Autorun.inf
Autorun.inf is a generic file used to determine basic computer behavior for CDs. Although harmless in and of itself, Autorun.inf may also be used to run harmful Trojans and other malware. Since the probability of infecting other systems with a CD infected by a malicious Autorun.inf file is very high, you should make every effort to delete the infection before using the CD further. An Autorun.inf infection is rarely the only case of infection in a system, and will usually only be a symptom of other malware problems that should also be taken care of.
Getting to Know Autorun.inf
Legitimate software use Autorun.inf to run program menus instantly when the CD is placed in the computer's drive. The Autorun.inf file can also determine the kinds of menu commands shown when right-clicking the drive icon, as well as icons that show up when the CD is being read. Autorun.inf is a simple text file that takes up negligible space and has no real functionality besides the above mentioned capabilities.
In most cases both benign and malware-based, Autorun.inf will be set to have the Hidden attribute. This will make Autorun.inf invisible to any users who've retained default file viewing settings that prevent Hidden files from being seen. If you want to see whether a CD has an Autorun.inf file or not, alter your file viewing settings appropriately.
Legitimate software CDs don't spontaneously acquire Autorun.inf, but have the Autorun.inf file included along with all other basic program files. If a CD was previously lacking in an Autorun.inf file but suddenly shows one, then it's highly likely that this was caused by a Trojan or other kind of malware.
Autorun.inf's Fall to Malware
Unfortunately, despite its useful applications, Autorun.inf can also be created and used by malware. Typically this will cause the CD in question to run the malware instantly as soon as the CD is inserted into any computer's drive. This allows infections to spread very rapidly if not identified quickly. Infections will not necessarily show any obvious signs of interfering with the new victimized computer, since many kinds of malware are designed to stay hidden even during installation.
The original malware that creates the abusive Autorun.inf file may or may not allow you to delete Autorun.inf directly. In most situations, one should reboot into Safe Mode and use security software to scan for and delete the infection in all its forms. Only once the infection is deleted are you guaranteed the ability to remove the corrupt Autorun.inf file permanently.
Since Autorun.inf is a text file, one may be able to inspect the contents of the file to discern whether Autorun.inf's an infection or a legitimate inclusion. As a commonly-used software element, Autorun.inf's presence isn't necessarily harmful. However, one shouldn't neglect the possibility of infection when Autorun.inf's present, and be ready to use anti-malware programs to remove corrupt Autorun.inf files whenever reading a new CD.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:C:\autorun.inf
File name: C:\autorun.infMime Type: unknown/inf
C:\Documents and Settings\<username>\My Documents\autorun.inf
File name: C:\Documents and Settings\<username>\My Documents\autorun.infMime Type: unknown/inf
C:\WINDOWS\system32\Autorun.inf
File name: C:\WINDOWS\system32\Autorun.infMime Type: unknown/inf
C:\Documents and Settings\<username>\My Documents\My Music\autorun.inf
File name: C:\Documents and Settings\<username>\My Documents\My Music\autorun.infMime Type: unknown/inf
C:\Documents and Settings\<username>\My Documents\My Pictures\autorun.inf
File name: C:\Documents and Settings\<username>\My Documents\My Pictures\autorun.infMime Type: unknown/inf
i want 2 remove autorun.inf i
if pen drive is affected by autorun.inf trojan,It is als associated with hidden files
qazwsx\zaqxsw.exe
qazwsx\Desktop.ini
size of zaqxsw.exe file is 211,968
use safe mode command prompt to delete it
del /a *
sometimes zaqxsw.exe affect your PC and sit under in C:\RECYCLER\S-1-5-21-8751926100-3516730847-449045751-7323
directory as czzi.exe
search the file czzi.exe in c:
dir /s czzi.exe
and delete it
del /a czzi.exe
make a autorun.inf directory in your pen drive root, set its attribute as hidden and system
attrib +r +h +s autorun.inf
ISSUE RESOLVED !
- Dennis Jaat
Sir,
my Pc autorun.inf virus show
pen drive connect to autorun.inf virus show
pendrive is format after autorun.inf virus show
plz help me
thank you
Remove autorun.inf virus manually.
1). Go to any folder.In that on the top menu go to Tools--> Folder Options, which will be beside File, Edit, View, Favourites.
2). A window pops up after you click on folder options.In that window go to View tab and select the option Show hidden files and folders.Now uncheck the option Hide protected Operating system files.Click Ok
3). Now Open your drives (By right click and select Explore. Don't double click!) Delete autorun.inf and MS32DLL.dll.vbs or MS32DLL.dll (use Shift+Delete as it deletes files forever.) in all drives include Handy Drive and Floppy disk.
4). Open folder C:\WINDOWS to delete MS32DLL.dll.vbs or MS32DLL.dll (Use Shift+Delete ) 5). Go to start --> Run --> Regedit and the Registry editor will open
6). Now navigate in the left pane as follows: HKEY_LOCAL_MACHINE --> Software --> Microsoft --> Windows --> Current Version --> Run .Now delete the entry MS32DLL (Use Delete key on keyboard)
7). Go to HKEY_CURRENT_USER --> Software --> Microsoft --> Internet Explorer --> Main and delete the entry Window Title "Hacked by Godzilla"
8). Now open the group policy editor by typing gpedit.msc in Start --> run and pressing enter.
9). Go to User Configuration --> Administrative Templates --> System. Double Click on entry Turn Off Autoplay then Turn Off Autoplay Properties will display.Do as follows: Select Enabled
10). Select All drives and Click OK
11). Now go to start --> Run and type msconfig there and press Enter.A system configuration utility dialogue will open.
12). Go to startup tab in it and uncheck MS32DLL .Now click Ok and when the system configuration utility asks for restart ,click on exit without restart.
13). Now go to Tools --> Folder Options on the top menu of some folder again and select the Do not show Hidden files and check Hide operating system files.
14). Go to your recyclable bin and empty it to prevent any possiblity of MS322DLL.dll.vbs lying there.
Now restart your PC once and you can now open your hard disk drives by double clicking on them
To view More Manual methods to remove autorun.inf virus visit
http://virushunt.com/a/autorun.inf-virus-removal.html
I cant do the last step , i cant find this file ,I have 1932 atacks from this file, my antivirus detect it on my ipod,psp,telephone what i must do????????
Sir, my Pc autorun.inf virus show pen drive connect to autorun.inf virus show pendrive is format after autorun.inf virus show plz help me thank you
hi good day ..my laptop also has autorun.inf in my back up d:/ i have tried what you said above but it still appears and i cant delete it, it says \"THIS IS NO LONGER LOCATED IN D:\\.VERIFY THE ITEMS LOCATION AND TRY AGAIN.\".. im using windows vista ultimate.please help..thanks alot/.
im using win7 its always saying cud not loc8 file autorun wat must i do?
hi good day ..my laptop also has autorun.inf in my back up d:/ i have tried what you said above but it still appears and i cant delete it, it says \"THIS IS NO LONGER LOCATED IN D:\\.VERIFY THE ITEMS LOCATION AND TRY AGAIN.\".. im using windows vista ultimate.please help
plz help, how to remove autorun.inf from windows.
I am a seaman all our computers in the ship and our laptops are infected by the autorun virus,another is a recycler,and a Trojan .it hides your files and leaves all but short cuts.