W32/Autorun.jamesgo
13 December 2007
W32/Autorun.jamesgo is a worm that can spreads via removable media storage and execute itself via autorun.inf file.
Risk Level: Low
File Size: Varies
Affected System: Windows
Common Symptoms:
1. Automatically opens MS Word
2. Displays Open(jamesgo.dll) when checking Drive C: properties
Related posts:
- Win32/AutoRun.CF
Win32/AutoRun.CF is a worm that propagate by copying itself on local and removable usb media storage devices. It creates an autorun.inf...
- W32/Autorun.worm.y!host
W32/Autorun.worm.y!host is a detection for Windows Hosts files that were modified to prevent accessing security websites. Therefore, it will prevent infected computers...
1. Show Hidden Files
- Open Windows Explorer
- On Menu, go to Tools > Folder Options
- Click View tab
- Select “Show hidden files and folders”
2. Restart Computer in SafeMode
- Restart your computer
- Just before Windows start press F8
- Select “SafeMode”
3. Search and delete malicious files
- Go to Start > Search
- Select “All files and Folders”
- Search for the following files and delete if found:
(located on c:\Windows\System32\)
autorun.inf
test.reg
test.bat
test.vbs
(located on c:\)
autorun.inf
test.reg
test.bat
test.vbs
(located on usb drive)
autorun.inf
test.reg
test.bat
test.vbs
4. Download and Run HJT
- Download HiJackThis Executable from TrendMicro
- Run HiJackThis
- Mark all strings with autorun.inf, test.reg, test.bat and test.vbs entries
- Click Fix Checked to fix the entries
- Reboot your computer
this is so helpful to me.. a friend of mine gave me this link and now jamesgo.dll is no where to be found in my pc.. thanks a lot! =P
sigh i did that process.. yes i was able to get it out but after restarting its back there again
try eliminating the virus from the registry itself.
First you need to disable WScript from running
Open task manager by pressing CTRL+ALT+DEL then look for WScript, then end process
type regedit in the command line
after opening the registry editor, left click my computer click EDIT Menu, then FIND.
Type jamesgo, if found delete (name column). Look further by pressing F3, then delete if found.
After deleting jamesgo, FIND test.vbs, then do the same by deleting every found test.vbs specially WScript\test.vbs
FIND test.reg then Delete,
FIND test.bat again delete
FIND autorun.inf, delete
FIND autorun.ico, delete
lastly disable autorun:
type gpedit.msc in the command line
expand Administrative Templates (Both user configuration and computer configuration)
click SYSTEM, look for Turn Off Autoplay, double click Not Configured, select all drives, then check Enable. click OK
Restart your computer.
how will i disable autorun
i do the same things yet still it keeps on appearing after restarting…what’s the best way to eliminate thi problem….
Use Registry Mechanic by PCTools to removed jamesgo.dll or run the regedit tools. Go to Edit menu and click find. Then input the name of the virus jamesgo.dll then delete it! Do this until theres no matches found! Always search at my computer!!! Hope this help you a lot!!!!
Do the same thing at autorun.inf! Use the Search tool at start menu to locate the virus. Make sure that all hidden files including the operating system are not hidden! Then after searching delete the virus you that bothering you!!!!
i tried arvperch’s method, and i think it worked, only problem is the icons for my hard drives are not normal, right now my icons are a piece of paper with a windows screen in it. is there a way to change them back?
Hello :) how do i remove the worm from the USB? so far the solution posted by arvperch is just for the pc infection if im not mistaken. thank you :)
after you removed all the viruses and its root. “try system restore”
arvperch’s meth0d f removing it is very good but what about the USB?
Thanks to the web master advice. I already exterminated “Jamesgo”. I can now open my local drives and Jamesgo.dll no longer exist when I click the right button. I also want to add some tips for the said procedure.
1. If you cannot find “Windows Explorer” like I did, Just run the local drives and follow the above procedure to show hidden files.
2.(While in safe mode)I also notice that using search in startmenu for the said files “autorun.inf”, “test.reg”, “test.bat”, and “test.vbs” is not accurate, for some reason search cannot locate the said files, What I did is delete them manually using run. I also deleted “autorun.ico” btw.
3.Btw dont forget to use the same procedure to your other local drives if you partioned it.
Tnx again to PSC.=)
If I open the local disk C there was an error and the message is the file does not have a program associated with it performing this action. Please help me.
how to disable autorun please help..thanks..
I can’t not even excess my hidden files, there is no Folder Options. The virus did something to it. Please Help… virus is SillyAutoRun
help me out with this one i deleted my Folder Option tab and if i Ctrl+Alt+Del my task Manager does not show..its Win32/SillyAutoRun.CM
Please please help me out with this one it deleted my Folder Options tab and if i Ctrl+Alt+Del my task Manager does not show..its Win32/SillyAutoRun.CM
How do you remove WinWeb Security? It’s a rogue anti virus which gives you a list of annoying false positives and then keeps up this annoying pop up rampage saying you have viruses and you have to purchase the ha product for 50 some odd dollars.
It hasn’t slown down our notebook computer but the pop ups are annoying.
The evil company which puts it out is :
Meyrocorp. Thanks much!
Leave your response!
Subcategory
Recent Comments
Recent Posts
Most Commented
About precisesecurity
A trusted computer security web site that provides efficient and free solution to remove Trojans, viruses, rogue programs and other similar malicious activities.
Copyright © 2006-2012 | Tech Blogs - precisesecurity.com | Privacy Policy