February 10, 2011


Autorun.inf Virus

Removing AUTORUN.INF Virus

There are several viruses that uses the autorun.inf to spread itself such as the Bacalid (hides itself in ctfmon.exe) and the RavMon.EXE. These viruses set its file attributes to System+Hidden+Read-Only attributes so some anti-viruses will have a hard time detecting or finding them. These viruses save itself in the root directory of every available drives of the current infected computer and runs itself every time you Double-Click the drive. In USB Sticks and CDs that are infected by the virus runs automatically especially if drive autorun is enabled for the current drives (which is usually by default, autorun for drives are enabled).
Autorun.INF is usually used by CD Installers to autoplay their installations but Hard disks by default should not have AUTORUN.INF in the drive.

Now, it is possible that your computer is infected by those viruses if you try to display the content of the your computer through command prompt, using the dir /ah command.

Now to erase this, restart your window to Safe Mode Command Prompt. (Do this by rebooting your computer and pressing F8 before windows go out and select from the boot menu). On drive C and other drives type the following commands:

1. attrib -h -r -s autorun.inf 
2. del autorun.inf

Do this steps to other drives to disable the autorun.inf .

Disable AUTORUN from Registry

Now you can disable the AUTORUN for all drives by configuring the registry. Open the registry by typing regedit.exe to the command prompt (if your still at the command prompt) or execute it in Run. Look for the HKEY_CURRENT_USER\Software\ Microsoft\Windows\CurrentVersion\Policies\Explorer

Double-click the NoDriveAutorun DWORD entry and type the value HEX: FF (255 in Decimal). (If the NoDriveAutorun does not exists, you can creat it by right-clicking the right side area of the regedit window, then click New->DWord Value -> type NoDriveAutorun) Close the registry and restart the computer. This procedure will disable all the autorun for all drives of your computer and at least will prevent the autorun function of infected USB drives or CDs and avoid the infection of viruses like the Bacalid and RavMon.exe.


Post a Comment

Related Posts Plugin for WordPress, Blogger...

Search This Blog



There was an error in this gadget
Twitter Delicious Facebook Digg Stumbleupon Favorites More