Infected external HDD with autorun virus

Closed
Report
Posts
1
Registration date
Tuesday February 25, 2014
Status
Member
Last seen
February 25, 2014
-
Posts
27
Registration date
Friday February 7, 2014
Status
Member
Last seen
March 19, 2014
-
Dear friends :

This is my first question after joining this online community. Pls. help me in this difficult situation:

I have been trying to recover the data in my 150 GB HDD ( external ) Samsung, since last two days! I have partioned the 150 GB into two logical partitions of 30 and 70 GB and the remaining portion is left raw without formating for future use.

The virus which got infected has initially deleted one of the partritions and the remaining partion was not showing any data. Though the files could not be seen , I can see through properties that the memory space is filled with data as free space is less than the capacity of the oartitions. I finally got into a site through google search which provided a free trial version of the standard data recovery software called "any data recovery " I am now struggling with that recovery process because of the interruption from the virus which is still residing in the external HDD and possibly got into the Computer in the net cafe from which I am trying to recover my data. The virus is not even allowing me to google and gather ANY TIPS FROM THE SITE INCLUDING kIOSKEA SITE ! aS SOON AS I clik the various search results google out the virus shuts it down! I tried many time on various sites ...I could not open any or even look into the tips and read it, before which the virus closes the entire page. I tried many time until a few minutes ago and the decided to join this online community to seek help.. Pls give me a helping hand to get rid of this intelligent virus and recover my data..:

Thanks !

3 replies

Posts
47366
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,369
Hello Losert,

Hang on, I will soon have an expert on your case.

Ambucias
Moderator, Virus Security Contributor
0
Posts
13334
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
39
Hello,

This type issue could be caused by a USB virus. It will spread to all of your USB memory devices and hard disk.

Here is a tool to remove the virus and vaccinate your USB against further viruses.


Download UsbFix (created by El Desaparecido) on your desktop.

http://ccm.net/download/download-24089-usbfix

If your antivirus gives an alert, ignore it and temporarily deactivate the antivirus.
Plug in your usb devices (Flash drive, pen drive. External HD etc...) don't open them.
Double click sur UsbFix.exe.

Click on deletion
.
Let the tool work.

At the end of the scan a report will show which you can copy and paste here..

The report is save at the root ( C:\UsbFix.txt ).

You can also vaccinate against any virus.

Gabriel.
0
Posts
27
Registration date
Friday February 7, 2014
Status
Member
Last seen
March 19, 2014
46
Worms spreads by creating a copy of itself and starts by autorun.inf files. It is essential to remove the malicious and autorun.inf files not only from computers but also from the source, and that is the USB Drive. PreciseSecurity have created a procedure to delete the malicious files on infected drives.

PROCEDURE:
1. While the computer is still off;
2. Plugin the USB Drive
3. Insert the Windows XP CD-ROM into the CD-ROM drive. It must be the bootable Windows XP Installer
4. Start the computer from the CD-ROM drive. It will start Windows Setup screen
5. When the "Welcome to Setup" prompt appears.Press "R" to start the Recovery Console
6. If asked "Which Window installation would you like to logon to" select the number. Type "1? then Enter, if only one installation of Windows is present
7. Enter the administrator password, press Enter
8. It will bring you to command prompt, C:\Windows>
9. Proceed with the following command:
- Type d: (This is the drive letter of USB. It can be e: or f: defending on how many hard disk or cd drive is installed)
- Type attrib -h -r -s autorun.inf
- Type "edit autorun.inf" it will open DOS Editor and display contents as follows
==========================
[autorun]
open=file.exe
shell\Open\Command=file.exe
shell\open\Default=1
shell\Explore\Command=file.exe
shell\Autoplay\command=file.exe
==========================

10. Exit DOS Editor and return to command prompt, D:\>
11. Delete the file that was called to open on DOS Editor
- Type del /f /a file.exe
12. Delete autorun.inf file
- Type del /f /a autorun.inf
13. Exit Recovery Console by typing exit.

0