inerd

There are lots of autorun monster viruses out there and its very very annoying. Majority of the viruses around here are spread through USB storage medias these days. And what most of the people does is either formatting the windows or the flash drive.

So in this tutorial i am going to explain you how to clean the virus manually and how to disable auto-running these malicious viruses when you double click on the icon of the drive.

A. Cleaning the Virus Manually.

First thing you will need to do is to open up Task Manager and close all process run by your user accounts, except explorer.exe and your browser. (if firefox its firefox.ex and in IE IEXPLORER.EXE)

Then Run (Start Menu > Run) “msconfig”. Move to startup tab disable all unknown files in the startup. If not sure click “Disable All”. Exit but donot restart,

I am on Windows Xp Professional with Service pack two and I have got a USB Hard Disk infected with an autorun monster which we are going to find out and clean.

This doesn’t look suspicious. Cox’ there ain’t any Autoplay option even in the right-click menu. But when i select open, opens in a new window. My settings are not configured that way. That makes me very suspicious about this.

So lets check out.

Step - 1

Run “regedit” (Start menu / Run)

Regedit will look something like this when its all collapsed.

Step - 2

Go to this key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden\SHOWALL

This is how its gonna look when you are in the directory i mentioned. The yellow colored highlighted are the values which we are going to alter.

Step - 3

Double Click on the “CheckedValue”. A small window will open, change its value to “1″.

Click ok.

Now Double click on the “DefaultValue” and change its value to “2″. click ok.

Step - 4

Close the regedit and run “taskmgr” (open task manager) and move to the process tab. End the “explorer.exe” process.

Go to file menu and “New Task” type “explorer” on the box and hit enter. Make sure you do this step before proceeding to step 5.

Step - 5

Now Its time to delete the problematic files. Right Click on the “Start” Menu and “explore”.

Go to Tools > Folder Options > View

- Select the radio button ” Show Hidden Files and Folders”.

- Unmark the check box saying “Hide Protected Operating System files (Recomended)”.

Your Screen should look like this in the folder option window. Click Apply and Close it.

Now you will be able to see the malicious files in the drive which causes you the autorun problem. Usually the virus files will be hidden, so they looks in kinda faded color than other icons and files in the folder.

Go to the Drive which you are cleaning. Check the files your self. In my case i have found 3 hidden DOS files and one INF (Autorun.INF) File.

Autorun.INF file is the file which tells which file to be executed when an “open” or “autoplay” command is given.

Just delete these 4 files (in my case, you might have less or more files. you can open the autorun.inf file in notepad and check which are the exact files to be deleted.)

Note: Once you have run the autorun file, the DOS scripts will automatically copy these files to all other drives and Storage medias in your computer system. So Check all your drives and clean the files.

NOTE: WHILE CLEANING C DRIVE (OR THE WINDOWS DRIVE) DONOT DELETE ANY FILE OTHER THAN AUTORUN.INF UNLESS YOU KNOWS EXACTLY WHAT YOUR ARE DOING.

Step - 6

Reboot your computer.

Its not so easy to do this when ever you get infected by this kind of viruses. So why to ever autorun?

The part B of this tutorial will explain you how to disable the autorun files for ever.

B. Permanently Disable the Autorun.

Step - 1

Run “gpedit.msc” (Start > Run)

Open “Administrative Templates” select “System”

On the right hand side you will see a list of available settings. Find the one called “Turn off Autoplay”.

Enable it and Select “All Drives” from drop down box. Apply it and you are ready to go.

Now you should be safe from autoplay monsters.