Link to home
Start Free TrialLog in
Avatar of jxharding
jxharding

asked on

delete autorun.inf (virus) from windows 2003 Users Shared Folders\myusername

hi, i have a virus, autorun.inf, on a users shared folder of Windows 2003 small business server. when i run the antivirus - nod32, it states that the autorun.inf is in use and cannot be checked. this virus picked up that the user shared folder is a flash stick i suppose, so this is the same type of removable storage virus , but it is now on our server.

even when i scan the shared folder from the client machine, it does not pick up the autorun.inf is a virus, although it scans the file

any ideas to remove it please?
Avatar of mkeiwua
mkeiwua
Flag of Kenya image

Hi harding,

Download the unlocker utility Unlocker from : http://ccollomb.free.fr/unlocker/

and then install it. Now right-click autorun.inf and select unlocker. It should show you the processes that are accessing autorun.inf. From the simple menu you can kill the process and simultaneously delete the autorun.inf file.

B Rgds,

Mkeiwua
Avatar of shankarmani
shankarmani

HELLO

FIND THE SOLUTION FROM THE BELOW LINK:
http://www.scribd.com/doc/2353773/Step-By-Step-Manual-Delete-Autorun-Virus

I HOPE IT WILL HELP YOU
try here,

http://www.quickheal.co.in/

They have addressed the autorun issue in their products

Disable autorun on windows systems
http://support.microsoft.com/kb/967715
Avatar of jxharding

ASKER

http://ccollomb.free.fr/unlocker/ - has got a virus that NOD32 picks up when trying to download

http://www.scribd.com/doc/2353773/Step-By-Step-Manual-Delete-Autorun-Virus - tried it, changed the attributes - cant del file

http://www.quickheal.co.in/ - cant install new av , it is on a server with 100+ clients

http://www.troublefixers.com/scan-and-remove-suspicious-autoruninf-with-autorun-eater-virus-removal-tools/  - still need to try this autorun eater

http://support.microsoft.com/kb/967715 - will look into this if autorun eater does not work
Avatar of Sudeep Sharma
Hello jxharding,

Could you please provide the name of the Virus as well, that would help us in determining the ways to block it/remove it.

What I know is that we would need to stop this virus from propagating.

Thanks and Regards,
Sudeep
Hello jxharding,
Using CMD to Remove Autorun.inf Virus from the System & Removable Drives
Method One

 * Open command line (CMD) and write the following:
del /a:rhs [driveletter]:autorun.inf
Simply Replace  [driveletter] with your drive. If the virus is on the D drive the commad will be

del /a:rhs D:autorun.inf
Restart the computer & Done.

Second Method

Genreally when you refresh the windows explorer view a bounded virus process recreates this file. This file is attached to many events of windows explorer including OPEN, REFRESH, etc.
You must close opened explorer windows.

1. Open up a command prompt (i.e. cmd.exe) >> to load it go to Run, type cmd, enter.
2. Now to remove virus’s attributes (in order to delete it type following line by line and execute them pressing enter.

F:
F:attrib -s -r -h *.*
If there are any malicious EXE files those are now visible so if unnecessary delete them too.

F:del autorun.inf

3. After finishing above, quickly remove the pendrive as soon as posible (just after executing del command).
4. Now your pen is without virus activation config. file. Now you can safely delete unnecessary EXE files on it.

Method Third

    * Download Flash_Disinfector.exe and save it to your desktop.
       (http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe)
    * Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
    * The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone.
    * Please do so and allow the utility to clean up those drives as well.
    * Wait until it has finished scanning and then exit the program.
    * Reboot your computer when done.

Note: Flash_Disinfector will remove any autorun.inf files, create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don’t delete this folder. It will help protect your drives from future infection.

Read more: http://inforids.com/remove-autoruninf-virus-completly-from-system-flash-drives/#ixzz0j111IQmX

====================Alternatively=====================

Autorun.inf virus actually spread mainly from portable media such as USB drives, Memory Cards etc. If you are a victim of this virus then you may experience following problems:

[1] You can’t enable “Show Hidden Files and Folders”

[2] Task Manager will be disabled and you can’t open it.

[3] Autorun.inf can enable more viruses when portable devices are used.

[4] Access to Registry Editor will be locked.

[5] It can open the drives in new window each time when you try to open them.

When an infected device is infected with a malware and an ‘autorun.inf’ file is dropped, the shell menu is normally modified to execute the malware whenever the unsuspecting user double-clicks the infected drive. Actually Autorun.inf changes few entries on the registry of your system, and you can’t restore those manually as access to the Registry Editor already disabled by this virus.

So, it’s a real problem if you are affected with this virus. Normally, popular antivirus software often fails to detect and remove Autorun.inf completely. To get rid of this, you can try a nice FREE utility called AutorunEater. It’s a very fast and easy to use tool and helps you to remove Autorun.inf and restore all registry changes.

Autorun Eater will remove any suspicious ‘autorun.inf’ files even before the user attempts to access the drive.
(http://www.softpedia.com/progDownload/Autorun-Eater-Download-85585.html) - Autorun Eater 2.4

One Important Point I would like to tell you  that some antivirus and antispyware programs may show ‘false positive‘ behaviour which means they can flag Autorun Eater as being infected/malware, although the application is perfectly safe and does not pose a threat to your system. If you already have other antivirus or anti-malware installed then they can detect AutorunEater as virus, just ignore this. Also you can disable and exit all antivirus program installed on your system before running AutorunEater.

Read more: http://inforids.com/remove-autoruninf-virus-easily/#ixzz0j1ETqdVV
ASKER CERTIFIED SOLUTION
Avatar of Sudeep Sharma
Sudeep Sharma
Flag of India image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial