HELP ME autorun.inf

Viruses and worms
1

recenlty got the autorun.inf and avast picks it up but i cannt delete it nor send it to chest and i deleted it manualy once because it is in the c: and D: drives but it still keeps popping up. everything is really slow on my computer everything freezes and nothing opens correctly. Also all my webpages get redirected to random sites and i have to try 3 times just to get to the site i want. Can someone tell me how to fix this and fast because i cannot open so of the programs i need to use (photoshop, quickbooks etc) because they always freeze on startup…
help would be very appreciated and i need to do this soon
ps:avast isnt picing anything up any more but i still get the same effects

2

double posting sorry but i dont see an edit button…
but i forgot to mention i get popups like nuts as my popup blockers are disabled or somtin

3

What operating system and stuff ?
I have no idea about the autorun.inf you are talking about.
Although I know they allow things to run automatically without you doing anything.
You should be able to view them by just opening them, and if you know what to look for it will tell you what it is running or linked to.
don’t worry about that to much. Do that later if they still exist.

Don’t know why Avast! won’t let you delete or quarantine either, but alot of virii and spyware will do that.

For the meantime if you can you might want to NOT use that computer to access passworded things like your email or any accounts.

You might want to start by, Deleting cookies and temp files.
In Internet Explorer, by going to Tools then Internet Options, delete cookies and files
in the middle section also check the box “delete all offline content” after you
click the delete files.
Also while you are there in the top section notice what the home page is set to,
copy it and paste it in a text file, to save for reference, IF it is not what it is suppose to be.
Then change it to www.yahoo.com or google. or even blank for that matter.
Hope it stays.

Then click start/run and typing msconfig and hit enter or ok.
Don’t mess with anything in there but, click the startup tab and have a look,
you can pretty much uncheck everything in there EXCEPT, ALWIL. ASH or AVAST, in the startup item and or Command columns you can pretty much get an idea of what is starting when you start your computer.
after you uncheck most everything, restart in (safe mode), if you can.
(even if you uncheck a good program they will still work when you start them from the desktop or start menu)
and run AVAST in a full scan, change the settings to THOROUGH and scan archives, see what happens then.
after that use your spyware program to scan.
after that use a couple free online scanners too,
I use windows live one care as a secondary, works pretty good.
Use trendmicros housecall, works good also.
there are plenty people will suggest, bitdefender, kaspersky and all those.
Anyway after you have done that come back let them know what you have done and what was found.
You will probably still have some Spyware and junk,
but this should get you well on your way, and speed you up a bit (if it will let you scan).
NOTE all the things that are found with every program, don’t delete them until
you know what they are, always put them in a chest or quarantine.

http://housecall65.trendmicro.com/

accept the terms and let it install the activex, then choose browser plugin, the java one bothers me.
Hope this helps until someone has more info for you, or you come back with more info. :slight_smile:

4

I suggest:

  1. Clean your temporary files.
  2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
  3. Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
  4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
  5. Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
  6. Disable System Restore and then reenable it again.
  7. Immunize your system with SpywareBlaster.
  8. Check if you have insecure applications with Secunia Software Inspector.

Besides, this could help:

[*] Download Flash Drive Disinfector and save it to your desktop.
[*] Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
[*] The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
[*] Wait until it has finished scanning and then exit the program.
[*] Reboot your computer when done.
[*] Note: Flash Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don’t delete this folder… it will help protect your drives from future infection.

5

Hey i used this Flash Disinfector thing i think it works i had the autorun on my USB when i plug in the Avast detects it , but before i had i on my computer can this Flash DIsinfector work for computer Drives ? ( not removable / flsh type of drives of course ) btw i formated the com recently but i not srue is it totally clean now the com :-\

6

I think not… but avast should do that.

Follow the other steps I’ve posted before.

7

To : TECH

hmm i m sorry for asking questions in this post n tat i saw this after i saw mine sorry :-\ ok anways now i scanned my com with AVASt 4 Home Edition (latest ver) i detected a virus called Win32:Trojan-Gen {Other} in several places i place them inside my Chest , anways problem is now i sart my com i get an erro tat’s a file from the C:\WINDOWS\Fonts (which the virus is also inside this file i put inside the Chest) the erro tat come up when i start the game is said tat this file <<<< this virus i think it’s missing or something but so far i can work my computer , can u tell me wat’s this about?

btw the file i think was called " wmsncs.exe "

Here’s a screenshot of the report file , the " Properties " of the Virus file for all of them is the same

http://i228.photobucket.com/albums/ee116/saber47/ReportFile.jpg

http://i228.photobucket.com/albums/ee116/saber47/MOreInfo.jpg

8

I suggest you install WinPatrol and go to the Startup entries listed there (enabling to show hidden entries) and delete the ones that make links to this file.

9

hmm but can i delete this file from the chest is it vital to the computer ? N i scanned the com yesterday i caught this 2 Viruses or Spyware or something from the Spyware Terminator , it’s a Key Logger , it’s located in the SVCHOST.exe file as i saw in the internet the SVCHOST.exe is to process the com or something so is it ok tat deleting this 2 Key Logger ?

10

Hey saber,

Let’s try to remove whatever is left on your computer. We shall use a stronger tool to do this quickly.

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

[*]Double click on ComboFix.exe & follow the prompts.

[*]As part of it’s process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it’s strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it’s malware removal procedures.

http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

11

uh no offence but is this thing real n safe ??? :-\ may i ask wat actually this thing does n where’s it from ?

12

Hey saber,

ComboFix is a complex malware removal tool that targets many well-known infections. It is written by sUBs, a well known malware removal expert in the realm of Internet security. It has been used at many famous free tech help sites such as bleepingcomputer, geekstogo, malwareremoval. Here is a link to BC that tells you what this program does:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

13

To : Tech

Can u tell me more about this WinPatrol wat does it actually does = = ? I scare if i accidently delete some important files or something (this is about tat erro thing keep coming up when i start the com after i scanned the com n move the virus to the chest , dnt noe y screenshots been taken off lol)

14

You can post a list (or a screenshot) of the startup items.
You can use WinPatrol or other startup tool (Windows Defender has one, for instance).

Screenshots, see how: http://forum.avast.com/index.php?topic=8982.0.
You can use Gadwin PrintScreen to get a screenshot (http://www.gadwin.com/printscreen/) or the free version of WinSnap 1.1.10 (http://www.filehippo.com/download_winsnap/?2173).

15

first i need to say i dont know english good :(
hello i have 2 virus files but Avast 4.8 pro vbs 081128-0 not catching ???
virus info : autorun.inf and o1.com
if i will join anyone disk if have its virus in local disk its join to all local and portable disks

its autorun.inf info
;qk4Lld424aA3DSidK90docSqjcq4rDo4kliKkkjrk2SeKaZL0sikOwfKjeLai2lawSr2sls40widselk2
[AutoRun]
;saLq3kjasaKijjaLa1Dw2rqJr3fsk2eoolLf5K75qrkA4a272pS3i3r79Oow43LkkkiS4Js031i3q1rKKkD5o44l7oLj
open=o1.com
;sKo6daq5kksaDliawDw2elLpKldm0dqKj7kIockr3kdiLk3Ks8qiaJ42sC4lU2KsDAw2p1icjlHSXwAkfAq5kKknAKkle3O4k000A
shell\open\Command=o1.com
;6w3wadfoal322alrLq20o70Ssa
shell\open\Default=1
;6asAjkpsdJa194k9n2Lk21KSS3Do89LoaAwjcs2sDwljk1iijrw
shell\explore\Command=o1.com
;33DwaHd4iaKcpdAms2AjAr4KKwkiKsla42Aaa4A9K2e3lalJ4DaDL0ilowdrfFfaX8rZkwaw0w33Dsiq21s032i0D

16

Hi sewerim if you start a new topic I will pick you up there as it becomes confusing with different problems in the same thread ;D

I would like you to post in your new thread the following

To ensure that I get all the information this log will need to be uploaded to Mediafire and post the sharing link.

Download OTScanit to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

[*]Close ALL OTHER PROGRAMS.
[*]Open the OTScanit folder and double-click on OTScanit.exe to start the program.
[*]Check the box that says Scan All User Accounts
[*]Check the Radio button for Rootkit check YES
[*]Check the Radio buttons for Files/Folders Created Within 90 Days and Files/Folders Modified Within 90 Days
[]Under Additional Scans check the following:
[]File - Lop Check
[]Reg - BotCheck
[]File - Additional Folder Scans
[*]File - Purity Scan

[*]Now click the Run Scan button on the toolbar.
[*]Let it run unhindered until it finishes.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.