Hi Friends!
Following up from last post, now we are going to delete Autorun virus from infected hard disk.
To give you insight on how they creep into your system, you might be aware of autorun.inf file which comes with CD, USB, DVDs or memory sticks. This file is used to launch the starting program/executable on the removable media, starting icon or any other command. Windows checks for the existence of this file for definition of instructions to be preformed on the media. Now, as understood, this is a simple text-based configuration file, can be written by anyone. The problem comes when it's written by a cracker. It's spelling is different(can trace easily in task manager and read my last blog to delete it in first place). It can lead to making many copies of some files or may install key logger via internet and steal all your key presses(includes your user name, password, card details!).
Here, we are going to delete autorun from hard disk:
Please be cautious as we will be making some changes in the registry. So be careful on which entries are to be deleted.
So let's get going:
Step 1: Boot your system in Safe Mode (while booting Press F8)
Step 2: Delete the following files:
Following up from last post, now we are going to delete Autorun virus from infected hard disk.
To give you insight on how they creep into your system, you might be aware of autorun.inf file which comes with CD, USB, DVDs or memory sticks. This file is used to launch the starting program/executable on the removable media, starting icon or any other command. Windows checks for the existence of this file for definition of instructions to be preformed on the media. Now, as understood, this is a simple text-based configuration file, can be written by anyone. The problem comes when it's written by a cracker. It's spelling is different(can trace easily in task manager and read my last blog to delete it in first place). It can lead to making many copies of some files or may install key logger via internet and steal all your key presses(includes your user name, password, card details!).
Here, we are going to delete autorun from hard disk:
Please be cautious as we will be making some changes in the registry. So be careful on which entries are to be deleted.
So let's get going:
Step 1: Boot your system in Safe Mode (while booting Press F8)
Step 2: Delete the following files:
- %WinDir%\media\arona.exe
- autorun from all drives (say, C:\autorun.exe; refer to my last blog on how to do this)
Step 3: Open Registry Editor. Press Start + R
and Press OK
Step 4: Delete [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System]
DisableTaskMgr = 1
Step 5: Delete [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
NoFolderOptions = 1
Step 6: Delete [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Worms" = "%System%\logon.bat"
Be careful, when you perform the last 3 steps,
Now, reboot your system, your system should work fine now (in most of the cases).
Leave a comment to add something which I have missed.
No comments:
Post a Comment