c:autorun.inf
or attrib -s -h -r c:autorun.vbs ( Change the hard disk partitions as required)

Now remove all those files associated with autorun virus using del instruction .

Del autorun.inf or Del kavo.exe (repeat the procedure for all the files and hard drives)
Add the necessary hard disk partitions and files as per requirement ). Now copy the completed document in notepad and save as remove.bat . This file will remove all the autorun virus traces on execution .

After removing all the infected autorun virus files from hard drives , execute autorun virus removal tool on step 1 to remove further traces .

3. Repair registry to enable hidden files and folders .
Press Win+R and enter regedit . Now this will open the Windows registry . Move on to the following registration entries .
Autorun virus usually alter this registration entry . Double click on CheckedValue and enter value data as 1 . Now you would be able to enable hidden files and folders .

4. Turn off autorun feature in Windows .
This will avoid the execution of existing autorun worms in a PC and also one on USBs and CDs .
Copy the following command in notepad and save as removeautorun.reg
5. Restart your PC for the complete removal of Autorun virus .
1
Thank you

A few words of thanks would be greatly appreciated. Add comment

CCM 4132 users have said thank you to us this month

Posts
6499
Registration date
Sunday June 6, 2010
Status
Security contributor
Last seen
October 6, 2019
2,256
Hello,

If you did not format your flash drive, then check whether the files are not in

hidden mode. Follow the following steps.

Step 1:

Click on the below link and download the file "AutorunExterminator"

https://ccm.net/download/download-11613-autorun-exterminator

Extract it --> Double-click on "AutorunExterminator" --> Plug your pendrive now.

This will remove the autorun.inf files from your flash drive and also from drives.

Step 2:

Click on "Start" -->Run --> type cmd and click on OK.

Here I assume your flash drive letter as G:

Enter this command.

attrib -h -r -s /s /d g:\*.*

You can copy the above command --> Right-click in the Command Prompt and

paste it.

Note : Replace the letter g with your flash drive letter.

Now check for your files in Flash Drive.

Step 3:

After that, download the Malwarebytes' Anti-Malware from the below link

https://ccm.net/download/download-105-malwarebytes

Update it --> Perform "Full Scan"

Note : Default selected option is "Quick Scan".

Good Luck.
1
Thank you

A few words of thanks would be greatly appreciated. Add comment

CCM 4132 users have said thank you to us this month

Thanks for your immediate response! and thanks for the help!