How To Remove Autorun Virus
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View How To Remove Autorun Virus as PDF for free.
More details
- Words: 1,235
- Pages: 8
How to Remove Autorun Virus
By Zolkiflee M S [email protected] Preface Not all computer users are aware of virus attack on their systems. The reason being users do not apply force to protect their systems from being infected by computer virus. With widely use of thumbdrive and external hardisk, one would not realise virus worm or trojan are embedded in their systems untill something weird happen. I take this opportunity to share what i have in solving current virus problems.
The system Before i proceed with steps to remove the autorun virus, lets think back who users your computer or laptop. Take note of these users and the mobile device that they use including yourself. Thumbdrive, external hardisk and mobile phone memory cards are carriers of trojan virus.
Even with strong antivirus in your system, it would not detect the presence of the core file that execute these viruses, because your anti virus program will only start when window starts and exec all the .ini files. Your antivirus program will only detect and kill the worm virus called the autorun.inf or others like secret.exe, but it will not detect othe files like 9.cmd or kavo.exe or maybe using ada file name suck as nmoho.bat.
Symptoms The first thing to take note is whether your systems can display hidden file or folders. The core virus file will disable your View Hidden File. To display Hidden File 1. Click on My Computer 2. Click On C: Drive 3. From the menu Tools click on Folder Options 4. Select the View tab 5. Look For the section Hidden Files And Folders 6. The default selection would be Do Not Show Hidden File And Folder 7. Click on the selector Display Hidden File And Folder 8. Click the box to remove the selection on Hide Extension and Hide Protected 9. Click Ok 10. If your system is not infected new files will be displayed in yor C:drive such as AUTOEXEC.BAT boot.ini CONFIG.SYS IO.SYS MSDOS.SYS NTDETECT.COM ntldr pagefile.sys 11. If you do see any of this files repeat step 4 to step 6 12. If The default is still similar to step 6 this means your system is infected
How to remove 1. Shut down your system 2. Disconnect from any mobile device, networking and internet connection. 3. Restart your system while pressing the F8 button on your keyboard until it display a Menu that gives you the selection to start windows. 4. You should be seing the following start menu a. Start in safe mode b. Start in safe mode with networking c. Start in safe mode with command prompt 5. Use your up arrow key to select the Start In Safe Mode With Command Prompt 6. Once windows start it will display the screen below
7. At this point you have to use DOS command to operate 8. Type in the screen the following a)
CD\WINDOWS\SYSTEM32 and press Enter this is to change
directory to windows\system32 b)
DIR /A:H
and press Enter this is to display all hidden files
d)
take note of any file with extension .exe .cmd .dll such as 9.cmd ,
kavo.exe , ckvo.exe ckvo0.dll nmsogt.exe e)
If you see any of the files above not related to windows or the date
shown beside these files as latest dates, then this files are the culprit. These files are hidden write protected f)
You need to remove the hidden attrib first befor deleting by typing the
following command: g)
ATTRIB KAVO.EXE -H -R -S this is to change the attributes
h)
DEL KAVO.EXE this is to del the file.
i)
Repeat steps g) and h) above for other files to be deleted. Make sure
you delete only the suspected files. j)
Repeat step b) above to make sure the suspected files are deleted
permanently.
9. The next step to to go to your root directory of your C: drive a)
type this command in your screen CD\ and press Enter you will see
this in your screen >> c:\>_ 10. Type in DIR /A:H and press enter 11. If your systems in infected you will see this files 9.cmd , autorun.inf , ckvo.exe , 12. You have to change attrib and del these file like you did in 8(g) to 8(j) above. 13. If you have D: drives you have to do the same thing as what you did for your C: DRIVE 14. To change to your D: drive type in your screen the command D: and repeat steps 8(g) to 8(j) above. 15. You can check your thumbdrive at this stage if you remember the drive used when you insert your thumbdrive or memory cards.
16. If your drive name for your thumbdrive is F or G or H type the command F: or G: or H: to change to that particular drive and repeat steps 8(g) to 8(j) above. 17. WARNING : DO NOT DELETE THE FOLLOWING IN YOUR C: DRIVE Directory of C:\ boot.ini IO.SYS MSDOS.SYS NTDETECT.COM ntldr pagefile.sys RECYCLER System Volume Information 18. Next step is to restart your system by typing : SHUTDOWN -R 19. Let the windows start normally and do not connect to your network or internet. The reason is that your explorer.exe might be also the main cause of virus infection. 20. Once windows start go to your START menu and select RUN 21. Type in REGEDIT and click OK
22. You will see this screen
23. Please be careful do not simply delete or change any parameters 24. Make sure the item HKEY_LOCAL_MACHINE is selected if not, please click once to select 25. From the menu Edit select Find. In the box that appear type in Showall and click Find Next button 26. You will see this screen
27. Double c lcik on the item CheckedValue 28. In the box Value Data type in figure 1 and press OK
29. Click on the menu File and Exit 30. Double clcik on your My Computer and double click your C: drive 31. From the menu Tools click on Folder Options 32. Select the View tab 33. Look For the section Hidden Files And Folders 34. The default selection would be Do Not Show Hidden File And Folder 35. Click on the selector Display Hidden File And Folder 36. Click the box to remove the selection on Hide Extension and Hide Protected 37. Click Ok 38. If your system is not infected new files will be displayed in your C:drive such as AUTOEXEC.BAT boot.ini CONFIG.SYS IO.SYS MSDOS.SYS NTDETECT.COM ntldr pagefile.sys
39. If you succeeded to this stage , and able to display all the hidden and systems file, you are cool. 40. Now what you have to do is scan your hardisk using your anti virus program. Again do not connect to internet yet until you have completed the virus scanning.
PRECAUTIONS Before inserting any thumbdrive that you are not sure its free from virus scan first by starting your system using Safe Mode With Command Prompt. Display the content of the thumbdrive using the command DIR /A:H and removing the autorun.inf and any suspected virus file.
After scanning your hardisk for virus infected file. If you find out that your file explorer.exe is not infected you can proceed to connect to the internet, or else if the explorer.exe is infected heal it first or move to vault.
OK fellas , good luck in your scanning.
By Zolkiflee M S [email protected] Preface Not all computer users are aware of virus attack on their systems. The reason being users do not apply force to protect their systems from being infected by computer virus. With widely use of thumbdrive and external hardisk, one would not realise virus worm or trojan are embedded in their systems untill something weird happen. I take this opportunity to share what i have in solving current virus problems.
The system Before i proceed with steps to remove the autorun virus, lets think back who users your computer or laptop. Take note of these users and the mobile device that they use including yourself. Thumbdrive, external hardisk and mobile phone memory cards are carriers of trojan virus.
Even with strong antivirus in your system, it would not detect the presence of the core file that execute these viruses, because your anti virus program will only start when window starts and exec all the .ini files. Your antivirus program will only detect and kill the worm virus called the autorun.inf or others like secret.exe, but it will not detect othe files like 9.cmd or kavo.exe or maybe using ada file name suck as nmoho.bat.
Symptoms The first thing to take note is whether your systems can display hidden file or folders. The core virus file will disable your View Hidden File. To display Hidden File 1. Click on My Computer 2. Click On C: Drive 3. From the menu Tools click on Folder Options 4. Select the View tab 5. Look For the section Hidden Files And Folders 6. The default selection would be Do Not Show Hidden File And Folder 7. Click on the selector Display Hidden File And Folder 8. Click the box to remove the selection on Hide Extension and Hide Protected 9. Click Ok 10. If your system is not infected new files will be displayed in yor C:drive such as AUTOEXEC.BAT boot.ini CONFIG.SYS IO.SYS MSDOS.SYS NTDETECT.COM ntldr pagefile.sys 11. If you do see any of this files repeat step 4 to step 6 12. If The default is still similar to step 6 this means your system is infected
How to remove 1. Shut down your system 2. Disconnect from any mobile device, networking and internet connection. 3. Restart your system while pressing the F8 button on your keyboard until it display a Menu that gives you the selection to start windows. 4. You should be seing the following start menu a. Start in safe mode b. Start in safe mode with networking c. Start in safe mode with command prompt 5. Use your up arrow key to select the Start In Safe Mode With Command Prompt 6. Once windows start it will display the screen below
7. At this point you have to use DOS command to operate 8. Type in the screen the following a)
CD\WINDOWS\SYSTEM32 and press Enter this is to change
directory to windows\system32 b)
DIR /A:H
and press Enter this is to display all hidden files
d)
take note of any file with extension .exe .cmd .dll such as 9.cmd ,
kavo.exe , ckvo.exe ckvo0.dll nmsogt.exe e)
If you see any of the files above not related to windows or the date
shown beside these files as latest dates, then this files are the culprit. These files are hidden write protected f)
You need to remove the hidden attrib first befor deleting by typing the
following command: g)
ATTRIB KAVO.EXE -H -R -S this is to change the attributes
h)
DEL KAVO.EXE this is to del the file.
i)
Repeat steps g) and h) above for other files to be deleted. Make sure
you delete only the suspected files. j)
Repeat step b) above to make sure the suspected files are deleted
permanently.
9. The next step to to go to your root directory of your C: drive a)
type this command in your screen CD\ and press Enter you will see
this in your screen >> c:\>_ 10. Type in DIR /A:H and press enter 11. If your systems in infected you will see this files 9.cmd , autorun.inf , ckvo.exe , 12. You have to change attrib and del these file like you did in 8(g) to 8(j) above. 13. If you have D: drives you have to do the same thing as what you did for your C: DRIVE 14. To change to your D: drive type in your screen the command D: and repeat steps 8(g) to 8(j) above. 15. You can check your thumbdrive at this stage if you remember the drive used when you insert your thumbdrive or memory cards.
16. If your drive name for your thumbdrive is F or G or H type the command F: or G: or H: to change to that particular drive and repeat steps 8(g) to 8(j) above. 17. WARNING : DO NOT DELETE THE FOLLOWING IN YOUR C: DRIVE Directory of C:\ boot.ini IO.SYS MSDOS.SYS NTDETECT.COM ntldr pagefile.sys
22. You will see this screen
23. Please be careful do not simply delete or change any parameters 24. Make sure the item HKEY_LOCAL_MACHINE is selected if not, please click once to select 25. From the menu Edit select Find. In the box that appear type in Showall and click Find Next button 26. You will see this screen
27. Double c lcik on the item CheckedValue 28. In the box Value Data type in figure 1 and press OK
29. Click on the menu File and Exit 30. Double clcik on your My Computer and double click your C: drive 31. From the menu Tools click on Folder Options 32. Select the View tab 33. Look For the section Hidden Files And Folders 34. The default selection would be Do Not Show Hidden File And Folder 35. Click on the selector Display Hidden File And Folder 36. Click the box to remove the selection on Hide Extension and Hide Protected 37. Click Ok 38. If your system is not infected new files will be displayed in your C:drive such as AUTOEXEC.BAT boot.ini CONFIG.SYS IO.SYS MSDOS.SYS NTDETECT.COM ntldr pagefile.sys
39. If you succeeded to this stage , and able to display all the hidden and systems file, you are cool. 40. Now what you have to do is scan your hardisk using your anti virus program. Again do not connect to internet yet until you have completed the virus scanning.
PRECAUTIONS Before inserting any thumbdrive that you are not sure its free from virus scan first by starting your system using Safe Mode With Command Prompt. Display the content of the thumbdrive using the command DIR /A:H and removing the autorun.inf and any suspected virus file.
After scanning your hardisk for virus infected file. If you find out that your file explorer.exe is not infected you can proceed to connect to the internet, or else if the explorer.exe is infected heal it first or move to vault.
OK fellas , good luck in your scanning.
Related Documents
How To Remove Autorun Virus
December 2019 24
Remove Virus
December 2019 22
Remove Virus Without Anti Virus
May 2020 4
How To Remove Usbcillin Viruse
May 2020 7
How To Create A Autorun File
November 2019 43
Autorun
November 2019 18More Documents from ""
Rancangan Perniagaan Bi
December 2019 25
Ran Kewangan 3t-01
May 2020 20
Rancangan Perniagaan Ict
December 2019 25
How To Remove Autorun Virus
December 2019 24
Rp - Cake2
December 2019 22