AUTORUN.INF
Virus type: trojan
file type: bath file(Shell)
--------------------------------------------------------------------------------------------------------
activities :
1: Copy itself to every drive
2 : Corrupt the exe file type
3: Creates exe files like MyProg.exe,and something like mkldgf
-------------------------------------------------------------------------------------------------------
Precaution:
1: Have an an antivirus copy with full update and online scanner.
2: You can even use the antivirus that are freely available*.
---------------------------------------------------------------------------------------------------
Description :
AutoRun itself means that it runs automatically.That is the automatic executable file.for example:when you insert a pendrive the pendrive's autorun explorer open itself.The trojan can copy itself from the pen drive.
you can prevent it by disabling the autorun from your control panel.mostly it is caused due to the pendrive data transfers.
Like the autorun programs "AUTORUN.INF" is executed when we open a folder or a drive.
And then it copies itself with all the drives including the exe files mentioned above.
The autorun file is Hidden so you have therefore you have to see the hidden files(properties >show hidden files (check)>hide operating system protected files(uncheck))
The AUTORUN.INF file can be easily opened in the notepad but cannot be modified because it is write protected.
It cannot be deleted in normal mode,The exe files with it can be.but there is no advantage.cause it can be resurrected within 2 or 3 seconds by itself.
Even if you were able to delete it somehow then if there is any of its exe files remain in the drive it copys its own files again(recover its files).
The most important part of this virus is that whenever you click refresh or go from one drive to another by double clicking the hidden files disappears because this virus hide them.
after copying its contents this virus starts corrupting the exe files(softwares that you've downloaded).
So that even if you format the computer whenever you install some software(corrupted by this virus).This virus gets back into your computer again.
--------------------------------------------------------------------------------------------------------
Cure :
----------------------------------------------------------------------------------------------------------
The simplest one:
1: Download any antivirus and transfer it into pen drive
2: restart computer press f8 or f10.
3: open safe mode normal.
4: view hidden files and folders.
5: Now you can see that you can even manually delete the autorun.inf from all drives and rest of all the exe files with it.
6: intall antivirus from the pendrive.
7: scan the whole computer.
8: open the registry by start > regedit(type in it) > run
9:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System]
DisableTaskMgr = 1
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
NoFolderOptions = 1
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Worms" = "%System%\logon.bat"
10 : After whole scan restart computer in normally.
----------------------------------------------------------------------------------------------------------
The Hardest One:
1: ReInstall the operating system(windows) do not open any files or folders from your drive.
2: Direct install antivirus from internet(you can open control panel to create the internet connection).
3: Update the antivirus fully
4: Run the whole scan of your computer.
5: remove all the threatening files.
------------------------------------------------------------------------------------------------------------
*free antivirus :
You always get Microsoft security Essential free for windows thats the best.
The most famous one is CALMWIN (open source) with CLAM SENTINEL (open source scanner).
There are many other too but not that effective unless full version.
The above two are the full version antiviruses.
If counter any problems write in here
No comments:
Post a Comment