Skip to main content

How to remove trojans that uses autorun.inf file?

Step1: Remove autorun.inf files from all your drives, include any usb/flash drives.
1. Manually:

Reboot your PC in Safe mode.

1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.

Click Start -> Run.
In the type box enter cmd and press Enter.
In the command console type del /a:h /f c:\autorun.*
Repeat previous step to all drives, make replacing “c” with the appropriate drive letter.
2. Automatically.

Download Flash_Disinfector by sUBs and save it to your desktop.
Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone.
Please do so and allow the utility to clean up those drives as well.
Wait until it has finished scanning and then exit the program.
Reboot your computer when done.

Step 2: Remove autorun.inf trojan from the windows registry.
Download and install HijackThis.
Run HijackThis and scan, put a checkmark next to the following items (if exists):

F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe
O4 - HKLM\..\Run: [SystemDrive] c:\windows\system32\SVCH0ST.EXE
O4 - HKCU\..\Run: [avp] C:\WINDOWS\system32\avp.exe
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [kxva] C:\WINDOWS\system32\kxvo.exe
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
O4 - HKCU\..\Run: [tava] C:\WINDOWS\system32\tavo.exe
O4 - HKCU\..\Run: [TaskMonitor] C:\WINDOWS\system32\TaskMonitor.exe
O4 - HKCU\..\Run: [Realshade] C:\WINDOWS\system32\realshade.exe
O4 - HKCU\..\Run: [cftmonn] C:\WINDOWS\system32\cftmonn.exe
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\kamsoft.exe
O4 - HKCU\..\Run: [vamsoft] C:\WINDOWS\system32\vamsoft.exe
O4 - HKCU\..\Run: [kmmsoft] C:\WINDOWS\system32\revo.exe
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O4 - HKCU\..\Run: [cbvcs] C:\WINDOWS\system32\urretnd.exe
O4 - HKCU\..\Run: [jvsoft] C:\WINDOWS\system32\j3ewro.exe
O4 - HKCU\..\Run: [ckvo] c:\windows\system32\ckvo.exe
O4 - HKLM\..\Run: [winconfig] C:\WINDOWS\winconfig.dll.vbs
O4 - HKLM\..\Policies\Explorer\Run: [csrcs] C:\WINDOWS\system32\csrcs.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

Now close all browser and other windows except for HijackThis, and click “Fix Checked” to have HijackThis fix the entries you checked.

Step 3: Remove autorun.inf trojans files.
Download Avenger from here and unzip to your desktop.
Run Avenger, copy,then paste the following text in Input script Box:
Files to delete:
c:\0jbnlnu8.exe
C:\11rhbu.cmd
c:\1q8p0y.com
C:\2fiy.bat
c:\2g.com
C:\32agsg.exe
c:\39ysi89.com
c:\3jkka91.com
c:\6fnlpetp.exe
C:\6fnlpetp.exe
C:\6j2j.com
C:\8.bat
c:\80avp08.com
C:\8ng8w.com
c:\92j11sm.com
c:\a.exe
C:\a2h2.com
c:\ampfrb.cmd
c:\as.bat
c:\AutoRun\autorun.pif
c:\AutoRun\AutoStart.exe
c:\AutoRun\AutoStart.exe
C:\AutoProtect\DrvMonitor.exe
c:\awda2.exe
c:\bo1dhu.bat
C:\bwpncb6.com
c:\boot.exe
c:\cjrp8.com
c:\clshsy.cmd
C:\d1vmq.exe
C:\d6fagcs8.cmd
c:\dp.exe
C:\e.cmd
C:\eaywxx.cmd
C:\f9cvum.exe
C:\fooool.exe
c:\fun.xls.exe
C:\gbiehbsb.dll
C:\gfqgq.cmd
C:\gi2ky.exe
C:\gldegkby.cmd
c:\gumkrhf.bat
C:\qxty9be.cmd
C:\gy.exe
c:\h3.bat
c:\hbs.exe
c:\ioockw.bat
C:\ij.bat
C:\imo.exe
c:\invwft2h.com
C:\ioockw.bat
c:\iqe68o.bat
C:\j60osk9.cmd
C:\jeorels.cmd
c:\jg6w3yx.com
c:\killVBS.vbs
c:\kinza.exe
C:\kjibu.com
c:\ktnquo.exe
c:\m9ma.exe
c:\main.vbs
c:\MicrosoftPowerPoint.exe
c:\NewVirusRemoval.vbs
c:\nfdmg.com
C:\ntde1ect.com
c:\ntnq.exe
c:\nw0t1l0d.exe
c:\o0s.cmd
c:\phwe.com
C:\pook.com
c:\q0rppr.exe
C:\qphdin.com
C:\rcukd.cmd
c:\Recycled\ctfmon.exe
c:\resycled\boot.com
c:\RECYCLED\appmgmt.exe
C:\rqq2v.bat
c:\rs.cmd
C:\sq.com
C:\system.exe
c:\System\DriveGuard\DriveProtect.exe
C:\t.com
C:\tio8x6.cmd
c:\tj8odymw.exe
C:\tjjqtejq.bat
C:\tvlx2fg.exe
c:\uh31.exe
c:\usbcash.exe
c:\USBFlash.exe
C:\uvsqfgwd.cmd
c:\uxdeiect.com
c:\vnkucvv.com
c:\VirusCleaner.vbe
c:\VirusRemoval.vbs
c:\w1hva13.exe
C:\x0.cmd
c:\x2tpc.cmd
c:\xa2c.exe
C:\x.com
C:\x.cmd
C:\x2csvg.exe
C:\xih9.cmd
C:\xn1i9x.com
C:\xp19.com
c:\xpq63xl.exe
c:\xwpehlv.com
c:\yfog8p.exe
C:\yg.cmd
c:\yssjnngm.cmd
C:\w98.com
%Temp%\dwg3gngs.exe
%Temp%\kxvo.exe
%Temp%\new folder\ufjtre.exe
%Temp%\o2g.exe
%Temp%\ufjtre.exe
%Windir%\expiorer.exe
%windir%\system32\afmain0.dll
%Windir%\system32\amvo.exe
%Windir%\system32\avp.exe
%windir%\system32\avpo.exe
%Windir%\system32\Bitkv0.dll
%Windir%\system32\Bitkv1.dll
%Windir%\system32\cftmonn.exe
%Windir%\system32\ckvo0.dll
%Windir%\system32\ckvo.exe
%windir%\system32\expiorer.exe
%Windir%\system32\gasretyw0.dll
%Windir%\system32\gasretyw1.dll
%windir%\system32\haozs0.dll
%Windir%\system32\j3ewro.exe
%Windir%\system32\jwedsfdo0.dll
%Windir%\system32\kamsoft.exe
%Windir%\system32\kavo0.dll
%Windir%\system32\kavo1.dll
%Windir%\system32\kavo.exe
%Windir%\system32\kxvo.exe
%windir%\system32\locale.exe
%windir%\system32\nmdfgds1.dll
%windir%\system32\nmdfgds0.dll
%windir%\system32\olhrwef.exe
%windir%\system32\optyhww0.dll
%windir%\system32\optyhww1.dll
%Windir%\system32\RavMon.exe
%Windir%\system32\realshade.exe
%Windir%\system32\revo.exe
%Windir%\system32\revo1.dll
%Windir%\system32\revo2.dll
%Windir%\system32\revo6.dll
%Windir%\system32\revo5.dll
%Windir%\system32\revo4.dll
%Windir%\system32\revo3.dll
%Windir%\system32\SCVVHSOT.exe
%Windir%\System32\taskmagr.exe
%Windir%\system32\TaskMonitor.exe
%Windir%\system32\tavo0.dll
%Windir%\system32\tavo1.dll
%Windir%\system32\tavo.exe
%Windir%\system32\urretnd.exe
%Windir%\system32\usbmons.exe
%Windir%\system32\usbmons.dll
%Windir%\system32\vamsoft.exe
%Windir%\system32\vbsdfe0.dll
%Windir%\system32\vbsdfe1.dll
%Windir%\system32\wincab.sys
%Windir%\winconfig.dll.vbs

Then click on ‘Execute’.
Your computer will be reloaded.
Note: if you still having any files with strange names, then manually remove them.

Labels:

Comments

Post a Comment

Popular posts from this blog

MECHANICAL PROJECTS DOWNLOADS

Robotics Projects How to build a Robot Robot Basics Solar Energy Projects Solar Energy (pdf) Solar Energy Scien ce Projects Solar Solar2 Solar Compressor Solar Power Air Compresso r Uses of Solar Power Air Compressor Hovercraft Hovercraft definition by wiki : click h ere It would be awesome if you designed a hover car based on the hover board designs. How to Build my Own hovercraft? What is hovercraft? Vaccum cleaner powered , Large simple HoverCraft How do I build my flying hovercraft (pdf) Make your own Hovercraft Build a riding Hovercraft Helpful Videos Helpful links : Vaccum cleaner powered , Large simple HoverCraft How do I build my flying hovercraft (pdf) Make your own Hovercraft Build a riding Hovercraft Stirling Engine Stirling engine definition by wiki : click here Frequently Asked Question : Q1.How can Stirling engine generate electric Po wer? Ans1.A Stirling engine generates mechanical torque directly from heat through the operation of the Stirling cycle on a worki...
2 comments
Read more

How to Create Animated Avatars through Online for Own photosHow to Create Animated Avatars through Online for Own photos

How to Create Animated Avatars through Online for Own photos Loogix.com is a website for creating our own photos using online. so you can be used to create GIF animations online. You can upload your photos to create animated avatars which you can use in your Online profiles. This free online GIF animator adds animations to your photos making them look different. The created animated photos can be saved to your computer and can be shared online on Orkut, Facebook, MySpace etc. You can even embed them any where using the generated HTML code. for creating this kind of aviators go to To create GIF animations to your images / Photos.. Click “Browse” to upload your photos. Select size and speed. Click “Generate Animation”. The Animated avatars can have effects like Recursion, Motley, Movie, Guggle, Black White, Explosion, Swirl, Radial Blur, Blur, Zoom, Negative, Painting, Brothel, Movement. Go to Loogix and create your own funny animated GIF avatars .
Post a Comment
Read more

IT CALL CENTER FOR FUN

1 ) Tech Support : “I need you to right-click on the Open Desktop.” Customer : “Ok.” Tech Support : “Did you get a pop-up menu?” Customer : “No.” Tech Support : “Ok. Right click again. Do you see a pop-up menu?” Customer : “No.” Tech Support : “Ok, sir. Can you tell me what you have done up until this point?” Customer : “Sure, you told me to write ‘click’ and I wrote ‘click’.” ———— ——— ——— ——— - 2) Customer : “I received the software update you sent, but I am still getting the same error message.” Tech Support : “Did you install the update?” Customer: “No. Oh, am I supposed to install it to get it to work?” ———— ——— ——— ——— ——— – 3)Customer : “I’m having trouble installing Microsoft Word.” Tech Support : “Tell me what you’ve done.” Customer : “I typed ‘A: SETUP’.” Tech Support : “Ma’am, remove the disk and tell me what it says.” Customer : “It says ‘[PC manufacturer] Restore and Recovery disk’.” Tech Support : “Insert the MS Word setup disk.” Customer : “What?” Tech Support: “Did you ...
Post a Comment
Read more