• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 915
  • Last Modified:

Why F:\autorun.inf always infected by virus?

This is using Sophos anti-virus. One of the USB external HDD - 320GB was found with viruses. I installed Sophos and successfully detected most of the viruses. The main issue now is, whenever I un-plug and plug in the above external  HDD, Sophos always show a virus is detected on autorun.inf file. The file is attributed system, hidden, and read-only. Even I un-hidden these 3 attribs, and eventually deleted it, it re-created itself again.

Any way to delete the virus one for all?
0
Balack
Asked:
Balack
1 Solution
 
tljones00Commented:
The virus isn't on the unpluggable drive after you delete it. It is on your host drive and when you plug it in it copies itself to the removable device. I know this one, it is sorta sneaky. You have a hidden System.exe on there as well right?
0
 
BalackAuthor Commented:
Are you asking whether a hidden file - system.exe located at C:\ drive?
0
 
edbedbCommented:
Your computer is infected with a virus that keeps infecting your f drive. That's how it spreads. You have to do a virus scan on your c drive.
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
BalackAuthor Commented:
I already did the scanning, but yet the above file is always infected.
0
 
tljones00Commented:
What he said ^^^ What you need to do is get a malware scanner like Malwarebytes www.malwarebytes.org This particular one is inactive and some active virus scanners can miss it unless it is agitated by another scanner malwarebytes or others I messed with this one a couple of weeks ago. It is a pain in the butt. You either have to do a full scan by your antivirus, or you have to prod it to activate by malware scanners. The hidden system.exe will be on your removable drive after it is connected. You will find it 5 to 10 minutes after connecting it. I messed with this one a couple weeks ago. If Sophos can't get rid of it, Avast or NOD32 will.
0
 
BalackAuthor Commented:
Did you ever fix the above problem by using NOD32? Is it possible to get a free version from Internet?
0
 
tljones00Commented:
NOD32 will find it if you mess with it with another scanner. I don't know if there is a free version of it (don't think so). Avast has a free version and it will do the same. www.avast.com 
0
 
tljones00Commented:
And I guess to answer the original question, yes.
0
 
BalackAuthor Commented:
Hi tljones00,

Thanks!
0
 
BalackAuthor Commented:
Good.
0
 
Thomas Zucker-ScharffSystems AnalystCommented:
As a followup, I've run into this quite a bit in a computer center.  It infected every USB drive plugged into the network of computers and had to be removed from the host computers on the network then from each USB drive on a machine disconnected from a network and finally from the machines that the users had at home.

A combination of Malwarebytes and superantispyware did the trick in most cases.

In every case a file called player32.exe wrote itself into the autorun file.  I found keeping a copy of the autorun.inf file named something like autorun_inf.org was helpful.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Microsoft Office 2010

This course will introduce you to the interfaces and features of Microsoft Office 2010 Word, Excel, PowerPoint, Outlook, and Access. You will learn about the features that are shared between all products in the Office suite, as well as the new features that are product specific.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now