Balack
asked on
Why F:\autorun.inf always infected by virus?
This is using Sophos anti-virus. One of the USB external HDD - 320GB was found with viruses. I installed Sophos and successfully detected most of the viruses. The main issue now is, whenever I un-plug and plug in the above external HDD, Sophos always show a virus is detected on autorun.inf file. The file is attributed system, hidden, and read-only. Even I un-hidden these 3 attribs, and eventually deleted it, it re-created itself again.
Any way to delete the virus one for all?
Any way to delete the virus one for all?
The virus isn't on the unpluggable drive after you delete it. It is on your host drive and when you plug it in it copies itself to the removable device. I know this one, it is sorta sneaky. You have a hidden System.exe on there as well right?
ASKER
Are you asking whether a hidden file - system.exe located at C:\ drive?
Your computer is infected with a virus that keeps infecting your f drive. That's how it spreads. You have to do a virus scan on your c drive.
ASKER
I already did the scanning, but yet the above file is always infected.
What he said ^^^ What you need to do is get a malware scanner like Malwarebytes www.malwarebytes.org This particular one is inactive and some active virus scanners can miss it unless it is agitated by another scanner malwarebytes or others I messed with this one a couple of weeks ago. It is a pain in the butt. You either have to do a full scan by your antivirus, or you have to prod it to activate by malware scanners. The hidden system.exe will be on your removable drive after it is connected. You will find it 5 to 10 minutes after connecting it. I messed with this one a couple weeks ago. If Sophos can't get rid of it, Avast or NOD32 will.
ASKER
Did you ever fix the above problem by using NOD32? Is it possible to get a free version from Internet?
NOD32 will find it if you mess with it with another scanner. I don't know if there is a free version of it (don't think so). Avast has a free version and it will do the same. www.avast.com
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi tljones00,
Thanks!
Thanks!
ASKER
Good.
As a followup, I've run into this quite a bit in a computer center. It infected every USB drive plugged into the network of computers and had to be removed from the host computers on the network then from each USB drive on a machine disconnected from a network and finally from the machines that the users had at home.
A combination of Malwarebytes and superantispyware did the trick in most cases.
In every case a file called player32.exe wrote itself into the autorun file. I found keeping a copy of the autorun.inf file named something like autorun_inf.org was helpful.
A combination of Malwarebytes and superantispyware did the trick in most cases.
In every case a file called player32.exe wrote itself into the autorun file. I found keeping a copy of the autorun.inf file named something like autorun_inf.org was helpful.