The ultimite anti-virus 2007 scammed me out of $49.95 and I would like a phone number to their customer service so I can get my money.

Wht if v dont have the CD now??

If you dont have the recovery cd, you can go to Start>Run, type CMD

i do that but i receiv access deny to drive when i try to excute del command .i am login as administrator
but i receive this message again
please help me
i able to see every folder in my flash

If I will do it. Is it affecting to an other programs and files? I mean just like restoring the computer. will I lose the files and additional programs? thanks

Dude…i tried it out….but the access to the autorun.inf file is denied so u can’t change the attributes & thus can’t delete it………n one more thing……the edit command was nt accepetd as a valid command in the Recover Console’s DOS Prompt…….hard luck….
Thanks Newayz……

this works but keep in mind that your computer might be infected already, not just the usb stick. if you delete teh virus from the usb, the computer can infect it right after again. i’m running the latest anti-virus by symantec so that picked up the worm and deleted it right away. i only had to clean the autorun.inf from my usb stick.

you don’t have to go to the recovery console to do that, there’s a way straight from windows. in an explorer window navigate to Tools/Folder Options/View and make sure “Show Hidden Files” is ON and “Hide Protected Operating System Files” is OFF. i had to reselect those options on my computer to take effect. after that “autorun.inf” shows up along with the virus files. to delete them right-click on them and go to Properties then remove the “Read-Only” flag. now you can delete it.

yes i tried it out
i think there is no need of using the bootable cd or something like that. Just go to the command prompt in the os itself and change the attribute of the autorun.inf file. After that delete the same. Before deleting that u have to check for the file that is executing while autorun. Search for it and delete that too..

i can’t perform the del /f /a file.exe part… it canot find “file.exe” can you please send me an alternative.. i also did the remove the read only flag” way but autorun still show up..

can you please reply on my email.. thanks in advance

my email’s lepaumagcalas@yahoo.com

the only way 2 delete the file is to do it using the win bootable disk while booting itself…. u will not be able to del the file once logged in…..It stops the administrative privillege to view hidden files…….

i failed. nothing occur
no effect at all

I tried removing the file , everything is ok , but as soon as I restarted the computer everything returns as it was , big Problem

i have flash drive , i have repeated the steps again almost 7 times now. i delete the files called lky.exe and autorun.inf and then run avg antivirus to remove other virus. I also format the drive to clean it completly. still if i see lky.exe and autorun.inf replicates its self and they seems to not removing. somebody help !!!

maanit (maanit123@gmail.com)

lky.exe is a bitch to remove, but I think I know how you can contain it. Download and run combofix (you’ll find it if you need it) and run it. When you do it will remove the autotun.inf file from all drives.

Then allow hidden folders to be viewed again (through folder options) and then go to the c: drive. You should see that autorun.inf is no longer there (although lky.exe probably still will be). Now here’s the tricky bit - create a new folder called “autorun.inf” in the c: drive. That will stop the autorun.inf file from being created the next time you reboot.

You will need to do this for all drives attached to your computer (not the scan, just the folder). Remember that all your usb drives will be infected too so be smart about what you do - don’t just re-install them.

I think if you do this first and then follow the steps mentioned here it should work as a temporary fix and lky.exe won’t be able to run unless you double-click it.

My 2 cents worth…

I had the same problem, the simplest way is to use Windows system restore in order to restore your registry to an older data.
(Start->All Programs->Accessories->System Tools->System Restore and select a date prior to the infection)
This way you may loose some recently installed programs (and programs only, no data loss) but you are clean once and for all.
If you have usb disks you may also want to check them as well and using a command console (Start->Run->cmd.exe) go to the usb disk root and give:
del /F /A autorun.inf
del /F /A lky.exe
The last step is better to be done in safe mode.

V-Guy and Kostas,

You both are great, it was a great advice.

1. I ran combofix, it deleted autorun.exe from my all drives partitions.

2. i restarted computer in safe mode, usb drive was plugged in..

3. went to usb disk root from cmd, and attrib -r -s -a -h *.*
del /F /A autorun.inf
del /F /A lky.exe

moreover,
c:\ del /F /A lky.exe
d:\ del /F /A lky.exe
and so on till what partitions are….

guess what it did not replicate lky or autorun.inf it seems all good…and V-Guy 2 cents worth… Thanks a lot

i get successfully remove autorun file

thanks

I had a really nasty trojan infection which I suspect came from a friends USB, and I first tried messing around with Registry keys, going to cmd, changing the folder options, totally screwed up my laptop (made it so that even my antivirus couldn’t detect the trojan anymore, and I couldn’t even open my C or D drives cos it immediately got infected)

So I used Kostas’ method. Didn’t know why but I decided to just try system restore to an older date (a week before) and the trojan miraculously disappeared! Mine was the kxvo.exe virus/trojan. My laptop is now in perfect condition and boy am I glad

Hi,

I’m having real problems deleting autorun.inf from my Maxtor 500GB external USB drive. I think this file is a virus as the drive locks up the PC every time I access it. I have tried disabling the power management option so it can’t be that. I have also run combofix and that cannot delete it either. HELP!!!

I tried your registry modification on my Win XP machine, but it did not work AT ALL.

in iran i have bought nod32 mcafee norton … and many other up to date virus scans for only 1 dollar and none of them were able to delete my usb viruses . i dont know why?

I have seen this time and time again. What a pain! You will need ComboFix - hxxp://download.bleepingcomputer.com/sUBs/ComboFix.exe

Download it to your desktop and run it WITH your external drive plugged in. Make sure you’re currently viewing hidden files/folders and protected operating system files. Look for hidden CONFIG and SYSTEM folders on your C: and your external drive. Thats where the culprit hides, and the autorun is executing the culprit.

The ComboFix log will be displayed when it’s done. Look at it, and specifically for an entry near the bottom of the log that might show ROX.exe. DELETE that entry from the registry.

Reboot and see if those hidden folders CONFIG and SYSTEM exist on your C: or external drive. Delete if so. Ultimately you need those removed as well as the autorun.inf from the external.

Hope your USB drive hasn’t been plugged into any other PC because that one will have it too.

Good Luck!

thank you… i got it.. its very simple!
have a nice day!
just clear the file attributes and delete.

[autorun]
open=shutdown.exe
shell=!@#$%
&shell=%^&*

TRY THAT!!!to remove
cmd and then type the drive letter where autorun is
and then type autorun.inf
attrib autorun.inf -h -r -s
del autorun.inf
tada!!

soooooooooo simple!!
2 create a virus tut by me:kikoniman@Gmail.com

just email me!!

watch my vid OTENVIRUSKIKO on youtube!!

ahm,download my autorun remover/detector now

download:########.### just scratch it :p

I am hard to clean this virus! Autorun.exe and Autorun.inf

I’m surely it works… but sometime deleting the virus will leave some script… if you open c: in my computer i notice that it run some open with.. this really pain in the a$%*
by the way i try to figure it out.. so try this

•click run
•type regedit
•ctrl+f
•in the registry find mountpoints2
•delelete all mountpoints2 in regedit
•works?
•email me….

but while editing its telling as the file s read only.. wat can i do? plz help..

I have windows vista, how to remove “autorun.infi” from the USB

Thanks a lot “V-guy and Kostas” Ur tricks working.

My computer s not able to detect autorun.Inf in dos

One genius boris in his comment advised that there is no need to edit the autorun.inf in command prompt.
How stupid

[autorun]
open=file.exe
shellOpenCommand=file.exe
shellopenDefault=1
shellExploreCommand=file.exe
shellAutoplaycommand=file.exe

The line shellExploreCommand=file.exe tells what will happen if you explore the usb drive - it will execute the virus.So you will get infected.

The last line is the reason why you have to do it the way it was described.Or you can just disable autorun function in Windows.And then use the command prompt.
Or you can boot in linux live cd and do the whole thing there.Then you can explore the usb drive without any fear of getting infected.

The main reason of editing the autorun is to see the location of the virus on the USB drive and its name.Some aoutoruns are written in weird codings so you can not read them.
Anyway if you know the name and the location of the virus, simple rename it and delete it.Autorun file is just for background execution of the virus file once you have open your drive, or use the autorun function of Windows.

I had the following issue:

Recycler & Autorun.inf on all of my USB drives. I used a program called “Flashdrive Cleaner” or something. It worked…sorta. What it does is creates a a file on all of your drives (hard disks and flash drives) called Autorun.inf instead of the actual inf file. This works (I did this prior) except the worm still tries to write constantly to your disk. I narrowed down what file was causing it by using “UsbSpy”. It comes with 15day evaluation trial. After installing it and rebooting your pc, launch the program. I selected my flash drive (mass storage device at the bottom of the list for me) and started capturing the file access. It showed me that “svchosl.exe” (NOT SVCHOST.EXE!!) was access and trying to write about every second. This was my worm. So I googled its removal and downloaded a program call SDFix. It is about 1.5mb and worked like a charm. You install it, reboot in safe mode and go to Start>Run>C:\SDFix\runthis.bat - It takes about 10-15 minutes to go through this and then it reboots. Afterwards it indicated that it found and removed the worm (svchosl.exe) on both pc’s I used it on. I believe I got this worm from a new SDHC flash card I got because I had no problems before I stuck it in there. I tried it in another pc and it infected that one too before I figured out what it was. This worked for me and I hope this helps or fixes your problem! Best of luck.

[MisterHighway]

dEAR ALL plz help me
i have autorun.inf in disk c d and e
i do
dOs:
attrib autorun.inf -s -r -h
but
message showed
ACCESS IS DENIED
plz help me
note : no antivirus can help me
abed lebanon

the best way to remove autorun.inf from ur flash drive.
insert ur flash drive in ur computer and restart ur computer..
using a windows vista bootable dvd and start booting from dvd and you noneed to format but just as u see all local drives in the system u can also able to see ur flash drive or usb drive then u just need to format it from ur dvd and keep in mind that it should be fat32 format there is an option to format fat32 or ntfs use fat32 format to format ur usb drive and then ur usb is clean from viruses..

sorry i don ‘t know what do if u don ‘t have vista bootable disk..
Thanks for reading this article..

how exactly do u go to the usb disk root ? i tried and reply is there is nO such command…. maybe i am doing things wrong, HELP

how to break windows xp passwrod which administrator and all users are password protected.
i cant enter in windows without enter password.
pls help me

i did one type of experiment on my non format able USB,
here it goes…go to run> cmd > format k: /v /q
and press enter..this formats the drive forcefully.here k denotes the drive letter. v is volume and q is quick type…njoy with this..no need of any extra software..jjust try our own dos commands…
thank u

lol try using cmd to remove autorun.inf
but still not remove lol i try many times
to delete but still can’t.. i have delete but
when i open my drive still can’t delete that
aurorun.inf help me someone!

I hav tried a lot bt still no results.
autorun.inf is not been visible in usb drive & whenever i plug it in the comp,the virus tries to access Explorer.exe into WINDOWS folder.
what to do??? I m having nod32 antivirus.

Can Anyone help me out here ??
I have try all the way to delete my autorun.inf file from my external hard disk, but it seems cannot function at all.
In CMD , attrib the autorun file is all get Access Is Denied, can anyone here help out me to del this ?? i have try to reformat hard disk, but it still always shows up after i plug in into the computer.

Any good suggestion on delete this autorun.inf in new way??

email me, festival-jordan@hotmail.com

Thanks alot.

what about a program called “Autorun Eater” is it work to delete the autorun.inf worms
———————————————–
email: alsaad_46@yahoo.com

autorun.inf problem can be fix using this simple walktrough.

start->run->gpedit.msc

***Group policy window
User Configuration-> Administrative Template-> System -> Disable Autoplay

***Properties Window
Select ENABLED then Disable Autoplay on “ALL DRIVES”

then OK and Close the Group Policy Window

***Restart Your PC
After Restart
Start->Run->Notepad
***Copy below and paste to notepad
*** Start Here
attrib -h -a -r -s c:\autorun.inf
del c:\autorun.inf
attrib -h -a -r -s d:\autorun.inf
del d:\autorun.inf
attrib -h -a -r -s e:\autorun.inf
del e:\autorun.inf
attrib -h -a -r -s f:\autorun.inf
del f:\autorun.inf
attrib -h -a -r -s g:\autorun.inf
del g:\autorun.inf
attrib -h -a -r -s h:\autorun.inf
del h:\autorun.inf
*** End Here

*** Save as C:\KILLAUTO.BAT

*** To execute for KillAuto.bat
Start->Run->C:\KILLAUTO.BAT

This process will delete autorun.inf in drive c,d,e,f,g,h

Use Flash Disinfector.exe
I hope you like it, it remove all effected auto run.ini & .exe file by All drives

Start->Run->Notepad
Copy below and paste to notepad

Start Here

attrib -h -a -r -s c:\autorun.inf
del c:\autorun.inf

attrib -h -a -r -s c:\s.exe
del c:\s.exe

attrib -h -a -r -s d:\autorun.inf
del d:\autorun.inf

attrib -h -a -r -s d:\s.exe
del d:\s.exe

attrib -h -a -r -s e:\autorun.inf
del e:\autorun.inf

attrib -h -a -r -s e:\s.exe
del e:\s.exe

attrib -h -a -r -s f:\autorun.inf
del f:\autorun.inf

attrib -h -a -r -s f:\s.exe
del f:\s.exe

attrib -h -a -r -s h:\autorun.inf
del g:\autorun.inf

attrib -h -a -r -s h:\s.exe
del g:\s.exe

attrib -h -a -r -s i:\autorun.inf
del h:\autorun.inf

attrib -h -a -r -s i:\s.exe
del h:\s.exe

attrib -h -a -r -s j:\autorun.inf
del h:\autorun.inf

attrib -h -a -r -s j:\s.exe
del h:\s.exe

End Here

Save to .BAT file extension (KillAuto.bat)

Execute for KillAuto.bat

Start->Run->C:\KILLAUTO.BAT

in safe mode go to main screen——–>
go to run->cmd->advanced->autorun.inf->remove->settings->disable

nothing will happen……….go n do ur work

Help me guys !!!!
My computer is completely infected with autorun.inf file “p.exe”. i am not a computer expert. tried “autorun eater”. “autorun virus remover v2.3″. “kaspersky”, “quickheal”. No result at all.

Quickheal shows- “Detected: W32.Autorun.Gen in” and “file was repared”

Autorun eater shows-
[AutoRun]
open=p.exe
shell\open\Command=p.exe
“Remove autorun.inf

tried all, but no result…

PLZ PLZ PLZ
HELP ME SOME ONE………..

Hi,
Would like seek assistance re this:
1.) Task Manager is disabled
2.) Typing “virus” word would close internet explorer…
3.) Tools –> Folder Options, can’t change any settings
4.) I always find bi mat.exe in all of my drives
5.) Can’t install antivirus.
6.) I don’t have the option to reformat because i have files which i can’t lose.

btw… first time here… ill try combo fix first if it works…

all above will as i said, will bring back the file again, for the deleting method with CMD, and for the disabling the autorun service ( ok do u wanna have a service on your pc that is stopped because of a stupid virus),
come on i don’t think so,
that’s what i think actually, after all it’s a file and excute a certain order, find it kill it, your done.
here how…
***Remove autorun.inf?
The said virus hides itself inside a folder named Recycled/Recycler. The folder has a hidden/system/read-only attribute, that’s why you can’t see it if you will use the Search window. When your system is infected by the said virus, it infects every drive connected to your PC by dropping VCAB.DLL to the internet temporary folder and creating the CTFMON.EXE to folder Recyled & AUTORUN.INF to the root directory of every drive. That’s why when you connect your USB sticks to the infected PC it will be infected immediately, the USB disks will be the new carrier for the virus. The program runs every time you start your computer because it copy itself in the Startup folder of the Start Menu. It also run every time your insert the infected USB disk and it triggers every time you Double-Click the infected drive (bcoz of the AUTORUN.INF). The virus infects .EXEs and .DLLs.
To check if your system is infected by the said virus without using an antivirus, do the following steps:
1. Go to command prompt.
2. Type CD\ in drive C: to go to the root directory
3. Type DIR /AH and press ENTER key. This will display all hidden files in your drive C:
4. If you see a file AUTORUN.INF and a folder Recycled, then your system is infected.
5. Try doing this to your USB drive and check if your USB stick contains the same folder and AUTORUN.INF, if it does then your system is really infected..
?
To manually remove it follow the following steps (Note: you should understand what you’’re about to do, you try it at your own risk!)
Boot your system in Safemode
1. Go to command prompt, in Drive C do the following commands.
2. Type -> ATTRIB -H -R -S AUTORUN.INF then press enter
3. Type -> DEL AUTORUN.INF then press enter
4. Type -> ATTRIB -H -R -S Recycled then press enter
5. In Windows Explorer in Safemode, remove the folder Recycled in drive C use Shift-Delete to delete the folder.
6. Repeat Step 3 to 6 for all drives of your system including the USB drive.
7. Search for CTFMON.EXE in your system using the Search of Windows found in Start Menu. If you find a file that is not located in C:\WINDOWS\SYSTEM32, delete it immediately. Dont forget to empty the recycle bin afterwards (Usually the virus will copy itself in the Startup folder of the Startmenu. Check if the file is present there and delete it then.)
?To disable autorun of drives (i.e. everytime you double-click a drive or cd or usb, it is auto open) follow the following step:
?Click Start->Run->type REGEDIT.EXE
1. Go to this key from the register HKEY_CURRENT_USER\Software\ Microsoft\Windows\CurrentVersion\Policies\Explorer
2. Look for the entry NoDriveTypeAutoRun, double click the entry
3. Type a new value :?0FF?(Hex) for the NoDriveTypeAutoRun, this will turn off the AutoRun for all drives, and press ENTER
4. Reboot the system.

Viruses that uses Autorun.INF
?There are several viruses that uses the autorun.inf to spread itself such as the Bacalid (hides itself in ctfmon.exe) and the RavMon.EXE. These viruses set its file attributes to System+Hidden+Read-Only attributes so some anti-viruses will have a hard time detecting or finding them. These viruses save itself in the root directory of every available drives of the current infected computer and runs itself every time you Double-Click the drive. In USB Sticks and CDs that are infected by the virus runs automatically especially if drive autorun is enabled for the current drives (which is usually by default, autorun for drives are enabled).?
Disable AUTORUN from Registry?
Now you can disable the AUTORUN for all drives by configuring the registry. Open the registry by typing regedit.exe to the command prompt (if your still at the command prompt) or execute it in Run. Look for the HKEY_CURRENT_USER\Software\ Microsoft\Windows\CurrentVersion\Policies\Explorer
Double-click the NoDriveAutorun DWORD entry and type the value HEX: FF (255 in Decimal). (If the NoDriveAutorun does not exists, you can creat it by right-clicking the right side area of the regedit window, then click New->DWord Value -> type NoDriveAutorun) Close the registry and restart the computer. This procedure will disable all the autorun for all drives of your computer and at least will prevent the autorun function of infected USB drives or CDs and avoid the infection of viruses like the Bacalid and RavMon.exe
If you want to prevent viruses that uses autorun.inf? to infect your USB flash drive, try to do this:
1. Open your flash drive via Command Prompt (do this via Start->Run->cmd.exe)?
2. Change your logged drive to your USB flash drive (e.g. if your drive is at drive E: then type E: on the command prompt then press enter)
3. Create a folder named: AUTORUN.INF on the root directory of your flash drive. (to do this type the command: MD\AUTORUN.INF). If an error: a subdirectory already exists… shows, try to follow the instruction above to remove existing autorun.inf before doing this instruction.
The reason why this will avoid future infection is that autorun.inf viruses usually generates a file autorun.inf. Having an AUTORUN.INF folder on the root directory of your drives will make virus programs unable to create their own autorun.inf file, virus can’t even overwrite it because it’s a folder and not a file.
the guys who made it will keep on trying to make new ones so as i said earlier get your self a decent antivirus that is not cracked or had BY CHANCE a working serial for GOD knows how long, lol
anyways hope this will finish it.

Is all the post comment answer is true?!

Is it safe to apply the method that they post in the command prompt?! tnx..

Some steps were not required, at my perspective anyway, Just run Cmd as administrator by rightclicking cmd.exe>runas>administrator/password etc.
->type: G: (or F: C: etc. if whatever is your usb Dir.)
->then type: attrib -s -h -r autorun.inf (works also to…attrib -s -h -r zPharaoh.exe)
->Then type: del autorun.inf (del zPharaoh.exe)
->remove your usb then connect it again and check if its still there…

Help me, Plzzzz

i’ve problem with my usb drive, that files & folders are not copied from PC but its easy to copy from pen drive or CD drive. when i want to copy from PC to Pen drive then the report shows file was n’t copied. Don’t know why? What should I do now? Plz somebody help me.

Trying to get solution. I will post if I found ana answer.

i am having same problem here with autorun.inf / ctfmon.exe and other related viruses/worms on my pc. and currently trying all the advices i got here thanks. but i have questions, it happens to you guys that u cannot unhide the hidden files? and got a problem of alt-key not working? alt key is so important. how to re-do the damages caused by this things using the “format”cmd as the last option… -)cebu(

ok, here’s the problem
after removing the autorun.inf
i can’t autoplay the removable drives,
any solution?