I put also my message here because I probably have more success on the French forum. Sorry for the quality of translation …
By editing my simple autorun.inf file now (after updating Avast v6.0.1000 - 110407-1) I get the message inf:autorun-gen [wrm]
PC Windows XP SP3, Avast Update, Spyware Terminator updates, scans with nothing found …
The problem actually comes from the updated today because yesterday I worked my autorun.inf file without any problem:
[autorun]
open = autorun.exe
icon = autorun.exe, 1
I can not create a new autorun.inf and if I save it, Avast reacts and quarantines
Another example:
[autorun]
ShellExecute = index.htm
Avast quarantine …
My autorun.inf file is on my hard drive, not on a USB stick and I was just trying to edit (with Nodepad++ last version) it and save it (not trying to test it) …
You are given the option to “vaccinate” your machine [click “yes/OK”], which means to disable autoruns from infecting your machine again or in your case from the infection spreading. Plus you can “vaccinate” any USB/flash or removable device so that it cannot infect your machine.
Do not insert any removable media devices into your machine, such as anything that would go into the A:/drive, CD/DVD, USB sticks, sync anything with your machine, etc.
Follow the directions of obtaining an MBAM log (make sure you update MBAM first) and the OTS log (save them as ANSI and not Unicode). Post the MBAM log and the OTS log as an attachment (Additional Options > Attach > Post).
I am going to refer you to our Certified Malware expert, named Essexboy. He will also review your logs and give you further instructions, however he comes on the forum late UK time. He will respond to you in this thread, so remember to check this thread daily.
Please do not make any further changes to your machine after you have provided the logs.
Once your machine is free of the infection, we will need to disinfect your USB sticks. What forms of removable media devices do you use?
OK I see what your problem is - whenever you make your own autorun.inf Avast detects and then quarantines it… Is that correct
I can see no safe way around this this, as if you add autorun.inf to the exceptions then that would allow any infection to possibly run rampant… So it really is in your own interest that Avast is removing it
1- I have not used USB and I have not test any time my autorun.inf
2- OK, I download and I test … follow back
3- OK … follow back
For the moment:
Full check with Avast have no infection (new update today)
Full check with Spyware Terminator have no infection
First check with Malwarebytes’ Anti-Malware found 5 minors infections (rapid search) and I have repair
Second check with Malwarebytes’ Anti-Malware found 0 infections (full search)
I can post log if important ?
I have a USB key, a hard disk, MP3 readers on USB sticks but not used for the moment …
Hum … For me autorun.inf is important. I’m programmer and I make occasionally autoruns for CD-DVD (sites/catalogues with server2go and autorun), just my autoruns, not others …
The free Panda USB Vaccine disable AUTORUN.INF. USB drives that have been vaccinated cannot be reversed except with a format.
Right click from Windows Explorer and do a full format to cleanse your USB flash drive.
However the problem still exists that you need to remove the worm from your machine. Avast is detecting it as Essexboy posted; he is a Certified Malware Removal Expert. Re-read his post and respond to his post please.
Using the Panda USB Vaccine, you are given the options:
To vaccine the machine, which disables autoruns and prevents autorun.inf worm
To vaccinate all USB and removable media (resident protection)
To vaccinate only USB and removable media you want (on-demand protection), but you need to remember which ones are vaccinated and which ones are not.
Please let us know if you have additional questions. Thank you.
I understand the potential risks of the file autorun.inf
Avast from a recent update has responded to MY autorun.inf file that I edited and saved, as a precaution, I guess.
But so far I have not found any software that detects a potential hazard on my machine, style virus, malware, etc. … so why vaccinate?
USB Panda Vaccine disable AUTORUN.INF and USB Drives Have Been vaccinated That Can not Be Reversed With A EXCEPT format. This is not satisfactory for me and some comments of this Panda Vaccine put me in doubt …
What software can detect the worm and repair it but here, I’m not sure this is a warm.