Monday, August 4, 2008

Remove Autorun.inf can't view hidden files

Recently i found that a virus(may be javascript virus) which detected as autorun.inf prevent our system to view hidden files. Not like brontox which disable task manager and make folder option dissapear.

If you face the problems listed below your system might have the autorun.inf virus:

  • can't view hidden files
  • can't open pendrive normally
  • can't sign in to YM(Yahoo messenger)
  • Firefox can't be open, or just last for 1 or 2 minutes before dissapearing
  • internet explorer can't connect to the internet
There are several ways to overcome this problems.

ANTIVIRUS: so far bitdefender 2008 and avg can detect those virus. The link given will redirect you to the official download site. to stay in this page right click and select open link in new tab/window.

download avg at the official site
download bitdefender 2008
(please update after installing the antivirus.)

MY way:

I use different way to remove the virus:

1. click Start>run and type cmd, after that click run,

after the black box appear(command prompt), copy the code below, copy all and paste anywhere in the black box,
if you are unable to right click and paste, just left click and press Ctrl+V.

@echo off
cls

if exist c:\autorun.inf attrib -h -a -s -r c:\autorun.inf
if exist d:\autorun.inf attrib -h -a -s -r d:\autorun.inf
if exist e:\autorun.inf attrib -h -a -s -r e:\autorun.inf
if exist f:\autorun.inf attrib -h -a -s -r f:\autorun.inf

REM Replace with harmless autorun.inf
REM
if exist c:\autorun.inf echo "[autorun]" c:\autorun.inf
if exist d:\autorun.inf echo "[autorun]" d:\autorun.inf
if exist e:\autorun.inf echo "[autorun]" e:\autorun.inf
if exist f:\autorun.inf echo "[autorun]" f:\autorun.inf

REM Make it read-only to prevent trojan from replacing its own copy.
REM
if exist c:\autorun.inf attrib +r c:\autorun.inf
if exist d:\autorun.inf attrib +r d:\autorun.inf
if exist e:\autorun.inf attrib +r e:\autorun.inf
if exist f:\autorun.inf attrib +r f:\autorun.inf

if exist c:\auto.exe attrib -h -a -s -r c:\auto.exe
if exist d:\auto.exe attrib -h -a -s -r d:\auto.exe
if exist e:\auto.exe attrib -h -a -s -r e:\auto.exe
if exist f:\auto.exe attrib -h -a -s -r f:\auto.exe

if exist c:\auto.exe echo "0"c:\auto.exe
if exist d:\auto.exe echo "0"d:\auto.exe
if exist e:\auto.exe echo "0"e:\auto.exe
if exist f:\auto.exe echo "0"f:\auto.exe

if exist c:\auto.exe attrib +r c:\auto.exe
if exist d:\auto.exe attrib +r d:\auto.exe
if exist e:\auto.exe attrib +r e:\auto.exe
if exist f:\auto.exe attrib +r f:\auto.exe

Run Hijack this to remove all unwanted trojans related to
"Generic.PWS.j"
Check the below files to get some ideas which files are related to
this trojan.
There may be additional files, and these files are created in series,
thus u could include latest
*.EXE and *.DLL files found in C:\WINNT (or C:\WINDWS) with respect
to the timestamp of files below.

"DIR /D C:\WINNT"
"DIR /D C:\WINNT\SYSTEM32"

Save this below text file in your local drive before reboot to safe
mode command-line

REM Deletion of the core trojan files:
REM

c:
cd %windir%
if exist DiskMan32.exe attrib -h -a -s -r DiskMan32.exe
if exist Kvsc3.exe attrib -h -a -s -r Kvsc3.exe
if exist AVPSrv.exe attrib -h -a -s -r AVPSrv.exe
if exist mppds.exe attrib -h -a -s -r mppds.exe
if exist MsIMMs32.exe attrib -h -a -s -r MsIMMs32.exe
if exist NVDispDrv.exe attrib -h -a -s -r NVDispDrv.exe
if exist cmdbcs.exe attrib -h -a -s -r cmdbcs.exe
if exist upxdnd.exe attrib -h -a -s -r upxdnd.exe
if exist DbgHlp32.exe attrib -h -a -s -r DbgHlp32.exe
if exist msccrt.exe attrib -h -a -s -r msccrt.exe

if exist DiskMan32.exe del DiskMan32.exe
if exist Kvsc3.exe del Kvsc3.exe
if exist AVPSrv.exe del AVPSrv.exe
if exist mppds.exe del mppds.exe
if exist MsIMMs32.exe del MsIMMs32.exe
if exist NVDispDrv.exe del NVDispDrv.exe
if exist cmdbcs.exe del cmdbcs.exe
if exist upxdnd.exe del upxdnd.exe
if exist DbgHlp32.exe del DbgHlp32.exe
if exist msccrt.exe del msccrt.exe

c:
cd %windir%
cd system32

if exist mppds.dll attrib -h -a -s -r mppds.dll
if exist upxdnd.dll attrib -h -a -s -r upxdnd.dll
if exist DiskMan32.dll attrib -h -a -s -r DiskMan32.dll
if exist cmdbcs.dll attrib -h -a -s -r cmdbcs.dll
if exist Kvsc3.dll attrib -h -a -s -r Kvsc3.dll
if exist DbgHlp32.dll attrib -h -a -s -r DbgHlp32.dll
if exist AVPSrv.dll attrib -h -a -s -r AVPSrv.dll
if exist MsIMMs32.dll attrib -h -a -s -r MsIMMs32.dll
if exist NVDispDrv.dll attrib -h -a -s -r NVDispDrv.dll
if exist msccrt.dll attrib -h -a -s -r msccrt.dll

if exist mppds.dll del mppds.dll
if exist upxdnd.dll del upxdnd.dll
if exist DiskMan32.dll del DiskMan32.dll
if exist cmdbcs.dll del cmdbcs.dll
if exist Kvsc3.dll del Kvsc3.dll
if exist DbgHlp32.dll del DbgHlp32.dll
if exist AVPSrv.dll del AVPSrv.dll
if exist MsIMMs32.dll del MsIMMs32.dll
if exist NVDispDrv.dll del NVDispDrv.dll
if exist msccrt.dll del msccrt.dll



after that you need to install portable antivirus,

download now(via softpedia.com)
-- this is a setup file which will install portable antivirus into you computer
or
you can protect your pendrive by download th standalone file and put it into your pendrive.
download standalone
download at the official site

after installing portable antivirus, scan until complete. after that under the task click repair modified registry, you will be prompt and click yes.

restart and i hope it work.=)

0 comments:

Post a Comment