The autorun.inf virus is a common kind of virus that infects most computer systems. Tips on how to detect and remove the virus are of essence. Computer users should note that most of the times, this type of virus is spread through the mostly used removable storage devices like Memory Sticks, External HDD’s and USB drives. The spreading of this virus can be clearly illustrated in the steps it usually takes. Firstly, the virus infects the removable drive and as a following step places an autorun.inf file that contains a number of DLL files. In addition, in a few instances the autorun.inf makes a copy onto each and every partition that is on the hard disk of the user. Then, any time that the drive is plugged on a particular system, the autorun file goes on to execute itself and then copy the dlls. In actuality, it makes changes on the registry and then edits a number of startup entries. The next time a user goes to their computer; the activities of the virus will be shown when they restart their PC.
- Create a new folder in the root directory of the removable disk and rename it as “AUTORUN.INF.”
- Create four more folders in the same location and named it as “recycle,” “recycler,” “recycled,” and “setup” respectively.
- Open a command prompt (cmd.exe) and go to the root directory of your removable drive.
- Set the folder attributes using the following DOS command:
attrib autorun.inf /s /d –a +s +r
- Set the privilege level of the folder using the following DOS command:
cacls autorun.inf /c /d administrators
- Select ‘Y’ and press enter when the message, “Are you sure (Y/N)?” is prompted.
- To test it, try to delete, modify, rename, copy, or open the created folder. If you cannot perform any of these functions, then the procedure is successful.
- Task Manager disabled.
- Registry editing disabled.
- Hidden Folder Options.
Note: Some antivirus and antispyware programs flag Autorun Eater as being infected / malware, although the application is perfectly safe and does not pose a threat to your system. This is called a 'false positive'. The term false positive is used when antivirus software wrongly classifies an innocuous (inoffensive) file as a virus. The incorrect detection may be due to heuristics or to an incorrect virus signature in a database. Similar problems can occur with antitrojan or antispyware software.
- W32/Perlovga (copy.exe | host.exe)
- VBS_RESULOWS.A (Hacked by Godzilla, Hacked by Moozilla)
- w32automa worm (Autorun.vbs)
- Trojan.Win32.VB.atg | Win32/Dzan | Worm_vb.bnr (tel.xls.exe | mmc.exe)
- W32/RJump.worm (RavMonE)
- Worm.Win32.Delf.bf | W32.Fujacks (spoclsv.exe)
- W32.Fujacks.BH (Fucker.vbs)
- WORM_AGENT.PGV (soundmix.exe)
- W32/Hakaglan.worm (RVHost.exe)
- Trojan.Win32.VB.ayo [AVP] (Macromedia_Setup.exe)
- Trojan.VBS.DeltreeY.b#1 (Destrukto!!! | destrukto.vbs)