This series is a step by step on Autoplay viruses, prevention, and solutions. PM me if there should be corrections or additions. I'm going to keep this thread locked para hindi humaba on mere comments. ^^
To prevent from being easily infected with autorun viruses and worms from USB flash drives, iPods, etc.
Disable Autoplay Xp:
click administrative templates
click Turn off Autoplay
click Enable and "set to All drives"
Note: do this for both "Computer" and any "User" Configurations.
OR: scroll down this thread and see kidlatatbp's post. ^^
When doing battle with viruses, it's always best to be able to see your enemy! Do this on your server. Make it a policy for your customers to have their flashdrives checked by you before they can plug in your client pcs.
Set Explorer to view all hidden files.
Open My Computer
Click Tools> Folder Options> View
-select "Show hidden files and folders"
-remove check on "Hide extensions of known file types"
-remove check on "Hide protected operating system files"
Never ever open a removable drive in My Computer. Just don't open My computer when there's a flash drive of any sort in your usb port or a floppy disk in your floppy drive.
-When opening flash drives, right click Start > Explore
-navigate to your flash drive on the left panel. you should be able to view the contents on the right panel without double clicking. if you see the familiar autorun virus files (exe, bat, htt, ico,vbs, usually blue box icons or green paper scrolls), delete them right away! unplug the flash drive. check task manager for running programs (for Disk Knight, you have to do this before deleting the files para hindi na bumalik) and close the apps and processes. replug the drive.
Disable Autoplay on Xp Home
There is no gpedit.msc for Xp Home. Copy the following lines on a notepad. Save it as "Disable Autoplay.reg" on your desktop. Double click it to run and it should automatically edit your registry for you.
- make sure your Explorer is set to view all hidden files. (Open My Computer > Folder Options> View> remove the check in the two "Hide" entries and also click on "Show hidden files and folders". (Read my previous post)
- turn off Xp autoplay feature (if you haven't done it yet, read my post above)and reboot <
to hopefully disable the autorun file from launching more copies
ok, now your pretty much ready to kick this thing in the balls...
-In IE Tools> Internet Options> delete all cookies, urls, and temporary internet files. (some viruses launches from the internet using your browser start page. set your start page to "about:blank".
-Right click Start > Explore
Navigate to your C drive. you should find a file named autorun.inf, rename it to autorun.txt. some viruses hide their autorun lanchers in Windows>System32, look for autorun.ini.
-Open the *.txt file
-Note the files used to launch or run the virus (like xmss.exe, document.exe, *.vbs, *.bat, *.ico, etc). these are usually hidden files.
-Using the search feature, find these files and delete them. Remember to include "hidden files", otherwise search may not find them. DO NOT DELETE normal windows files! list them from another good pc so you'll be familiar with them.
-If Windows says "file is in use", note or copy the location of the file and paste it on Killbox. Click on the Red button with an X on it to kill and delete the file.
-Move on to the next file in your autorun list and do the same steps till you got them all. do another search sweep to make sure none of them came back.
-do a full system scan with your antivirus. delete any files in its quarantine folder.
-open regedit (Start> Run> type Regedit> press enter) and delete any entries regarding the files in your autorun list. Start the search from "My Computer" in the left hand panel. Make sure it is a rougue entry!!! baka ibang entry ma-delete mo. double check before pressing delete and yes. ^^
-check your other drives and partitions for any of the same hidden files and delete them (they should go away without any fuss now).
Last edit: Post by Bien.
The topic has been locked.
Virus Removal for Dummies
19 Jan 2008 02:56 #73446
Print this to guide you while you work. Mahaba lang ang post na ito kasi gusto kong i-explain na mabuti ang reason sa bawat step na ibibigay ko. the actual steps are short, but for some people, they need to understand the "why's".
Mahirap talaga mag-alis ng mga peskeng autorun viruses na yan minsan. kahit pa updated antivirus mo, parang hindi sya maubos ubos sa hardisk mo. Don't panic! There's a simple way to do this. If you're too lazy to read this, then tumawag ka na lang ng technician. ^^
There are online antivirus websites that offers online scanning of your system. kaya lang dahil online sya, they take too long. isa pa, since you're scanning a Windows system you booted from, malamang, pagkatanggal nya ng isang virus file, ibabalik lang sya ulit ng ibang files of same virus. so it's kinda useless for some viruses. those that tried to manually delete these files know what i'm talking about. antivirus softwares can only scan your files one at a time. they are more effective at "preventing" infections. once infected, it's a totally different story since the virus is up and running. replicating files deleted by your antivirus.
Ok ok... so, you're not computer savvy, but do you think you can handle a screwdriver? At least do you think you're familiar with the "insides" of your cpu? If not, take a couple of hours to read your motherboard manual, and all the manuals that you accumulated for your pc. be familiar with it, because you have no business "operating" on your system unit with a status of "ignoramus". hehehe, at least know how to connect your hardisk.
Unplug your computer . Open your System Unit casing, and remove your hardisk! (kung first time mo pa lang gagawin ito, get a flashlight, and take a mental picture of the cable connections, or better yet, draw it on paper (note: one side of an IDE cable has a red wire), or check with your manual.) If the RAM (memory module) is in the way, remove it first (obviously).
Go to another pc (wala naman yatang lanshop na isa lang ang pc, d ba?). avoid mo lang infected pcs mo at baka lalong dumami lang virus ng hd.
if all your pcs are infected by the "makulit na virus" (scan it twice with your antivirus, dapat wala na makita sa 2nd scan). Otherwise, format one, install the OS and your antivirus (update it). wag mo munang isama sa iyong local workgroup para hindi malipatan ng virus through the network. actually, after updating the antivirus, best remove it from the network completely by unplugging the UTP cable. Now you have a pc ready to fix all your hardisks!
Disable the autoplay of that pc first, kung hindi mo pa nagagawa (ito ang isa sa unang ginagawa pagka install ng mobo drivers).
Change your problem hardisk jumper from master to slave. (if you don't know how to do this, hindi mo binabasa nakasulat sa hardisk mo.)
connect it to the newly formatted pc (oi oi, don't forget to turn off the power!gusto mo ba umusok pc mo?).
turn on the pc. right click start > explore. make sure your hardisk is there. don't do this by opening My Computer on your desktop!!! baka mainfect pa pang scan mong hardisk sayang naman.
if you're using AVG, go to Test Center. select "Scan Selected Areas". select your problem drive (or partitions).
After the antivirus has scanned the hardisk, open by right clicking Start> click Explore and navigate down to your hardisk on the left panel (isang click lang, hindi dobol click! better use the arrows on your keyboard). if it was an autorun virus, maiiwan ang autorun.inf file sa C drive mo, and in any other parition na meron ang hardisk na yan. delete those too.
Done! ikabit mo ulit sa pinaggalingan nyang pc. should be virus free now. hey, don't forget to put the hardisk's jumper back to "master".
can't get any easier than that. pag sanay ka na, depending on how much data is on the hd, you should have your problem pc up and running in less than an hour. ^^<br><br>Post edited by: Bien, at: 2008/06/13 10:34
Last edit: Post by Bien. Reason: fixed typo errors
Exit your Antivirus before running this! Especially kung AVG gamit nyo. Hindi pa naaayos ng bagong AVG "false positive" nya sa tool na to.
It was made by
. Last time i checked, Tiga Lipa virus pa lang sakop ng tool nya. Now there are even fixes for some of the registry entries viruses tend to disable or change to prevent removal.
don't forget to update! yes, sosyal na si Leerz ngayon, at may update capabillity na ang Noob Killer nya.
I advice using the tool as soon as you suspect or confirm infection by these viruses to minimize the damage (which means you haven't read a thing i wrote before this, otherwise you wouldn't be infected). Another great thing about it is, it kills the processes on the fly. No need to boot from another pc. Just let it run, sit back, and wait for it to finish.
Another nifty job it does is that it removes any autorun.inf hidden in your root drives. ^^
When scanning is done and the pc is rebooted, you may now try restoring your system settings under Tools > Registry patches.
Note: If there's no floppy in your floppy drive, it may make some noise. No biggie. just the program checking if there's an infected floppy there. If you let it scan on 8-X, it would rattle your floppy drive many times. ^^
perhaps you can try this to prevent AUTORUN.INF files from being used on your PC, from any medium
to quote from the source:
"... it's as if AUTORUN.INF is completely empty, and so nothing autoruns, and nothing is added to the Explorer double-click action. Result: worms cannot get in - unless you start double-clicking executables..."
Often times, flash drives gets infefcted by autorun viruses and folders seem to disappear, making the owner think that they have been erased. More often than not, these folders have only been hidden from view by the virus.
even though folder view let's you see them, sometimes their hidden attributes cannot be changed by simply unchecking the drive's "Hidden" property.
make sure the drive is free from viruses.
To restore them into their normal state:
click Start> then select Run
press enter and a dos command window should appear