Remove autorun.

inf manually
so i will tell u how to remove autorun.inf virus which is cause of opening
of your drives in separate window when u click on the drive name in my computer
There is a Trojan/virus (either the Win32/Pacex virus or the Win32/PSW.Agent.NDP trojan) that uses
those two files. Here is how you can get rid of them:
1) Open up Task Manager (Ctrl-Alt-Del)
2) If wscript.exe is running, end it.
3) If explorer.exe is running, end it.
4) Open up “File | New Task (Run)” in the Task manager
5) Run cmd
6) Run the following command del #:autorun.* /f/a/s/q with other drives in turn
where # is replaced by drive name e.g-c,d,e etc

Be careful with this command it can delete your all data one by one from your hdd if execute wrongly
so place your mouse on x position of cmd prompt windows and if it starts deleting your files close it
or we can do this step by without ending explorer.exe
Just hit windows+R it will show you run dialog box now type cmd there, it will give you command
prompt
Now navigate to #: where # replaced with your different drive name
i am taking the example of c: drive
now write c:del/a/s/q/f and give a space now press tab until you see autorun.inf press enter
now you done do the rest steps as i said (be careful see clearly autorun.inf before deleting it and don’t
delete any ntdelect there it may crash your system)
7) Go to your WindowsSystem32 directory by typing cd c:windowssystem32
8 ) Type dir /a avp*.*
9) If you see any files names avp0.dll or avpo.exe or avp0.exe, use the following commands to delete
each of them:
attrib -r -s -h avpo.exe
del avpo.exe
10) Use the Task Manager’s Run command to fire up regedit
11) Navigate to HKEY_CURRENT_USER SOFTWARE Microsoft Windows CurrentVersion Run (as usual,
take a backup of your registry before touching it!)
12) If there are any entries for avpo.exe, delete them.
13) Do a complete search of your registry for ntde1ect.com and delete any entries you find.
14) Restart your computer.

Remove autorun.inf

the said virus hides itself inside a folder named Recycled/Recycler. The folder has a hidden/system/read-only
attribute, that’s why you can’t see it if you will use the Search window. When your system is infected by the said
virus, it infects every drive connected to your PC by dropping VCAB.DLL to the internet temporary folder and
creating the CTFMON.EXE to folder Recyled & AUTORUN.INF to the root directory of every drive. That’s why when
you connect your USB sticks to the infected PC it will be infected immediately; the USB disks will be the new carrier
for the virus. The program runs every time you start your computer because it copies itself in the Startup folder of
the Start Menu. It also run every time your insert the infected USB disk and it triggers every time you Double-Click
the infected drive (bcoz of the AUTORUN.INF). The virus infects .EXEs and .DLLs.
To check if your system is infected by the said virus without using an antivirus, do the following steps:
1. Go to command prompt.
2. Type CD\ in drive C: to go to the root directory
3. Type DIR /AH and press ENTER key. This will display all hidden files in your drive C:
4. If you see a file AUTORUN.INF and a folder Recycled, then your system is infected.
5. Try doing this to your USB drive and check if your USB stick contains the same folder and AUTORUN.INF, if it
does then your system is really infected..
?
To manually remove it follows the following steps (Note: you should understand what you’re about to do, you try it
at your own risk!)
Boot your system in Safemode
1. Go to command prompt, in Drive C do the following commands.
2. Type -> ATTRIB -H -R -S AUTORUN.INF then press enter
3. Type -> DEL AUTORUN.INF then press enter
4. Type -> ATTRIB -H -R -S Recycled then press enter
5. In Windows Explorer in Safemode, remove the folder Recycled in drive C use Shift-Delete to delete the folder.
6. Repeat Step 3 to 6 for all drives of your system including the USB drive.
7. Search for CTFMON.EXE in your system using the Search of Windows found in Start Menu. If you find a file that is
not located in C:\WINDOWS\SYSTEM32, delete it immediately. Don’t forget to empty the recycle bin afterwards
(Usually the virus will copy itself in the Startup folder of the Start menu. Check if the file is present there and delete
it then.)
?To disable autorun of drives (i.e. every time you double-click a drive or cd or USB, it is auto open) follow the
following step:
? Click Start->Run->type REGEDIT.EXE
1. Go to this key from the register HKEY_CURRENT_USER\Software\
Microsoft\Windows\CurrentVersion\Policies\Explorer
2. Look for the entry NoDriveTypeAutoRun, double click the entry
3. Type a new value:?0FF?(Hex) for the NoDriveTypeAutoRun, this will turn off the Autorun for all drives, and press
ENTER
4. Reboot the system.

Viruses that uses Autorun.Inf

? There are several viruses that use the autorun.inf to spread itself such as the Bacalid (hides itself in ctfmon.exe)
and the RavMon.EXE. These viruses set its file attributes to System+Hidden+Read-Only attributes so some anti-
viruses will have a hard time detecting or finding them. These viruses save itself in the root directory of every
available drives of the current infected computer and run it every time you Double-Click the drive. In USB Sticks
and CDs that are infected by the virus runs automatically especially if drive autorun is enabled for the current
drives (which is usually by default, autorun for drives are enabled).?
Disable AUTORUN from Registry?
Now you can disable the AUTORUN for all drives by configuring the registry. Open the registry by typing regedit.exe
to the command prompt (if your still at the command prompt) or execute it in Run. Look for the
HKEY_CURRENT_USER\Software\ Microsoft\Windows\CurrentVersion\Policies\Explorer
Double-click the NoDriveAutorun DWORD entry and type the value HEX: FF (255 in Decimal). (If the
NoDriveAutorun does not exists, you can create it by right-clicking the right side area of the regedit window, then
click New->DWord Value -> type NoDriveAutorun) Close the registry and restart the computer. This procedure will
disable all the autorun for all drives of your computer and at least will prevent the autorun function of infected USB
drives or CDs and avoid the infection of viruses like the Bacalid and RavMon.exe
If you want to prevent viruses that uses autorun.inf? to infect your USB flash drive, try to do this:
1. Open your flash drive via Command Prompt (do this via Start->Run->cmd.exe)?
2. Change your logged drive to your USB flash drive (e.g. if your drive is at drive E: then type E: on the command
prompt then press enter)
3. Create a folder named: AUTORUN.INF on the root directory of your flash drive. (To do this type the command:
MD\AUTORUN.INF). If an error: a subdirectory already exists… shows, try to follow the instruction above to remove
existing autorun.inf before doing this instruction.
The reason why this will avoid future infection is that autorun.inf viruses usually generate a file autorun.inf. Having
an AUTORUN.INF folder on the root directory of your drives will make virus programs unable to create their own
autorun.inf file; virus can’t even overwrite it because it’s a folder and not file.

Autorun.inf Virus Removal

what is autorun.inf?

Autorun.inf is a setup information file or INF used to install or setup software’s and drivers. This is usually used
and seen on the CD ROM with the Autoplay. The autorun.inf makes the CD ROM will Autoplay, it means this will
automatically play or setup upon clicking or play itself or what we called auto installation. If you can see an
autorun.inf in your CD ROM drive, this is normal.

When do we say that Autorun.inf is a Virus?

Some people say autorun.inf is a virus but the reality is not. Autorun.inf was only used by the virus to execute
or install them by clicking. On the autorun.inf it contains setup information or a program setup that will trigger
the virus to execute when they are being clicked by the user. This autorun.inf was usually found in the windows
C: or in the removable disk. And it is mostly set to invisible or hidden in the windows drive or removable drive.

Ok here we go, let start removing the autorun.inf in your system drive.

First you must enable your Folder Options, make your hidden files be visible to your eyes. You can enable by
clicking-left to your My Computer > Tools > Folder Options.
 You can follow this configuration when you enable the Folder Option to visible all the hidden files in to your
system drive.

After this, you can now start deleting the autorun.inf into your drive C: or removable drive. And you can also
remove the unknown files like Braviax.exe, Ravmon.exe, Kxvo.exe, Amvo.exe, Bar311.exe, Svchost.exe or
any unknown files that are exist in to the system drive.

Step 1: Use Windows File Search Tool to find autorun.inf Path

1. Go to Start > Search > All Files or Folders.

2. In the "All or part of the the file name" section, type in "autorun.inf" file name(s).

3. To get better results, select "Look in: Local Hard Drives" or "Look in: My Computer" and then click "Search" button.

4. When Windows finishes your search, hover over the "In Folder" of "autorun.inf", highlight the file and copy/paste the path into

the address bar. Save the file's path on your clipboard because you'll need the file path to delete autorun.inf in the following

manual removal steps.

• Read more about How to Delete autorun.inf with File Search Tool

Step 2: Detect and Delete Other autorun.inf Files

1. To open the Windows Command Prompt, go to Start > Run > cmd and then press the "OK" button.

2. Type in "dir /A name_of_the_folder" (for example, C:\Spyware-folder), which will display the folder's content even the hidden

files.

3. To change directory, type in "cd name_of_the_folder".

4. Once you have the file you're looking for type in del "name_of_the_file".

5. To delete a file in folder, type in "del name_of_the_file".

6. To delete the entire folder, type in "rmdir /S name_of_the_folder".

7. Select the "autorun.inf" process and click on the "End Process" button to kill it.

Autorun .inf Removal

This is a very simple free program to remove Win32/Autorun which appears to plague many users. It
appears that some antivirus scans do find the problem but fail to remove it.

This program does just that. It scans your drives and CleanAutoRun will detect and remove any
W32/Autorun Worm and its variants safely from your system.

Simply download the program and save it on your desktop or in a folder that you may have for
downloaded programs. Double click on CleanAutoRun.exe to run the program.

Click on Scan and just let it run, go and grab a coffee while it scans, it may take a little while
depending on how full your drive is, how many partitions it has and any external drives that may be
connected.

When the scan is complete it will show you the results of ALL infected Autorun.inf worms that have
been deleted.

User interaction is minimal, simply, download, double click to Run, select Scan and that’s all there is
to it. By removing all Autorun .inf files your computer will be safer as will your data.

A useful tip to stop USB devices from automatically running when you insert them is to hold down the
‘Shift’ key as you insert the plug into the USB port.

Disable USB Autorun

Many users will be aware that the easiest way to infect a computer is by inserting USB flash drives,
other external USB devices, CD/DVD’s and memory cards which are infected with malware.

I have previously covered how to remove the Autorun.Inf Worm, but this small tool will vaccinate your
computer and stop the Autorun feature without having to edit the Registry, which for many users is a
somewhat daunting task.

The autorun feature can be disabled via editing the Registry, but this small program makes it much
simpler. Simply download and install and the program will automatically open.

Users then have the option to vaccinate their PC which will stop any program from any USB/CD/DVD
drive from executing.

The second option is to vaccinate attached USB devices which will disable the autorun completely.
Users can then safely right click the drive in My Computer and scan for viruses and malware before
opening any folders, which keeps your PC safe from malware infection.

By default, Windows Operating System allows all inserted devices to autorun, therefore aiding the
spread of malware simply by attaching an infected USB device which contains a malicious executable
which loads silently as soon as the device is plugged in.

Panda USB Vaccine stops this action and allows users to insert USB devices safely, and if it has not
been previously vaccinated a popup appears giving the option to vaccinate it and disable the autorun
feature.