Step by Step Manual Delete 'Autorun' Virus
Step by Step Manual Delete 'Autorun' Virus
post 'how to disable autorun.inf to prevent virus attack computer ' .I don't
know either they want to get the preventive action or need to find the
solution that computer infected by autorun virus.Here i will conclude my
solution or method to help all of you.(i use this solution help my friend to
'kill' these virus and worked).
Now all the temporary internet files clean up already.Normally autorun virus
are caused by flash memory or other removable devices to transfer,save
file from one computer to another computer,these autorun virus have three
execute file,kavo.exe,autorun.inf and ntdelect.com .
These 3 files all are hidden files,they will disable or hidden your folder
option 'show hidden files and folder' and make you can't run in 'show
hidden files and folder',then you can't search for these 3 files in window
and deleted it (very clever,isn't ?).
step 1 - Click 'Start' -> 'Run' ->key in 'cmd',then 'Enter',it will show
command prompt,
step 2 - Check every drive (C,D,E,...).If you wanted to check the Cdrive,
key in dir c:\ /a/w in command prompt.
step 3 - All the system and exe.files will show up in the command
prompt,please check is there any autorun.inf and ntdeleted.com
inside.Before delete these 2 files.we need to disable 'hidden','system' and
'read only' attributes.
For D drive
attrib -s -h -r d:\autorun.inf
attrib -s -h -r d:\ntdelect.com
step 4 - after disable the attributes,then start to manual delete these 2 files.
(Be careful don't key in ntdetect.com,the actual virus file is ntdelect.com.
ntdetect.com is important start up system file,you will know what will
happen if deleted ntdetect.com)
C drive key in
del c:\autorun.inf
del c:\ntdelect.com
D drive key in
del d:\autorun.inf
del d:\ntdelect.com
step 5 - After manual delete 'autorun.inf' and 'ntdelect.com',the next step is
'kavo.exe'.You need to delete kavo.exe file in C:\windows\system32\
.Repeat the step 3 to step 4 to disable the attributes and delete the file
procedures,key in
attrib -s -h -r c:\windows\system32\kavo.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"Text"="@shell32.dll,-30500"
"Type"="radio"
"CheckedValue"=dword:00000001
"ValueName"="Hidden"
"DefaultValue"=dword:00000002
"HKeyRoot"=dword:80000001
"HelpID"="shell.hlp#51105"