w32.autorun.JM\(Tr) found by Avast. Deleted but on startup blank screen

Avast said that it found this trojan w32.autorun.JM(Tr), on the memory stick that was in use, on Significant Other’s very precious laptop. He had not backed-up at all, so has no access to some rather vital work files.

Deleted it, but on starting up next morning, he could only get a blank screen. Will not start from rescue disk either. It was again found on same memory stick today, when he checked it again on the computer I am using now. I deleted it again but I am not shutting this one down tonight.

Is it a real trojan, or is it a false-positive - have I deleted some vital file for running Windows?

Can anyone suggest how to deal with this, as if it is a trojan I cannot get to msconfig etc to sort it out.

Maybe this help…

[*] Download Flash Drive Disinfector and save it to your desktop.
[*] Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
[*] The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
[*] Wait until it has finished scanning and then exit the program.
[*] Reboot your computer when done.
[*] Note: Flash Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don’t delete this folder… it will help protect your drives from future infection.

To know if a file is a false positive, please submit it to VirusTotal and let us know the result. If it is indeed a false positive, send it in a password protected zip to virus@avast.com. VirusTotal has a file size limit of 10Mb. Please, mention in the body of the message why you think it is a false positive and the password used. Thanks.

Maybe you need to disable Hide protected operating system files and enable View hidden files and folders to manage the file(s).

As a workaround, you can add these files to the Standard Shield provider (on-access scanning) exclusion list.
Left click the ‘a’ blue icon, click on the provider icon at left and then Customize. Go to Advanced tab and click on Add button…
You can use wildcards like * and ?. But be careful, you should ‘exclude’ that many files that let your system in danger.

This link is a tutorial on how to help correct a virus detection that you believe to be false:
http://forum.avast.com/index.php?topic=25009.msg204838#msg204838
or http://forum.avast.com/index.php?topic=7779.msg62586#msg62586

Many thanks - I will do this to the PC. Will flash drive disinfector run on the laptop if I put it on a memory stick and just plug it in? All we can get on the laptop is a blank dark screen. It will not boot from the recovery disk. The memory stick that originally had the ‘trojan’ has now been double checked using avast and another antivirus programme, and is clean.

You can try Avira Rescue CD. Download also the latest virus definitions (called security updates there).
http://board.protecus.de/files/avira-bootcd-info/index_en.html
Also, there is a standalone a-squared tool for scanning.

Can you boot in Safe Mode?

No, not even in safe mode. All I can do is hit the F2 key fast, and I do get access to some settings, but cannot find switch for safe mode on it. I can switch to boot from CD instead of hard drive, but even doing that does not induce it to start up properly.

Given that Avast alerted to the trojan on the memory stick, I am puzzled that it did not do so for the actual laptop itself. I am not very familiar with the laptop software versions & set up, as it belongs to my partner. He does not use it for internet access at all, so we think if it is a trojan it came from his work. It turns out that a lab he uses sometimes does not have any anti-virus software as “No need, we are not connected to the internet or the network”. Yet people are in and out all day, popping their memory sticks into the computer …

When will people learn? ::slight_smile:
If you can’t scan with Avira CD, maybe we can guide you to overinstall Windows…
Overinstallation can solve the problem and you won’t lose your programs, settings, data, files, etc.
Just choose ‘Repair’ installation of Windows and install ‘over’ the old installation.

http://support.microsoft.com/default.aspx?scid=kb;EN-US;315341
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q314058
http://www.webtree.ca/windowsxp/repair_xp.htm

Now why didn’t I think of that in the first place? I will give it a go. Many thanks.