I have Windows XP SP2 installed on my laptop, its been infected by a virus, which creates autorun.inf in each of my drives as read-only, hidden and system file attribute being set, and which generates some EXE file and PIF file. I tried some free versions of anti-rootkit, anti-malware, registry scanning softwares but of no use. For most of them it denies installation. I also tried online scanning but it disconnects the process. Then I deleted them using Live Ubuntu running on a bootable USB. But after rebooting the laptop in Windows XP they were autogenerated again. I think the registry is being affected by the virus which is restoring them. I dont want to format my laptop. Earlier the safemode was also being disbled but anyhow I enabled it then, I tried deleting the autorun.inf files from there
Is there any way to check what is causing them to be autogenerate.
- 171
3 Answers
This is a VERY common virus which reproduces itself by making a copy of itself onto any folder it finds in the infected computer.
For the time being open task manager and navigate to Processes tab.
Now stop any process with names 'New Folder.exe' , 'autorun.inf' or 'Recycler'.
If you can't find them or for a permanent solution,
Get a good free antivirus like AVG or ESET NOD 32 and try installing it using command prompt(Run in Administrator mode).
If that turns futile, try installing it and running a scan in safe mode.
I bet the antivirus would detect these files - 'New Folder.exe' , 'autorun.inf' and 'Recycler'.
In the mean time, if your folders get replaced by 'Folder Name.exe' files, don't panic,
Your folders have simply been hidden.
To view hidden folders,
1) In Windows Explorer, choose Tools > Folder Options.
2) Click the View tab in the Folder Options dialog box.
3) In Advanced Settings, select Show Hidden Files And Folders.
4) Deselect Hide Extensions For Known File Types.
5) Click OK.
Now the folder will become visible.
Right click on it --> Deselect Hidden checkbox and click apply.
Your laptop runs a hopelessly insecure version of Windows which is more than 3 years outdated/out of support.
Don't attempt to fix this: REFORMAT and install XP-SP3 as an absolute minimum OS level.
And XP-SP3 will be out of support in April 2014 as well. Keep that in mind.
Trying to safe this installation is beyond stupid. It is completely irresponsible.
- 33,276
I've had success in the past in very similar situations using ComboFix: "ComboFix is a program, created by sUBs, that scans your computer for known malware, and when found, attempts to clean these infections automatically. In addition to being able to remove a large amount of the most common and current malware, ComboFix also displays a report that can be used by trained helpers to remove malware that is not automatically removed by the program."
In a few cases I had to use SmitFraudFix, a similar tool, to get rid of the malware.
I suggest you try both (each one at a time, obviously).
- 133,878
- 7,094