Infected external HDD with autorun virus
Closed
Losert-2014
Posts
1
Registration date
Tuesday February 25, 2014
Status
Member
Last seen
February 25, 2014
-
Feb 25, 2014 at 02:08 PM
silhouttejames Posts 27 Registration date Friday February 7, 2014 Status Member Last seen March 19, 2014 - Feb 27, 2014 at 02:45 AM
silhouttejames Posts 27 Registration date Friday February 7, 2014 Status Member Last seen March 19, 2014 - Feb 27, 2014 at 02:45 AM
Related:
- Infected external HDD with autorun virus
- Hdd regenerator free - Download - Backup and recovery
- Goose virus - Download - Other
- Hdd diagram - Guide
- Victoria hdd - Download - Diagnosis and monitoring
- Ntuser.dat virus - Guide
3 responses
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
Feb 25, 2014 at 04:46 PM
Feb 25, 2014 at 04:46 PM
Hello Losert,
Hang on, I will soon have an expert on your case.
Ambucias
Moderator, Virus Security Contributor
Hang on, I will soon have an expert on your case.
Ambucias
Moderator, Virus Security Contributor
2011N2
Posts
13352
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
39
Feb 25, 2014 at 05:40 PM
Feb 25, 2014 at 05:40 PM
Hello,
This type issue could be caused by a USB virus. It will spread to all of your USB memory devices and hard disk.
Here is a tool to remove the virus and vaccinate your USB against further viruses.
Download UsbFix (created by El Desaparecido) on your desktop.
http://ccm.net/download/download-24089-usbfix
If your antivirus gives an alert, ignore it and temporarily deactivate the antivirus.
Plug in your usb devices (Flash drive, pen drive. External HD etc...) don't open them.
Double click sur UsbFix.exe.
Click on deletion
.
Let the tool work.
At the end of the scan a report will show which you can copy and paste here..
The report is save at the root ( C:\UsbFix.txt ).
You can also vaccinate against any virus.
Gabriel.
This type issue could be caused by a USB virus. It will spread to all of your USB memory devices and hard disk.
Here is a tool to remove the virus and vaccinate your USB against further viruses.
Download UsbFix (created by El Desaparecido) on your desktop.
http://ccm.net/download/download-24089-usbfix
If your antivirus gives an alert, ignore it and temporarily deactivate the antivirus.
Plug in your usb devices (Flash drive, pen drive. External HD etc...) don't open them.
Double click sur UsbFix.exe.
Click on deletion
.
Let the tool work.
At the end of the scan a report will show which you can copy and paste here..
The report is save at the root ( C:\UsbFix.txt ).
You can also vaccinate against any virus.
Gabriel.
silhouttejames
Posts
27
Registration date
Friday February 7, 2014
Status
Member
Last seen
March 19, 2014
53
Feb 27, 2014 at 02:45 AM
Feb 27, 2014 at 02:45 AM
Worms spreads by creating a copy of itself and starts by autorun.inf files. It is essential to remove the malicious and autorun.inf files not only from computers but also from the source, and that is the USB Drive. PreciseSecurity have created a procedure to delete the malicious files on infected drives.
PROCEDURE:
1. While the computer is still off;
2. Plugin the USB Drive
3. Insert the Windows XP CD-ROM into the CD-ROM drive. It must be the bootable Windows XP Installer
4. Start the computer from the CD-ROM drive. It will start Windows Setup screen
5. When the "Welcome to Setup" prompt appears.Press "R" to start the Recovery Console
6. If asked "Which Window installation would you like to logon to" select the number. Type "1? then Enter, if only one installation of Windows is present
7. Enter the administrator password, press Enter
8. It will bring you to command prompt, C:\Windows>
9. Proceed with the following command:
- Type d: (This is the drive letter of USB. It can be e: or f: defending on how many hard disk or cd drive is installed)
- Type attrib -h -r -s autorun.inf
- Type "edit autorun.inf" it will open DOS Editor and display contents as follows
==========================
[autorun]
open=file.exe
shell\Open\Command=file.exe
shell\open\Default=1
shell\Explore\Command=file.exe
shell\Autoplay\command=file.exe
==========================
10. Exit DOS Editor and return to command prompt, D:\>
11. Delete the file that was called to open on DOS Editor
- Type del /f /a file.exe
12. Delete autorun.inf file
- Type del /f /a autorun.inf
13. Exit Recovery Console by typing exit.
PROCEDURE:
1. While the computer is still off;
2. Plugin the USB Drive
3. Insert the Windows XP CD-ROM into the CD-ROM drive. It must be the bootable Windows XP Installer
4. Start the computer from the CD-ROM drive. It will start Windows Setup screen
5. When the "Welcome to Setup" prompt appears.Press "R" to start the Recovery Console
6. If asked "Which Window installation would you like to logon to" select the number. Type "1? then Enter, if only one installation of Windows is present
7. Enter the administrator password, press Enter
8. It will bring you to command prompt, C:\Windows>
9. Proceed with the following command:
- Type d: (This is the drive letter of USB. It can be e: or f: defending on how many hard disk or cd drive is installed)
- Type attrib -h -r -s autorun.inf
- Type "edit autorun.inf" it will open DOS Editor and display contents as follows
==========================
[autorun]
open=file.exe
shell\Open\Command=file.exe
shell\open\Default=1
shell\Explore\Command=file.exe
shell\Autoplay\command=file.exe
==========================
10. Exit DOS Editor and return to command prompt, D:\>
11. Delete the file that was called to open on DOS Editor
- Type del /f /a file.exe
12. Delete autorun.inf file
- Type del /f /a autorun.inf
13. Exit Recovery Console by typing exit.
