Autorun.inf infection

Viruses and worms
1

Hi there. I’m relatively new to Avast and very unknowledeable as regards virus management.
My last scan revealed the presence of the Autorun.inf worm; not knowing exactly what to do, I placed it immediately in the virus chest and then, after checking it out on internet, I deleted it from the virus chest.
Was this the right thing to do? (I read somewhere else that it is always preferable to place viruses in quarantine).
Grateful for any advice and instructions for future reference.
Florio

2

You have done the right thing, ‘first do no harm’ don’t delete, send virus to the chest and investigate.

There is no rush to delete anything from the chest (is a quarantine area), a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.

Download and run Autorun Eater

3

:slight_smile: Hi :

Many certified “Malware Removal Specialists” recommend the use of “Flash
Disinfector” ; see Info at http://experi3nc3.wordpress.com/2007/05/10/flash-disinfector-by-subs/ .

4

Hi Florio,

This can also be used: try autorun eater, download in this link http://www.softpedia.com/get/Security/Secure-cleaning/Autorun-Eater.shtml

If the malware is of a nastier variant, you can also take the following checks and repairs:

The Task Manager has most probably been disabled (Check with Ctrl+Alt+Del). To enable it, go to Start - Run and paste the following command:
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f
Hit Enter.

My guess is that the editing the registry has also been disabled. To enable the registry, go to Start - Run and paste the following command:
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f
Hit Enter.

Disabling Autorun on all disks could at least keep the nasty from starting up again.
The easiest way to do that is to download TweakUI from here:
http://www.annoyances.org/exec/show/tweakui
Install and start (you will find it under Powertools for Windows - TweakUI).

  • Expand the ‘My Computer’ branch, then the ‘AutoPlay’ branch, and then select ‘Drives’.
  • Turn off the check box next to ALL drive letters (AutoPlay will be disabled now).
    Reboot your computer,

polonus

5

That is the one I posted two posts up ;D

6

Hi DavidR,

Repetition is the strength of PR,

pol