How to Remove an Autorun Inf Virus From a Computer

How to Remove an Autorun Inf Virus From a Computer

The article describes the procedure for removing an Autorun.inf virus from a computer. The methods compiled here are simple and correct to date. It is, however, recommended that these should be followed carefully to avoid running into problems. Since it is a time-consuming and difficult procedure, you can alternatively approach an expert virus removal support service. It will save you a great deal of time and money.

Autorun.inf virus is a dangerous program that exploits Autorun.inf, a common Windows operating system file to execute itself on removable media and other drives viz. C: in your computer. It can be quite difficult to deal with this virus as it is capable of re-executing itself after being removed. Considering this, we have designed a comprehensive guide that will help you get rid of this virus forever. See below for details.

Instructions:

Click on the Start button and browse to Run. Type ‘cmd’ in the empty box and press the OK button. It will open the Command Prompt window. Type ‘del /a:rhs [drive letter]: autorun.inf’ (without quotes and brackets and as is) and hit Enter. For example, it’s the C: drive which you want to run this command for. You will type ‘del /a:rhs c: autorun.inf’ and hit Enter to proceed. You must repeat the command for all the drive partitions viz. D: or E: etc. When done, exit Command Prompt and reboot your computer.

If this method does not work for you and the virus still exists in your computer, exercise this method. Browse to C: drive> Windows> System32> and Config. Look for csrss.exe, arona.exe, logon.bat, and autorun.inf files. Select and delete all of them one by one. Move to Windows (the directory) again and then the media folder, locate and delete the arona.exe file. Search through all the drives viz. C:, D:, E: etc. for the autorun.inf file and delete it. When done, close all the windows.

Open Registry Editor. Go to Run, type ‘regedit’ in the Open box, and hit Enter. If prompted for an admin password, you must enter it to continue to Registry Editor. When in the utility, take a backup of the registry before proceeding with registry modification. A registry is the heart of an operating system. Wrong modifications to the registry can lead to permanent system crash or other severe problems in your computer. Since, registry modification is a sensitive and cumbersome process, we recommend you to take help of a professional virus removal support service.

You can either create a system restore point or use the built-in Import and Export feature to backup and restore your registry if so required. When done, browse to HKEY_CURRENT_USER> Software> Microsoft> Windows> CurrentVersion> Policies> System> DisableTaskMgr = 1. Change the last numeric value to 0 from the thread. Browse to HKEY_CURRENT_USER> Software> Microsoft> Windows> CurrentVersion> Policies> Explorer> NoFolderOptions = 1 and do the same.

Browse to HKEY_CURRENT_USER> Software> Microsoft> Internet Explorer> Mail> Windows> Hacked by Godzilla. Delete the last entry from the thread. Browse to HKEY_LOCAL_MACHINE> Software> Microsoft> Windows> CurrentVersion> Run> MS32DLL. Delete the last entry from the thread. Browse to HKEY_LOCAL_MACHINE> Software> Microsoft> Windows> CurrentVersion> RunOnce> Worms = Systemlogon.bat. Similarly delete the last entry. Exit Registry Editor and reboot your computer.

Go to Run again, type ‘msconfig’, and hit Enter. Highlight the Startup tab and remove checkmark from the button next to MS32DLL. Hit the OK button and choose to exit the window without restart. Go to Recycle Bin and remove all the virus files from there. Open your security program viz. antivirus or anti-spyware and update it with latest virus and malware definitions. When updated, run a full scan (recommended) and not a custom one. It will take some time, so wait until it is finished. Prompt the program to delete all the infections which it found during the scanning.

If it’s a removal flash drive or CD etc. that has got autorun.inf virus on it, exercise this method. Insert the media in your computer’s port while holding and continuously pressing the left Shift key. It will prevent the virus from executing itself. Browse to the location of removable drive and explore it using WinRAR. There you will see all the hidden virus files including autorun.inf, xcopy, kavo, new folder, ravmon, recycler, ms32dll.dll, ms32dll.vbs, and svchost among others. Select each one and hit the Delete key.

As soon as you finish deleting all such files, remove the media from the port. Insert it again in the port and repeat the procedure to make sure that all the virus files have been removed from your computer. This method will only work if other drives viz. C: or D: etc. in your computer are virus free, except the external flash drive or CD that has the virus. If you are unable to see all the hidden files and folders in the drive, click on the Tools tab and navigate to Folder Options. Highlight the View tab, locate Show hidden files and folders, and select it. Hit the Apply button and then OK to close the Folder Options window. Thereafter, you must also run a full system scan from your antivirus or anti-spyware program to make sure that no traces of the virus has been left in your computer.

Additional Tips:

You will need admin privileges to perform some of the abovementioned tasks. If you are unable to carry out these instructions on your computer, reboot it in the Safe Mode with Networking. Do not forget to empty Recycle Bin after deleting all the files as the virus may try to re-execute itself from there.

Besides being cumbersome and time-consuming, virus removal is also a risky process as it involves exploring roots of the system for virus files and deleting them. Since it’s not possible for you to be well-versed with a virus’ nature and mechanism due to lack of knowledge and time, you may feel stuck at times, especially while working on an important official or unofficial work. Online virus removal support is the best and trusted way to save yourself from such hassles.

The article is associated with ‘How to Remove an Autorun.inf Virus from a Computer’available on vtechsquad.com.