Auto Run
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Auto Run as PDF for free.
More details
- Words: 2,193
- Pages: 4
Remove autorun.inf manually so i will tell u how to remove autorun.inf virus which is cause of opening of your drives in separate window when u click on the drive name in my computer There is a Trojan/virus (either the Win32/Pacex virus or the Win32/PSW.Agent.NDP trojan) that uses those two files. Here is how you can get rid of them: 1) 2) 3) 4) 5) 6)
Open up Task Manager (Ctrl-Alt-Del) If wscript.exe is running, end it. If explorer.exe is running, end it. Open up “File | New Task (Run)” in the Task manager Run cmd Run the following command del #:autorun.* /f/a/s/q with other drives in turn
where # is replaced by drive name e.g-c,d,e etc Be careful with this command it can delete your all data one by one from your hdd if execute wrongly so place your mouse on x position of cmd prompt windows and if it starts deleting your files close it or we can do this step by without ending explorer.exe Just hit windows+R it will show you run dialog box now type cmd there, it will give you command prompt Now navigate to #: where # replaced with your different drive name i am taking the example of c: drive now write c:del/a/s/q/f and give a space now press tab until you see autorun.inf press enter now you done do the rest steps as i said (be careful see clearly autorun.inf before deleting it and don’t delete any ntdelect there it may crash your system) 7) Go to your WindowsSystem32 directory by typing cd c:windowssystem32 8 ) Type dir /a avp*.* 9) If you see any files names avp0.dll or avpo.exe or avp0.exe, use the following commands to delete each of them: attrib -r -s -h avpo.exe del avpo.exe 10) Use the Task Manager’s Run command to fire up regedit 11) Navigate to HKEY_CURRENT_USER SOFTWARE Microsoft Windows CurrentVersion Run (as usual, take a backup of your registry before touching it!) 12) If there are any entries for avpo.exe, delete them. 13) Do a complete search of your registry for ntde1ect.com and delete any entries you find. 14) Restart your computer.
Remove autorun.inf the said virus hides itself inside a folder named Recycled/Recycler. The folder has a hidden/system/read-only attribute, that’s why you can’t see it if you will use the Search window. When your system is infected by the said virus, it infects every drive connected to your PC by dropping VCAB.DLL to the internet temporary folder and creating the CTFMON.EXE to folder Recyled & AUTORUN.INF to the root directory of every drive. That’s why when you connect your USB sticks to the infected PC it will be infected immediately; the USB disks will be the new carrier for the virus. The program runs every time you start your computer because it copies itself in the Startup folder of the Start Menu. It also run every time your insert the infected USB disk and it triggers every time you Double-Click the infected drive (bcoz of the AUTORUN.INF). The virus infects .EXEs and .DLLs. To check if your system is infected by the said virus without using an antivirus, do the following steps: 1. Go to command prompt. 2. Type CD\ in drive C: to go to the root directory 3. Type DIR /AH and press ENTER key. This will display all hidden files in your drive C: 4. If you see a file AUTORUN.INF and a folder Recycled, then your system is infected. 5. Try doing this to your USB drive and check if your USB stick contains the same folder and AUTORUN.INF, if it does then your system is really infected.. ? To manually remove it follows the following steps (Note: you should understand what you’re about to do, you try it at your own risk!) Boot your system in Safemode 1. Go to command prompt, in Drive C do the following commands. 2. Type -> ATTRIB -H -R -S AUTORUN.INF then press enter 3. Type -> DEL AUTORUN.INF then press enter 4. Type -> ATTRIB -H -R -S Recycled then press enter
5. In Windows Explorer in Safemode, remove the folder Recycled in drive C use Shift-Delete to delete the folder. 6. Repeat Step 3 to 6 for all drives of your system including the USB drive. 7. Search for CTFMON.EXE in your system using the Search of Windows found in Start Menu. If you find a file that is not located in C:\WINDOWS\SYSTEM32, delete it immediately. Don’t forget to empty the recycle bin afterwards (Usually the virus will copy itself in the Startup folder of the Start menu. Check if the file is present there and delete it then.) ?To disable autorun of drives (i.e. every time you double-click a drive or cd or USB, it is auto open) follow the following step: ? Click Start->Run->type REGEDIT.EXE 1. Go to this key from the register HKEY_CURRENT_USER\Software\ Microsoft\Windows\CurrentVersion\Policies\Explorer 2. Look for the entry NoDriveTypeAutoRun, double click the entry 3. Type a new value:?0FF?(Hex) for the NoDriveTypeAutoRun, this will turn off the Autorun for all drives, and press ENTER 4. Reboot the system. Viruses that uses Autorun.Inf ? There are several viruses that use the autorun.inf to spread itself such as the Bacalid (hides itself in ctfmon.exe) and the RavMon.EXE. These viruses set its file attributes to System+Hidden+Read-Only attributes so some antiviruses will have a hard time detecting or finding them. These viruses save itself in the root directory of every available drives of the current infected computer and run it every time you Double-Click the drive. In USB Sticks and CDs that are infected by the virus runs automatically especially if drive autorun is enabled for the current drives (which is usually by default, autorun for drives are enabled).? Disable AUTORUN from Registry? Now you can disable the AUTORUN for all drives by configuring the registry. Open the registry by typing regedit.exe to the command prompt (if your still at the command prompt) or execute it in Run. Look for the HKEY_CURRENT_USER\Software\ Microsoft\Windows\CurrentVersion\Policies\Explorer Double-click the NoDriveAutorun DWORD entry and type the value HEX: FF (255 in Decimal). (If the NoDriveAutorun does not exists, you can create it by right-clicking the right side area of the regedit window, then click New->DWord Value -> type NoDriveAutorun) Close the registry and restart the computer. This procedure will disable all the autorun for all drives of your computer and at least will prevent the autorun function of infected USB drives or CDs and avoid the infection of viruses like the Bacalid and RavMon.exe If you want to prevent viruses that uses autorun.inf? to infect your USB flash drive, try to do this: 1. Open your flash drive via Command Prompt (do this via Start->Run->cmd.exe)? 2. Change your logged drive to your USB flash drive (e.g. if your drive is at drive E: then type E: on the command prompt then press enter) 3. Create a folder named: AUTORUN.INF on the root directory of your flash drive. (To do this type the command: MD\AUTORUN.INF). If an error: a subdirectory already exists… shows, try to follow the instruction above to remove existing autorun.inf before doing this instruction. The reason why this will avoid future infection is that autorun.inf viruses usually generate a file autorun.inf. Having an AUTORUN.INF folder on the root directory of your drives will make virus programs unable to create their own autorun.inf file; virus can’t even overwrite it because it’s a folder and not file. Autorun.inf Virus Removal what is autorun.inf? Autorun.inf is a setup information file or INF used to install or setup software’s and drivers. This is usually used and seen on the CD ROM with the Autoplay. The autorun.inf makes the CD ROM will Autoplay, it means this will automatically play or setup upon clicking or play itself or what we called auto installation. If you can see an autorun.inf in your CD ROM drive, this is normal. When do we say that Autorun.inf is a Virus? Some people say autorun.inf is a virus but the reality is not. Autorun.inf was only used by the virus to execute or install them by clicking. On the autorun.inf it contains setup information or a program setup that will trigger the virus to execute when they are being clicked by the user. This autorun.inf was usually found in the windows C: or in the removable disk. And it is mostly set to invisible or hidden in the windows drive or removable drive. Ok here we go, let start removing the autorun.inf in your system drive. First you must enable your Folder Options, make your hidden files be visible to your eyes. You can enable by clicking-left to your My Computer > Tools > Folder Options.
You can follow this configuration when you enable the Folder Option to visible all the hidden files in to your system drive. After this, you can now start deleting the autorun.inf into your drive C: or removable drive. And you can also remove the unknown files like Braviax.exe, Ravmon.exe, Kxvo.exe, Amvo.exe, Bar311.exe, Svchost.exe or any unknown files that are exist in to the system drive. Step 1: Use Windows File Search Tool to find autorun.inf Path
1.
Go to Start > Search > All Files or Folders.
2.
In the "All or part of the the file name" section, type in "autorun.inf" file name(s).
3.
To get better results, select "Look in: Local Hard Drives" or "Look in: My Computer" and then click "Search" button.
4.
When Windows finishes your search, hover over the "In Folder" of "autorun.inf", highlight the file and copy/paste the path into the address bar. Save the file's path on your clipboard because you'll need the file path to delete autorun.inf in the following manual removal steps.
•
Read more about How to Delete autorun.inf with File Search Tool
Step 2: Detect and Delete Other autorun.inf Files
1.
To open the Windows Command Prompt, go to Start > Run > cmd and then press the "OK" button.
2.
Type in "dir /A name_of_the_folder" (for example, C:\Spyware-folder), which will display the folder's content even the hidden files.
3.
To change directory, type in "cd name_of_the_folder".
4.
Once you have the file you're looking for type in del "name_of_the_file".
5.
To delete a file in folder, type in "del name_of_the_file".
6.
To delete the entire folder, type in "rmdir /S name_of_the_folder".
7.
Select the "autorun.inf" process and click on the "End Process" button to kill it.
Autorun .inf Removal
This is a very simple free program to remove Win32/Autorun which appears to plague many users. It appears that some antivirus scans do find the problem but fail to remove it. This program does just that. It scans your drives and CleanAutoRun will detect and remove any W32/Autorun Worm and its variants safely from your system. Simply download the program and save it on your desktop or in a folder that you may have for downloaded programs. Double click on CleanAutoRun.exe to run the program. Click on Scan and just let it run, go and grab a coffee while it scans, it may take a little while depending on how full your drive is, how many partitions it has and any external drives that may be connected. When the scan is complete it will show you the results of ALL infected Autorun.inf worms that have been deleted. User interaction is minimal, simply, download, double click to Run, select Scan and that’s all there is to it. By removing all Autorun .inf files your computer will be safer as will your data. A useful tip to stop USB devices from automatically running when you insert them is to hold down the ‘Shift’ key as you insert the plug into the USB port.
Disable USB Autorun Many users will be aware that the easiest way to infect a computer is by inserting USB flash drives, other external USB devices, CD/DVD’s and memory cards which are infected with malware. I have previously covered how to remove the Autorun.Inf Worm, but this small tool will vaccinate your computer and stop the Autorun feature without having to edit the Registry, which for many users is a somewhat daunting task. The autorun feature can be disabled via editing the Registry, but this small program makes it much simpler. Simply download and install and the program will automatically open. Users then have the option to vaccinate their PC which will stop any program from any USB/CD/DVD drive from executing. The second option is to vaccinate attached USB devices which will disable the autorun completely. Users can then safely right click the drive in My Computer and scan for viruses and malware before opening any folders, which keeps your PC safe from malware infection. By default, Windows Operating System allows all inserted devices to autorun, therefore aiding the spread of malware simply by attaching an infected USB device which contains a malicious executable which loads silently as soon as the device is plugged in. Panda USB Vaccine stops this action and allows users to insert USB devices safely, and if it has not been previously vaccinated a popup appears giving the option to vaccinate it and disable the autorun feature.
Open up Task Manager (Ctrl-Alt-Del) If wscript.exe is running, end it. If explorer.exe is running, end it. Open up “File | New Task (Run)” in the Task manager Run cmd Run the following command del #:autorun.* /f/a/s/q with other drives in turn
where # is replaced by drive name e.g-c,d,e etc Be careful with this command it can delete your all data one by one from your hdd if execute wrongly so place your mouse on x position of cmd prompt windows and if it starts deleting your files close it or we can do this step by without ending explorer.exe Just hit windows+R it will show you run dialog box now type cmd there, it will give you command prompt Now navigate to #: where # replaced with your different drive name i am taking the example of c: drive now write c:del/a/s/q/f and give a space now press tab until you see autorun.inf press enter now you done do the rest steps as i said (be careful see clearly autorun.inf before deleting it and don’t delete any ntdelect there it may crash your system) 7) Go to your WindowsSystem32 directory by typing cd c:windowssystem32 8 ) Type dir /a avp*.* 9) If you see any files names avp0.dll or avpo.exe or avp0.exe, use the following commands to delete each of them: attrib -r -s -h avpo.exe del avpo.exe 10) Use the Task Manager’s Run command to fire up regedit 11) Navigate to HKEY_CURRENT_USER SOFTWARE Microsoft Windows CurrentVersion Run (as usual, take a backup of your registry before touching it!) 12) If there are any entries for avpo.exe, delete them. 13) Do a complete search of your registry for ntde1ect.com and delete any entries you find. 14) Restart your computer.
Remove autorun.inf the said virus hides itself inside a folder named Recycled/Recycler. The folder has a hidden/system/read-only attribute, that’s why you can’t see it if you will use the Search window. When your system is infected by the said virus, it infects every drive connected to your PC by dropping VCAB.DLL to the internet temporary folder and creating the CTFMON.EXE to folder Recyled & AUTORUN.INF to the root directory of every drive. That’s why when you connect your USB sticks to the infected PC it will be infected immediately; the USB disks will be the new carrier for the virus. The program runs every time you start your computer because it copies itself in the Startup folder of the Start Menu. It also run every time your insert the infected USB disk and it triggers every time you Double-Click the infected drive (bcoz of the AUTORUN.INF). The virus infects .EXEs and .DLLs. To check if your system is infected by the said virus without using an antivirus, do the following steps: 1. Go to command prompt. 2. Type CD\ in drive C: to go to the root directory 3. Type DIR /AH and press ENTER key. This will display all hidden files in your drive C: 4. If you see a file AUTORUN.INF and a folder Recycled, then your system is infected. 5. Try doing this to your USB drive and check if your USB stick contains the same folder and AUTORUN.INF, if it does then your system is really infected.. ? To manually remove it follows the following steps (Note: you should understand what you’re about to do, you try it at your own risk!) Boot your system in Safemode 1. Go to command prompt, in Drive C do the following commands. 2. Type -> ATTRIB -H -R -S AUTORUN.INF then press enter 3. Type -> DEL AUTORUN.INF then press enter 4. Type -> ATTRIB -H -R -S Recycled then press enter
5. In Windows Explorer in Safemode, remove the folder Recycled in drive C use Shift-Delete to delete the folder. 6. Repeat Step 3 to 6 for all drives of your system including the USB drive. 7. Search for CTFMON.EXE in your system using the Search of Windows found in Start Menu. If you find a file that is not located in C:\WINDOWS\SYSTEM32, delete it immediately. Don’t forget to empty the recycle bin afterwards (Usually the virus will copy itself in the Startup folder of the Start menu. Check if the file is present there and delete it then.) ?To disable autorun of drives (i.e. every time you double-click a drive or cd or USB, it is auto open) follow the following step: ? Click Start->Run->type REGEDIT.EXE 1. Go to this key from the register HKEY_CURRENT_USER\Software\ Microsoft\Windows\CurrentVersion\Policies\Explorer 2. Look for the entry NoDriveTypeAutoRun, double click the entry 3. Type a new value:?0FF?(Hex) for the NoDriveTypeAutoRun, this will turn off the Autorun for all drives, and press ENTER 4. Reboot the system. Viruses that uses Autorun.Inf ? There are several viruses that use the autorun.inf to spread itself such as the Bacalid (hides itself in ctfmon.exe) and the RavMon.EXE. These viruses set its file attributes to System+Hidden+Read-Only attributes so some antiviruses will have a hard time detecting or finding them. These viruses save itself in the root directory of every available drives of the current infected computer and run it every time you Double-Click the drive. In USB Sticks and CDs that are infected by the virus runs automatically especially if drive autorun is enabled for the current drives (which is usually by default, autorun for drives are enabled).? Disable AUTORUN from Registry? Now you can disable the AUTORUN for all drives by configuring the registry. Open the registry by typing regedit.exe to the command prompt (if your still at the command prompt) or execute it in Run. Look for the HKEY_CURRENT_USER\Software\ Microsoft\Windows\CurrentVersion\Policies\Explorer Double-click the NoDriveAutorun DWORD entry and type the value HEX: FF (255 in Decimal). (If the NoDriveAutorun does not exists, you can create it by right-clicking the right side area of the regedit window, then click New->DWord Value -> type NoDriveAutorun) Close the registry and restart the computer. This procedure will disable all the autorun for all drives of your computer and at least will prevent the autorun function of infected USB drives or CDs and avoid the infection of viruses like the Bacalid and RavMon.exe If you want to prevent viruses that uses autorun.inf? to infect your USB flash drive, try to do this: 1. Open your flash drive via Command Prompt (do this via Start->Run->cmd.exe)? 2. Change your logged drive to your USB flash drive (e.g. if your drive is at drive E: then type E: on the command prompt then press enter) 3. Create a folder named: AUTORUN.INF on the root directory of your flash drive. (To do this type the command: MD\AUTORUN.INF). If an error: a subdirectory already exists… shows, try to follow the instruction above to remove existing autorun.inf before doing this instruction. The reason why this will avoid future infection is that autorun.inf viruses usually generate a file autorun.inf. Having an AUTORUN.INF folder on the root directory of your drives will make virus programs unable to create their own autorun.inf file; virus can’t even overwrite it because it’s a folder and not file. Autorun.inf Virus Removal what is autorun.inf? Autorun.inf is a setup information file or INF used to install or setup software’s and drivers. This is usually used and seen on the CD ROM with the Autoplay. The autorun.inf makes the CD ROM will Autoplay, it means this will automatically play or setup upon clicking or play itself or what we called auto installation. If you can see an autorun.inf in your CD ROM drive, this is normal. When do we say that Autorun.inf is a Virus? Some people say autorun.inf is a virus but the reality is not. Autorun.inf was only used by the virus to execute or install them by clicking. On the autorun.inf it contains setup information or a program setup that will trigger the virus to execute when they are being clicked by the user. This autorun.inf was usually found in the windows C: or in the removable disk. And it is mostly set to invisible or hidden in the windows drive or removable drive. Ok here we go, let start removing the autorun.inf in your system drive. First you must enable your Folder Options, make your hidden files be visible to your eyes. You can enable by clicking-left to your My Computer > Tools > Folder Options.
You can follow this configuration when you enable the Folder Option to visible all the hidden files in to your system drive. After this, you can now start deleting the autorun.inf into your drive C: or removable drive. And you can also remove the unknown files like Braviax.exe, Ravmon.exe, Kxvo.exe, Amvo.exe, Bar311.exe, Svchost.exe or any unknown files that are exist in to the system drive. Step 1: Use Windows File Search Tool to find autorun.inf Path
1.
Go to Start > Search > All Files or Folders.
2.
In the "All or part of the the file name" section, type in "autorun.inf" file name(s).
3.
To get better results, select "Look in: Local Hard Drives" or "Look in: My Computer" and then click "Search" button.
4.
When Windows finishes your search, hover over the "In Folder" of "autorun.inf", highlight the file and copy/paste the path into the address bar. Save the file's path on your clipboard because you'll need the file path to delete autorun.inf in the following manual removal steps.
•
Read more about How to Delete autorun.inf with File Search Tool
Step 2: Detect and Delete Other autorun.inf Files
1.
To open the Windows Command Prompt, go to Start > Run > cmd and then press the "OK" button.
2.
Type in "dir /A name_of_the_folder" (for example, C:\Spyware-folder), which will display the folder's content even the hidden files.
3.
To change directory, type in "cd name_of_the_folder".
4.
Once you have the file you're looking for type in del "name_of_the_file".
5.
To delete a file in folder, type in "del name_of_the_file".
6.
To delete the entire folder, type in "rmdir /S name_of_the_folder".
7.
Select the "autorun.inf" process and click on the "End Process" button to kill it.
Autorun .inf Removal
This is a very simple free program to remove Win32/Autorun which appears to plague many users. It appears that some antivirus scans do find the problem but fail to remove it. This program does just that. It scans your drives and CleanAutoRun will detect and remove any W32/Autorun Worm and its variants safely from your system. Simply download the program and save it on your desktop or in a folder that you may have for downloaded programs. Double click on CleanAutoRun.exe to run the program. Click on Scan and just let it run, go and grab a coffee while it scans, it may take a little while depending on how full your drive is, how many partitions it has and any external drives that may be connected. When the scan is complete it will show you the results of ALL infected Autorun.inf worms that have been deleted. User interaction is minimal, simply, download, double click to Run, select Scan and that’s all there is to it. By removing all Autorun .inf files your computer will be safer as will your data. A useful tip to stop USB devices from automatically running when you insert them is to hold down the ‘Shift’ key as you insert the plug into the USB port.
Disable USB Autorun Many users will be aware that the easiest way to infect a computer is by inserting USB flash drives, other external USB devices, CD/DVD’s and memory cards which are infected with malware. I have previously covered how to remove the Autorun.Inf Worm, but this small tool will vaccinate your computer and stop the Autorun feature without having to edit the Registry, which for many users is a somewhat daunting task. The autorun feature can be disabled via editing the Registry, but this small program makes it much simpler. Simply download and install and the program will automatically open. Users then have the option to vaccinate their PC which will stop any program from any USB/CD/DVD drive from executing. The second option is to vaccinate attached USB devices which will disable the autorun completely. Users can then safely right click the drive in My Computer and scan for viruses and malware before opening any folders, which keeps your PC safe from malware infection. By default, Windows Operating System allows all inserted devices to autorun, therefore aiding the spread of malware simply by attaching an infected USB device which contains a malicious executable which loads silently as soon as the device is plugged in. Panda USB Vaccine stops this action and allows users to insert USB devices safely, and if it has not been previously vaccinated a popup appears giving the option to vaccinate it and disable the autorun feature.
Related Documents
Auto Run
May 2020 1
Auto Run
May 2020 1
Auto Run Removal Instruction
July 2020 1
Membuat Auto Run Pada Cd
June 2020 2
Run
October 2019 45