Welcome Guest. Sign in or Signup

13 Answers

vbs.autorun trojan removal instruction

Asked by: 569 views TechSupportPortal

when  a new technology or convenience is sticking on to our industry  ,it is quite natural  that the virus makers use it to exploit our machines.  Flash drives are now a common data storage and transfer medium for even laymans.  so  now most of the virus are focusing on  virus spreading through flash drives.  I am going to dicuss a common trojan known as   autorun virus

 

 

once infected on a specific machine , the virus first disables the folder option in that system.

 

when u plug a flash drive in to ur system the virus copies itself in to the flash drive,   make an autorun.inf in the root driectory of the flash drive and   create a link on that autorun file to the executable  files of the virus

it is creating the autorun.inf because when u insert this flash drive in to another computer the autorun is executed and the virus copies itself in to the next computer.

When the flash memory is plugged in to the affected PC, the virus hides all your document’s folder with the attribute (S & h). then copies the copy of virus’s executable file in the name of your file’s folder and change its icon same as a foLder icon. any one open the flash memory Will double click those executable virus file thinking it as his file’s folder.

 

your trusty antivirus will remove the executable files of this virus  but normally will not remove the autorun files ot modify the registry values . so u have to do it manually. here is how to do it

Run Task Manager (Ctrl-Alt-Del or right click on Taskbar)

Stop wscript.exe process if available by highlighting the process name and clicking End Process.

Then terminate explorer.exe process.

In Task Manager, click on File -> New Task (Run…).

Type "cmd" (without quotes) into the Open text box and click OK.

Type the following command one by one followed by hitting Enter key:

del c:autorun.* /f /s /q /a
del d:autorun.* /f /s /q /a
del e:autorun.* /f /s /q /a

c, d, e each represents drive letters on Windows system. If there are more drives or partitions available, continue to command by altering to other drive letter. Note that you must also clean the autorun files from USB flash drive or portable hard disk as the external drive may also be infected.

In Task Manager, click on File -> New Task (Run…).

Type "regedit" (without quotes) into the Open text box and click OK.

Navigate to the following registry key:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon

Check if the value name and value data for the key is correct (the value data of userint.exe include the path which may be different than C drive, which is also valid, note also the comma which is also needed):

"Userinit"="C:WINDOWSsystem32userinit.exe,"

If the value is incorrent, modify it to the valid value data.

 

13 Answers

  1. 0 Votes Thumb up 0 Votes Thumb down 0 Votes

    thank you.We expect this type of post again.

    Arun.K.Rajeevan - Nov 30, -0001 | Reply

  2. 0 Votes Thumb up 0 Votes Thumb down 0 Votes

    sir,
    thanx for the informationz…….

    shibu007 - Nov 30, -0001 | Reply

  3. 0 Votes Thumb up 0 Votes Thumb down 0 Votes

    Ya it realy works for me…..

    VIPIN KUMAR.V - Nov 30, -0001 | Reply

  4. 0 Votes Thumb up 0 Votes Thumb down 0 Votes

    thanks for the comment

    Shyamlal - Nov 30, -0001 | Reply

  5. 0 Votes Thumb up 0 Votes Thumb down 0 Votes

    Thank u for the information

    Jeevan100 - Nov 30, -0001 | Reply

  6. 0 Votes Thumb up 0 Votes Thumb down 0 Votes

    welcome to the forum , jeevan

    Shyamlal - Nov 30, -0001 | Reply

  7. 0 Votes Thumb up 0 Votes Thumb down 0 Votes

    thanks, this post very helpful for me.. 🙂

    RAJMOHAN - Nov 30, -0001 | Reply

  8. 0 Votes Thumb up 0 Votes Thumb down 0 Votes

    Thanks sir this info helps me a lot. For the last few months I was struggling to find a solution for this problem.

    ……by using nero you can delete the autorun.inf file open nero and browse to the affected drive, nero will display all hidden files, from there you can delete the autorun file.

    Siyad Thajudeen - Nov 30, -0001 | Reply

  9. 0 Votes Thumb up 0 Votes Thumb down 0 Votes

    Tell me a solution to remove ^& reapair the virus which causes memory reference error like

    The instruction at “0x62304390” reference memory at “0x62304390”. The memory could not be “read”. Click on OK to terminate the program.

    techsavy - Nov 30, -0001 | Reply

  10. 0 Votes Thumb up 0 Votes Thumb down 0 Votes

    r u using ie7 or ie6

    Shyamlal - Nov 30, -0001 | Reply

  11. 0 Votes Thumb up 0 Votes Thumb down 0 Votes

    which is the best n cheap, less memmory consuming antivirus. I used McAfee, but memmory usage is very high.

    Haneef.M.Sherief - Nov 30, -0001 | Reply

  12. 0 Votes Thumb up 0 Votes Thumb down 0 Votes

    Syam sir , this kind of information is very interesting and most valuable…thanx for it…

    kiran3363 - Nov 30, -0001 | Reply

  13. 0 Votes Thumb up 0 Votes Thumb down 0 Votes

    Thanks for the information
    it helps to solve my problem
    but…not all
    In my pc “show hidden files”in folder option is not working
    what i have to do
    can u help me please

    ebykv - Nov 30, -0001 | Reply


Answer Question