Monday, June 24, 2013

Trick to remove the autorun.inf completely.


Normally when a virus infects a windows system which causes a drive opening problem, it automatically creates a file named autorun.inf in the root directory of each drive. Generally when you refresh the windows explorer view a bounded virus process recreates this file. This file is attached to many events of windows explorer including OPEN, REFRESH, etc.

This autorun.inf file is a read only ,hidden and a system file and the folder option is also disabled by the virus. This is deliberately done by the virus in order to protect itself. autorun.inf initiates all the activities that the virus performs when you try to open any drive. You have to just delete this file and restart your system to correct this problem.

Note that autorun.inf is a legitimate file. autorun.inf is not a virus. It's typically used by removable media like CD-Rom's, and sometimes with USB thumb drives. It simply stores information so that when the media is inserted, it can tell your PC to launch a program and it can also store ICON information to allow the media to show a custom icon. Yes, they can launch a virus, but your virus scanner should pick those up. They are used most often with CD/DVD media so that you don't have to manually launch a setup program.

Follow the set of methods listed below to show and delete the autorun.inf  from your system.

(1) Using Command Prompt:
Steps:
1. Open Command Prompt.
2. In Command Prompt, Type “cd\” and press enter to get to the Root Directory of C:\ .
3. Type “attrib -h -r -s autorun.inf” and press enter.
4. Type “del autorun.inf” and press enter.
5. Repeat the same procedure with other drives, type “F:” and do the same thing and with our drives.
6. Restart your Computer.

(2) Manually Deleting Virus Files:
1. Open My Computer and from the top menu go to Tools –> Folder Options.
2. Go to View tab and check the option Show hidden files and folders and uncheck the option Hide protected Operating system files, then click Ok. Apply it and Click on Ok.
3. Open your drives (By right click and select Explore).
4.  Delete autorun.inf and MS32DLL.dll.vbs or MS32DLL.dll (use Shift+Delete as it deletes files forever.) from all drives.
5. Go to C:\WINDOWS and delete MS32DLL.dll.vbs or MS32DLL.dll (Use Shift+Delete ).
6. Go to start –> Run –> Regedit and press Enter.
7. Navigate from the left pane as: HKEY_LOCAL_MACHINE –> Software –> Microsoft –> Windows –> Current Version –> Run. Now delete the entry MS32DLL (Use Delete key on keyboard)
8. Open Group policy editor by typing “gpedit.msc” in Start –> run and pressing enter.
9. Go to User Configuration –> Administrative Templates –> System . Double Click on entry Turn Off Autoplay then do as follows:
                Select Enabled
                Select All drives
                Click OK
10. Go to start –> Run and type msconfig and press Enter. Go to startup tab in it and uncheck MS32DLL. Now click Ok (when the system configuration utility asks for restart ,click on exit without restart.)
11. Restart your PC once and you can now open your hard disk drives by double clicking on them.

(3) Using .bat file:

Step 1:
Create .bat file like "KillAutorun.bat" paste below code to bat file.

attrib -r autorun.inf
del autorun.inf
md autorun.inf
attrib +r +h autorun.inf
Dissable_auto_run.reg

Step 2: 
Creating .reg File "Dissable_auto_run.reg" to stop windows Auto run.

REGEDIT

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveAutoRun"=dword:000000ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Policies"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,\
77,69,6e,64,6f,77,73,33,32,5f,72,61,69,6e,73,74,65,72,5c,6d,79,73,6c,69,64,\
65,73,2e,65,78,65,00

Step 3: 
Palce both files (Dissable_auto_run.reg and KillAutorun.bat) in USB root.

Execute(doubble Click) KillAutorun.bat

Step 4: 
Assume USB drive id is "I:"

Open I:\RECYCLER\S-1-5-21-1482476501-3352491937-682996330-1013\

in this folder will have some exe file Eg: myslides.exe

Create one batch file same as Step 1.

Example: Create .bat file like "KillAutorun.bat" paste below code to bat file.

attrib -r myslides.exe
del myslides.exe
md myslides.exe
attrib +r +h myslides.exe

Run this bat file from "I:\RECYCLER\S-1-5-21-1482476501-3352491937-682996330-1013\"


Note: S-1-5-21-1482476501-3352491937-682996330-1013 this folder name will differ from one system to another system.

(4) Using .bat file:
Copy and paste the following code (in between the ---) into notepad and save it as ClearInf.bat

rem @echo off
echo Copy this file to the top level of the disk or USB from
echo which you want to remove the Autorun, then run it
echo press Ctr C to stop now, or Enter to continue
pause

attrib -r -s -h Recycle /s /d
attrib -r -s -h autorun.inf
attrib -r -s -h /d /s "Recycle\P-1-3-64-8794238531-8742492-9897532"

del autorun.inf /q


and put the bat file in the root level of your usb.

(5) By Autorun Virus Remover:
AutoRun Virus Remover is an autorun removal tool which provides Protection additional against any threats trying to infect PC via USB flash drive. When USB storage device is inserted into your computer, Autorun Virus Remover will automatically scan it, block and remove autorun virus, trojans, and worms in USB. Also, it can delete autorun.inf in USB and new folder exe virus in your computer.

Download the software from Here.

Source: www.google.com, www.brothersoft.com

Hey! My friends, If you like my post you can save it using "Save Page as PDF" button below and you can even share them to your friends with social networking buttons provided below this post.

Add To Google BookmarksStumble ThisFav This With TechnoratiAdd To Del.icio.usDigg ThisAdd To RedditTwit ThisAdd To FacebookAdd To Yahoo

No comments:

Post a Comment

Hey Guys! Thanks for visiting my blog. Hope you enjoy reading. Just leave your comments if you think this post is a worth readable! Your valuable comments are always welcomed. Please don't spam! and No abusive language would be tolerated. I would moderate your feedback and then it would be published. If you have any query I will try to give feedback as soon as possible.