Autorun.inf Registry Editing has been disabled by your administrator
Posted on 2009-04-17
JEEEEZZZZ Thanks for looking at my question. Once again a relative "newby". We apparently have been attacked by a "new" strain of the autorun.inf virus. This one has attacked our server that Citrix runs on. It has disabled the task manager and regedit abilities. Through "group policy" I can get the task manager to work. However no matter what I do, regedit will not. I have tried MULTIPLE fixes I have found on this great site, but none have worked. Several variations of "Regeditenable.vbs" type things. Nothing. What this is doing is not allowing .exe files to run. For instance our QuickBooks Pro is running on this server, you try to open and it just goes away and shows an error in the event log.
Additionally, this server WILL NOT boot in safe mode. You can choose all variations but it ends up booting normally.
This is a Server2003 box, we're running Citrix Metaframe 4.0 I believe is the version. Also we are using "Vipre Enterprise" on our network as well. It detected the autorun virus, but apparently can't remove it. IN talking to "Sunbelt Software" the makers of Vipre, they have requested logs and are going over them now as we speak and say that they haven't "Seen" this one before.
I'm sure I'm leaving something pertinent out. I'm about "fried", been at this for nearly 2 days solid with only about 5 hours of sleep! HELP!