Recently i noticed that quite of number visitor came to my blog view my post 'how to disable autorun.inf to prevent virus attack computer ' .I don't know either they want to get the preventive action or need to find the solution that computer infected by autorun virus.Here i will conclude my solution or method to help all of you.(i use this solution help my friend to 'kill' these virus and worked). 1 - Disable system restore.
step 1 - Click 'Control Panel' to 'System',
step 2 - Select 'system restore',then put check for 'turn off system store on all devices'.
2 - Clear IE temporary internet files.
step 1 - In IE,select 'Tool' to 'internet option',
step 2 - In internet temporary file,select 'delete file' to check for 'delete all offline content'.,then click 'ok'.
3 - Disk clean up.
step 1 - 'Start' to 'All Program' to 'Accessories' to 'System Tool' to 'Disk cleanup',
step 2 - Select C drive and click 'ok'.then starting C drive cleanup.
step 3 - After complete disk cleanup,put check to all file and click 'ok'.
step 4 - Repeat step 2 to step 3 for other drive ( D,E,F...) to have disk cleanup.
Now all the temporary internet files clean up already.Normally autorun virus are caused by flash memory or other removable devices to transfer,save file from one computer to another computer,these autorun virus have three execute file,kavo.exe,autorun.inf and ntdelect.com .
These 3 files all are hidden files,they will disable or hidden your folder option 'show hidden files and folder' and make you can't run in 'show hidden files and folder',then you can't search for these 3 files in window and deleted it (very clever,isn't ?).
How to showed these 3 files in window ?you have to use DOS command.Below are the step to show you how to delete autorun virus.
step 1 - Click 'Start' to 'Run' to key in 'cmd',then 'Enter',it will show command prompt,
step 2 - Check every drive (C,D,E,...).If you wanted to check the Cdrive,
key in dir c:\ /a/w in command prompt.
If for drive D,key in
dir d:\ /a/w
step 3 - All the system and exe.files will show up in the command prompt,please check is there any autorun.inf and ntdeleted.com inside.Before delete these 2 files.we need to disable 'hidden','system' and 'read only' attributes.
For C drive,key in (in command prompt)
attrib -s -h -r c:\autorun.inf
attrib -s -h -r c:\ntdelect.com
For D drive
attrib -s -h -r d:\autorun.inf
attrib -s -h -r d:\ntdelect.com
step 4 - after disable the attributes,then start to manual delete these 2 files.
(Be careful don't key in ntdetect.com,the actual virus file is ntdelect.com. ntdetect.com is important start up system file,you will know what will happen if deleted ntdetect.com)
C drive key in
del c:\autorun.inf
del c:\ntdelect.com
D drive key in
del d:\autorun.inf
del d:\ntdelect.com
step 5 - After manual delete 'autorun.inf' and 'ntdelect.com',the next step is 'kavo.exe'.You need to delete kavo.exe file in C:\windows\system32\ .Repeat the step 3 to step 4 to disable the attributes and delete the file procedures,key in
attrib -s -h -r c:\windows\system32\kavo.exe
Then delete it with key in
del c:\windows\system32\kavo.exe
step 6 - Delete 'kavo.exe' in registry.
Open registry editor,go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows \CurrentVersion\Run,and
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows \CurrentVersion\Run
What you need to do is delete kavo and c:\windows\system32\kavo.exe value.
step 7 - to enable 'show hidden files and folder'
Open Notepad with new file,copy and paste below registry value and rename as .reg file and save it,then double click on it to save into registry.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"Text"="@shell32.dll,-30500"
"Type"="radio"
"CheckedValue"=dword:00000001
"ValueName"="Hidden"
"DefaultValue"=dword:00000002
"HKeyRoot"=dword:80000001
"HelpID"="shell.hlp#51105"
