OK - I cannot get rid of BV:autorun-G [wrm] - and it’s annoying me.
Here’s my setup:
I have a XP Laptop connected to my home network - elsewhere on that network there is a Ubuntu (Linux) server hosting a USB connected Mass Storage drive. The drive is shared over the Network and seen on my laptop as S:\
I have already done several sweeps of my laptop with AVAST and removed a few bits-and-pieces - however, when I reboot my laptop. I am unable to access the task manager and edit the registry.
If I browse to S:\ AVAST warns me that the autorun.inf is infected with samples of BV:autorun-G [wrm].
I cannot delete, remove or quarantine the files - but I can remove them direct from the Linux server by removing the autorun.inf and removing the directory RECYCLER.
I can also re-enable the registry by entering the following commands in a command window:
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /fREG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f
I can also stop the virus reinfecting the drives by creating a directory on the root of the drive called “autorun.inf”. However the virus is obviously still running on my system somewhere, and I cannot detect nor remove it.
Everytime I restart my laptop, I am unable to access the task manager or regedit, and I cannot take a risk and insert another USB drive as I know that it will immediate infect that as well.
Does anyone have any ideas on how to eliminate this for good?