Skip to main content

How to remove trojans that uses autorun.inf file?

Step1: Remove autorun.inf files from all your drives, include any usb/flash drives.
1. Manually:

Reboot your PC in Safe mode.

1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.

Click Start -> Run.
In the type box enter cmd and press Enter.
In the command console type del /a:h /f c:\autorun.*
Repeat previous step to all drives, make replacing “c” with the appropriate drive letter.
2. Automatically.

Download Flash_Disinfector by sUBs and save it to your desktop.
Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone.
Please do so and allow the utility to clean up those drives as well.
Wait until it has finished scanning and then exit the program.
Reboot your computer when done.

Step 2: Remove autorun.inf trojan from the windows registry.
Download and install HijackThis.
Run HijackThis and scan, put a checkmark next to the following items (if exists):

F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe
O4 - HKLM\..\Run: [SystemDrive] c:\windows\system32\SVCH0ST.EXE
O4 - HKCU\..\Run: [avp] C:\WINDOWS\system32\avp.exe
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [kxva] C:\WINDOWS\system32\kxvo.exe
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
O4 - HKCU\..\Run: [tava] C:\WINDOWS\system32\tavo.exe
O4 - HKCU\..\Run: [TaskMonitor] C:\WINDOWS\system32\TaskMonitor.exe
O4 - HKCU\..\Run: [Realshade] C:\WINDOWS\system32\realshade.exe
O4 - HKCU\..\Run: [cftmonn] C:\WINDOWS\system32\cftmonn.exe
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\kamsoft.exe
O4 - HKCU\..\Run: [vamsoft] C:\WINDOWS\system32\vamsoft.exe
O4 - HKCU\..\Run: [kmmsoft] C:\WINDOWS\system32\revo.exe
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O4 - HKCU\..\Run: [cbvcs] C:\WINDOWS\system32\urretnd.exe
O4 - HKCU\..\Run: [jvsoft] C:\WINDOWS\system32\j3ewro.exe
O4 - HKCU\..\Run: [ckvo] c:\windows\system32\ckvo.exe
O4 - HKLM\..\Run: [winconfig] C:\WINDOWS\winconfig.dll.vbs
O4 - HKLM\..\Policies\Explorer\Run: [csrcs] C:\WINDOWS\system32\csrcs.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

Now close all browser and other windows except for HijackThis, and click “Fix Checked” to have HijackThis fix the entries you checked.

Step 3: Remove autorun.inf trojans files.
Download Avenger from here and unzip to your desktop.
Run Avenger, copy,then paste the following text in Input script Box:
Files to delete:
c:\0jbnlnu8.exe
C:\11rhbu.cmd
c:\1q8p0y.com
C:\2fiy.bat
c:\2g.com
C:\32agsg.exe
c:\39ysi89.com
c:\3jkka91.com
c:\6fnlpetp.exe
C:\6fnlpetp.exe
C:\6j2j.com
C:\8.bat
c:\80avp08.com
C:\8ng8w.com
c:\92j11sm.com
c:\a.exe
C:\a2h2.com
c:\ampfrb.cmd
c:\as.bat
c:\AutoRun\autorun.pif
c:\AutoRun\AutoStart.exe
c:\AutoRun\AutoStart.exe
C:\AutoProtect\DrvMonitor.exe
c:\awda2.exe
c:\bo1dhu.bat
C:\bwpncb6.com
c:\boot.exe
c:\cjrp8.com
c:\clshsy.cmd
C:\d1vmq.exe
C:\d6fagcs8.cmd
c:\dp.exe
C:\e.cmd
C:\eaywxx.cmd
C:\f9cvum.exe
C:\fooool.exe
c:\fun.xls.exe
C:\gbiehbsb.dll
C:\gfqgq.cmd
C:\gi2ky.exe
C:\gldegkby.cmd
c:\gumkrhf.bat
C:\qxty9be.cmd
C:\gy.exe
c:\h3.bat
c:\hbs.exe
c:\ioockw.bat
C:\ij.bat
C:\imo.exe
c:\invwft2h.com
C:\ioockw.bat
c:\iqe68o.bat
C:\j60osk9.cmd
C:\jeorels.cmd
c:\jg6w3yx.com
c:\killVBS.vbs
c:\kinza.exe
C:\kjibu.com
c:\ktnquo.exe
c:\m9ma.exe
c:\main.vbs
c:\MicrosoftPowerPoint.exe
c:\NewVirusRemoval.vbs
c:\nfdmg.com
C:\ntde1ect.com
c:\ntnq.exe
c:\nw0t1l0d.exe
c:\o0s.cmd
c:\phwe.com
C:\pook.com
c:\q0rppr.exe
C:\qphdin.com
C:\rcukd.cmd
c:\Recycled\ctfmon.exe
c:\resycled\boot.com
c:\RECYCLED\appmgmt.exe
C:\rqq2v.bat
c:\rs.cmd
C:\sq.com
C:\system.exe
c:\System\DriveGuard\DriveProtect.exe
C:\t.com
C:\tio8x6.cmd
c:\tj8odymw.exe
C:\tjjqtejq.bat
C:\tvlx2fg.exe
c:\uh31.exe
c:\usbcash.exe
c:\USBFlash.exe
C:\uvsqfgwd.cmd
c:\uxdeiect.com
c:\vnkucvv.com
c:\VirusCleaner.vbe
c:\VirusRemoval.vbs
c:\w1hva13.exe
C:\x0.cmd
c:\x2tpc.cmd
c:\xa2c.exe
C:\x.com
C:\x.cmd
C:\x2csvg.exe
C:\xih9.cmd
C:\xn1i9x.com
C:\xp19.com
c:\xpq63xl.exe
c:\xwpehlv.com
c:\yfog8p.exe
C:\yg.cmd
c:\yssjnngm.cmd
C:\w98.com
%Temp%\dwg3gngs.exe
%Temp%\kxvo.exe
%Temp%\new folder\ufjtre.exe
%Temp%\o2g.exe
%Temp%\ufjtre.exe
%Windir%\expiorer.exe
%windir%\system32\afmain0.dll
%Windir%\system32\amvo.exe
%Windir%\system32\avp.exe
%windir%\system32\avpo.exe
%Windir%\system32\Bitkv0.dll
%Windir%\system32\Bitkv1.dll
%Windir%\system32\cftmonn.exe
%Windir%\system32\ckvo0.dll
%Windir%\system32\ckvo.exe
%windir%\system32\expiorer.exe
%Windir%\system32\gasretyw0.dll
%Windir%\system32\gasretyw1.dll
%windir%\system32\haozs0.dll
%Windir%\system32\j3ewro.exe
%Windir%\system32\jwedsfdo0.dll
%Windir%\system32\kamsoft.exe
%Windir%\system32\kavo0.dll
%Windir%\system32\kavo1.dll
%Windir%\system32\kavo.exe
%Windir%\system32\kxvo.exe
%windir%\system32\locale.exe
%windir%\system32\nmdfgds1.dll
%windir%\system32\nmdfgds0.dll
%windir%\system32\olhrwef.exe
%windir%\system32\optyhww0.dll
%windir%\system32\optyhww1.dll
%Windir%\system32\RavMon.exe
%Windir%\system32\realshade.exe
%Windir%\system32\revo.exe
%Windir%\system32\revo1.dll
%Windir%\system32\revo2.dll
%Windir%\system32\revo6.dll
%Windir%\system32\revo5.dll
%Windir%\system32\revo4.dll
%Windir%\system32\revo3.dll
%Windir%\system32\SCVVHSOT.exe
%Windir%\System32\taskmagr.exe
%Windir%\system32\TaskMonitor.exe
%Windir%\system32\tavo0.dll
%Windir%\system32\tavo1.dll
%Windir%\system32\tavo.exe
%Windir%\system32\urretnd.exe
%Windir%\system32\usbmons.exe
%Windir%\system32\usbmons.dll
%Windir%\system32\vamsoft.exe
%Windir%\system32\vbsdfe0.dll
%Windir%\system32\vbsdfe1.dll
%Windir%\system32\wincab.sys
%Windir%\winconfig.dll.vbs

Then click on ‘Execute’.
Your computer will be reloaded.
Note: if you still having any files with strange names, then manually remove them.

Labels:

Comments

Post a Comment

Popular posts from this blog

6 ways to Recover Deleted Files

Sometimes by Mistake we delete those files which are useful for us. And there is unfortunately no direct way to recover the files in windows which means that we have to rely on third party tools to recover lost files. So am Here posting the 6 way to recover the Files form Windows Easily. 6 ways to Recover Deleted Files 1. Pandora Recovery – Pandora Recovery is a powerful free tool that provides its users an effective way to attempt recovery of permanently deleted files. And that does not mean restoration of a file from Recycle Bin. Pandora Recovery actually recovers files permanently removed from Recycle Bin, files originally deleted using Shift + Delete keys bypassing Recycle Bin and files deleted from DOS prompt. 2. UndeleteMyFiles - UndeleteMyFiles is a quick and easy way to find and recover deleted media and digital devices.It employs a simplified two-step process that enables you recover any files that used to reside on your system. The interface is very easy to...
2 comments
Read more

How to Detect Missing DLL File Errors?

W hen a DLL file is corrupt or missing you may receive an error message similar to the one given below when you run a program that needs to use this DLL file: Cannot find the file Program_Name.exe. In the error message Program_Name represents the name of the program or name of one of its components in which the error occurred. This error message is usually followed by an error message similar to the one given below: Error starting program. A required .DLL file DLL_Name.DLL was not found. Here, DLL_Name is the name of the DLL file that is causing the error. What Causes Missing DLL File Errors? There can be many causes of missing DLL errors. Some of the most common causes are: * An essential system file required by the program you are using has been deleted. This may happen when a program is uninstalled/installed or you have tried to clean up space on the hard disk. * A virus infection has infected the required DLL file. * DLL entries in the Windows registry are...
Post a Comment
Read more

Where does the World's greatest Brand names came from ?

Adobe - came from name of the river Adobe Creek that ran behind thehouse of founder John Warnock. Apache - It got its name because its founders got started by applying patchesto code written for NCSA's httpd daemon. The result was 'A PAtCHy'server -- thus, the name Apache Apple Computers - favorite fruit of founder Steve Jobs. He was three monthslate in filing a name for the business, and he threatened to call his company AppleComputers if the other colleagues didn't suggest a better name by 5 o'clock. CISCO - its not an acronym but the short for San Francisco. Google - the name started as a jokey boast about the amount of informationthe search-engine would be able to search. It was originally named 'Googol',a word for the number represented by 1 followed by 100 zeros. After founders,Stanford grad students Sergey Brin and Larry Page presented their project toan angel investor, they received a cheque made out to 'Google' Hotmail - F...
Post a Comment
Read more