AutoRun is a extra ordinary features in the Windows operating system that enables the media like CD ROMs, USB devices, Portable Hard Disk, DVDs, Memory Sticks etc to automatically launch the programs stored in them. This only happened only due to presents of autorun.inf file in the root directory of the media like CD ROMs or USB Devices and it contains the command that executed as you have to insert your media device. You generally find this type of autorun.inf file on installation CDs and DVDs.
AutoRun is generally open with AutoPlay that is introduced in Windows XP. Though the Microsoft favors it to be says that it is useful feature, there are several viruses and Malware that abuse the autorun.inf to spread itself.
How to delete AutoRun Virus?
1. Disable System Restore in all Drives. To do this go to
Control Panel >>>System>>>Choose System Restore>>>Check the option Turn off System restore on all drives.
2. Clear all temporary internet files in your browser.
3. Then do Disk Cleanup of all drive on your PC. For this go to Start>>All Programe>>Accessories>>System Tool>>Disk Cleanup.
4. Choose the drive that you want to clean up and click ok. Once the one drive is clean than go to another Drive.
AutoRun viruses contain three types of file 1. autorun.inf 2. kavo.exe 3. ntdelect.com
They all are hidden file and they disable the show hidden file and folder option s o that you can never see them.
How to delete autorun.inf and ntdelect.com?
1. Start>>Run>>cmd>>Enter
2. Check these file in all drive using command >>>Type dir c:\
3. This will list all system and exe file.
4. Look out autorun.inf and ntdelect.com files.
5. Disable hidden system and read only attributes for these file by typing
attrib –s-h-r c:\autorun.inf
attrib –s-h-r c:\ntdelect.com
6. Then delete this file by typing
del c:\autorun.inf
del c:\ntdelect.com
Make sure that you have to delete only the ntdelect.com not a ntdetect.com which is system file.
Repeat all steps for all drives.
For delete kavo.exe file
attrib –s -h –r c:\windows\system32\kavo.exe
del c:\windows\system32\kavo.exe
Enable Show Hidden files and Folder Option
Open notepad copy and paste following code and save it as “showhidden.reg” file.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"Text"="@shell32.dll,-30500"
"Type"="radio"
"CheckedValue"=dword:00000001
"ValueName"="Hidden"
"DefaultValue"=dword:00000002
"HKeyRoot"=dword:80000001
"HelpID"="shell.hlp#51105"
Double click on saved file to modify the registry.
Source : http://mrsupport.blogspot.com/
AutoRun is generally open with AutoPlay that is introduced in Windows XP. Though the Microsoft favors it to be says that it is useful feature, there are several viruses and Malware that abuse the autorun.inf to spread itself.
How to delete AutoRun Virus?
1. Disable System Restore in all Drives. To do this go to
Control Panel >>>System>>>Choose System Restore>>>Check the option Turn off System restore on all drives.
2. Clear all temporary internet files in your browser.
3. Then do Disk Cleanup of all drive on your PC. For this go to Start>>All Programe>>Accessories>>System Tool>>Disk Cleanup.
4. Choose the drive that you want to clean up and click ok. Once the one drive is clean than go to another Drive.
AutoRun viruses contain three types of file 1. autorun.inf 2. kavo.exe 3. ntdelect.com
They all are hidden file and they disable the show hidden file and folder option s o that you can never see them.
How to delete autorun.inf and ntdelect.com?
1. Start>>Run>>cmd>>Enter
2. Check these file in all drive using command >>>Type dir c:\
3. This will list all system and exe file.
4. Look out autorun.inf and ntdelect.com files.
5. Disable hidden system and read only attributes for these file by typing
attrib –s-h-r c:\autorun.inf
attrib –s-h-r c:\ntdelect.com
6. Then delete this file by typing
del c:\autorun.inf
del c:\ntdelect.com
Make sure that you have to delete only the ntdelect.com not a ntdetect.com which is system file.
Repeat all steps for all drives.
For delete kavo.exe file
attrib –s -h –r c:\windows\system32\kavo.exe
del c:\windows\system32\kavo.exe
Enable Show Hidden files and Folder Option
Open notepad copy and paste following code and save it as “showhidden.reg” file.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"Text"="@shell32.dll,-30500"
"Type"="radio"
"CheckedValue"=dword:00000001
"ValueName"="Hidden"
"DefaultValue"=dword:00000002
"HKeyRoot"=dword:80000001
"HelpID"="shell.hlp#51105"
Double click on saved file to modify the registry.
Source : http://mrsupport.blogspot.com/
0 comments:
Post a Comment