Saturday, 9 July 2011

How To Remove The Autorun Virus Explained

13 comments
 
Ever encountered the famous autorun virus, I am sure you have. Removable medias are the most common ways by which such virus spread. When you insert any infected pendrive to your computer the first thing it does is infect your drives with itself i.e autorun virus. So that it executes the virus everytime you open your drive.

The next time you turn on your pc and right click on your drive's icon and see something called autorun in the menu, then you can be assured that your drive is already infected with this virus.In some cases a menu like the one shown below is displayed with some weird language.. This is again a type of autorun virus (you just learned a new language:D)

autorun.inf virus removal

So how to remove this virus???

The best way to remove this virus is by using cmd(command prompt). Why?? Because it changes its attributes to system,read only and hidden. In some cases it even disables the "show hidden files and folders feature" in the folder options so that it becomes impossible to delete. Nonetheless you can still delete it easily using cmd. Here are the steps to delete this virus..
  1. Go to start, run then type cmd and press OK or you can alternatively press windows key+R.
  2. Then type "cd \" without the quotes. It simply changes the directory to the root directory
  3. Now type "dir /a:-d  /w" without the quotes. It displays the list of all files in the directory. You will see something like this..
autorun.inf virus removal


4. Find out the malicious(not delicious:/) files : 

The main culprit behind infecting your drive is the autorun..inf file. See autorun.inf is present above. Autorun.inf file is executed automatically when you open your drive and your drive opens in a new window(you may have noticed this). Lets see how it works...

autorun.inf - Opens another malicious file *.pif. "pikadu.pif" in my case..
pikadu.pif - Creates the *.exe virus file. "qwrtsta.exe" in my case. And then executes it
qwrtsta.exe - Does all the damage to your pc. disables task manager, regedit, hidden files and folders etc

So the malicious files are autorun.inf, pikadu.pif, qwrtsta.exe. They may have some other names in your case but the autorun.inf will be always there.

5. Delete autorun file:

To delete the autorun.inf file follow these steps:
  • First type "attrib -s -h -r autorun.inf" in cmd without the quotes. It resets the attributes so that you can delete it.
  • After that type "del autorun.inf". And it should delete the autorun.inf file.

Note- If it says “Cannot delete autorun: It is being used by another person or program". Then you have to first   end the process which is using it in the task manager. In most cases it is the same which you found in the cmd (qwrtsta.exe). If its not then you have to do some research to find it..
Else delete the *.exe and *.pif file and restart your computer. Then delete autorun.inf. It will be deleted without any problem.

6. Delete other virus files:

Now that the autorun.inf file is deleted. Now delete the .exe and .pif files too using the same way. 
  • First type  "attrib -s -h -r pikadu.pif". And then "del pikadu.pif"
  • Then type  "attrib -s -h -r qwrtsta.exe". And then "del qwrtsta.exe"

Repeat the steps for all the infected drives.

7. Clean startup items :

Now go to start, all programs, startup and delete any malicious file from there if present. The files present in the startup folder are executed everytime your pc starts so deleting any virus file from there is important.

Optional: Some virus spread on other places in your drive too. Although they are not that dangerous, running a free malware scan wont hurt, Download malwarebytes and run a full scan to make sure your computer is disinfected completely.

8. Restart your pc : 

Now that you have done all the hardwork its time to restart your pc. After you restart your pc your drive should be disinfected and free from the epic autorun virus:D




Like this Post?? Click Here To Subscribe By RSS. Its free and won't take much time
RSS

If you would like to receive free updates by email, enter your email address below. No spam promised.

Enter your email address: Delivered by FeedBurner

13 Responses so far.

  1. _ab says:

    mast !!!!!!!!!!!!!!!!!!!!!!!! thnx for sharing :D

  2. Ahsan says:

    very good tips. But I find difficult to do it for the 1st time. But now its allright

  3. @ahsan. ya the process is a bit lengthy. I tried to explain how it works side by side. Thanks for dropping by:D

  4. i have seen best prices of Sanddisk pendrives at snapdeal....

    Sandisk Pendrives

  5. Sarawut says:

    i create .cmd DOS command
    if you del one file , virus will return;

    @echo
    cd\
    del /a:shr efig.exe
    del /a:sh autorun.inf

    d:
    del /a:shr xjxqpw.pif
    del /a:sh autorun.inf

    e:
    del /a:shr vtft.pif
    del /a:sh autorun.inf

    f:
    del /a:shr ygggm.exe
    del /a:shr autorun.inf

    pause

  6. Anonymous says:

    What does -s-h-r stands for?? Because when i type attrib -s-h-r autorun.inf its says invalid switch :(

  7. Anonymous says:

    you should put spaces between attributes (r-read only; a-archived; s-system; h-hidden) like: attrib -r -a -s -h autorun.inf

Leave a Reply