|
How To: Remove the "autorun.inf" virus from your flash drive - and why.
This article assumes that you know you have the "autorun.inf" virus on your flash drive, that you know the drive letter of that flash drive on the computer you are using, and that you have read the accompanying FireHow article
How To: Detect the "autorun.inf" virus on your flash drive - and why
This article contains directions for Windows XP. The convention used here is that you will type into any text box EXACTLY what you see BETWEEN a set of square brackets, also know as the Deltacomm™ convention. Thus if you see ["jupiter "], you will enter the word jupiter and the space after it and both quotation marks, because that is what is between the brackets.
Step-by-step instructions:
STEP 1: Confirm that you have the "autorun.inf" virus
You cannot view the "autorun.inf" virus directly, it cannot be detected by most commercial anti-virus applications, which is a shame upon them all. The "autorun.inf" is a nasty virus that hides in your flash drive. This is how to view the virus to confirm it is present.
1. Click on your start menu and find the "Run..." icon. Click on it.
2. When the Run box appears, type [cmd] into the text box labeled Open, and press enter. Â
3. Change to your flash drive by typing the drive letter and a colon, then press enter.
4. At your drive prompt, type [dir /p] to display the contents of the flash drive. You will NOT see "autorun.inf" because it is hidden. You are only confirming you are on the correct drive.
5. At the correct drive prompt, type [attrib -r -a -s -h *.*], then press enter. This disables the hidden archive bits for everything on the flash drive.
6. Now type [dir /p] again and near the top of the alphabetical list, you should see "autorun.inf" and it should be exactly 348 bytes long. If so, you got the virus - and congratulate yourself for getting this far.
7. Type [exit] at the command prompt to close the window. DO NOT close the window by clicking on the "X".
STEP 2: Performing a fix on the "autorun.inf" virus.
Although this article is titled "Remove" the virus, you can't really remove it. It will keep coming back. If you have time, try to delete it and perform STEP 1 again. It will always return. You can only control it.
1. REMOVE your flash drive and do not re-insert it until asked to do so.
2. Search the Internet for the application "Flash_Disinfector.exe". There are many sources, the file is exactly 130 KB long. You should download it, preferably into the special folder you created for all your download files. I normally use the version found at precisesecurity.com, but any will do
3.Once downloaded, run "Flash_Disinfector.exe" and insert your flash drive when asked. You may get the warning that you screen may go blank, this is normal. Also, all your desktop icons may momentarily disappear.Â
In less than ten seconds, you are done. If your flash drive was renamed "PENDRIVE" by the virus, it should revert to original name. Note: "Flash_Director.exe" may create a new folder on your flash drive. The folder is called "autorun.inf", but again it is a folder name, not a file name. Do not delete this folder even if you can see it, becuase it is protecting you from the virus.
STEP 3: ADVANCED USERS ONLY.
The "autorun.inf" virus also uses triggers that are embedding in your PC registry under the file name "hel.exe". Normally there are around 9 such locations, they are now rendered harmless but if you want to get rid of them, follow these directions.
1. Click on your start menu and find the Run... icon. Click on it.
2. When the Run box appears, type [regedit] into the text box labeled Open, and press enter. Â
3. When the Registry Editor box appears, make sure the My Computer folder at the very top is highlighted (to tell the editor to start searching at the top). Type ctrl-F and in the Find box type [hel.exe]. Leave all the defaults alone and click on Find Next.
4. Examine each string that is found to ensure the SUFFIX or far right end says "hel.exe" and delete that line. (Do not accidentally delete anything like "shell.exe".)
5. Press the F3 function key until you have stepped through the entire registry. Â
6. Go back and do the search a second time in case you missed anything.
7. Now go do this on every computer you ever plugged that flash drive into. I told you, this is one nasty virus. It can stay dormant for years.
That is it. From time to time, the "autorun.inf" virus may randomly reappear. It first shows up by creating a file (not a directory) on your flash drive called "hel". If you notice this file, perform all the above steps over again.
* * * * * * * * * * * * * * * * * * * * * * * * * *
Disclaimer: veryatlantic™ is a non-technical source for advice and entertainment and is not responsible for any damages under any theory. All posts sacrifice technical accuracy for user-friendliness. If unsure, get help. Please feedback errors for correction.
* * * * * * * * * * * * * * * * * * * * * * * * * *
I STAND INFORMED:
(Information I have received but not personally tested)
Comodo anti-virus software WILL detect and fix the autorun.inf
 |
Computers 
