mak123 Posted November 19, 2010 Share Posted November 19, 2010 hi; while i insert one pen drive and i use to open through autoplay it show in shortcut files... :unsure: how to remove virus? or otherwise i ready to format pen drive but unable to format..... Link to comment Share on other sites More sharing options...
Singh400 Posted November 19, 2010 Share Posted November 19, 2010 Disable autoplay across the system, and then remove the infection. Link to comment Share on other sites More sharing options...
mak123 Posted November 20, 2010 Author Share Posted November 20, 2010 how to remove....???? Link to comment Share on other sites More sharing options...
Hum Posted November 20, 2010 Share Posted November 20, 2010 ^ Use an anti-virus program, such as AVG. Or if you can identify the file from the list, simply Delete it. Link to comment Share on other sites More sharing options...
Lup0Solitari0 Posted August 17, 2011 Share Posted August 17, 2011 Solution for anyone facing the Autorun.inf virus which changes the attributes of folders on your USB device creating shortcuts to all folders located on the USB device. This virus (secure32.exe) is launched through the auturun.inf file when a USB device is connected to your computer. The virus adds a line to the autorun.inf file, creates shortcuts of folders, changes the attributes of folders to hidden and also creates a random numbered folder on the USB (9584549). Within this random numbered folder you will find .exe files which are linked to the shortcuts of your original folders. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ *************************** *ORIGINAL AUTORUN.INF FILE* *************************** [autorun] icon=%SystemRoot%\system32\SHELL32.dll,4 action=Open folder to view files UseAutoPlay=1 *************************** *INFECTED AUTORUN.INF FILE* *************************** [autorun] icon=%SystemRoot%\system32\SHELL32.dll,4 action=Open folder to view files UseAutoPlay=1 shellexecute=secure32.exe /\/\/\/\/\/\ /\ INFO /\ /\/\/\/\/\/\ The line shellexecute=secure32.exe executes the virus when a USB Device is connected to the Computer. This line has been added to the Autorun.inf file by the virus by either editing the autorun.inf file or removing and creating a new version of the file. **************************** *MY EDITED AUTORUN.INF FILE* **************************** [autorun] icon=%SystemRoot%\system32\SHELL32.dll,4 shellexecute=F:\USB_Shortcu-Temp_Viri_Fix\USB_Shortcut_Temp_Viri_Fix.bat action=Open folder to view files UseAutoPlay=1 /\/\/\/\/\/\ /\ INFO /\ /\/\/\/\/\/\ The Line (shellexecute=F:\USB_Shortcu-Temp_Viri_Fix\USB_Shortcut_Temp_Viri_Fix.bat) located in my edited autorun.inf file was used to initiate the batch file I created to run through the process of Altering File and Folder Attributes, Delete the Virus file, Delete the Random Numbered Folder and Files and Delete and Replace the Autorun.inf file. ***************************************************************** *BATCH FILE USED TO AUTOMATE ATTRIBUTE AND VIRUS REMOVAL PROCESS* ***************************************************************** @ECHO OFF color 0C prompt LS: ECHO ***************************** ECHO *Altering Folder Permissions* ECHO *~~~~~~~~~~~~~~~~~~~~~~~~~~~* ECHO *This Make Take A While * ECHO *Depending On The Amount Of * ECHO *Hidden Folders On The USB * ECHO ***************************** ECHO. @ECHO OFF attrib -h -r -s /s /d F:\*.* ECHO. ECHO ********************** ECHO *Deleting Autorun.inf* ECHO ********************** @ECHO OFF del F:\autorun.inf del F:\secure32.exe ECHO. ECHO **************************** ECHO *Copying Edited Autorun.inf* ECHO *~~~~~~~~~~~~~~~~~~~~~~~~~~* ECHO * And * ECHO *~~~~~~~~~~~~~~~~~~~~~~~~~~* ECHO *Altering File Attributes * ECHO **************************** @ECHO OFF copy F:\USB_Shortcu-Temp_Viri_Fix\autorun.inf F:\ attrib +r F:\autorun.inf @ECHO OFF start F:\ ECHO. ECHO ********************************************** ECHO * Process Completed * ECHO *~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~* ECHO *Delete Unwanted Shortcut Files From Your USB* ECHO *And Folder 9584549 * ECHO *~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~* ECHO * Brought To You By Lupo Solitario * ECHO *~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~* ECHO * Thank You Come Again!!! * ECHO ********************************************** ECHO @@@@ @@@@ ECHO @ @ @ @ ECHO @@@@ @@@@ ECHO @ ECHO @ ECHO @@@@ ECHO. ECHO @ @ ECHO @ @ ECHO @@@@@@@@ ECHO. pause /\/\/\/\/\/\ /\ NOTE /\ /\/\/\/\/\/\ The batch files and autorun.inf option was a temp fix until I got an antivirus software to completely remove the virus. When the batch file and option is used is removes the attributes (-r -h -s) added to the folder(s)by the virus and relates the virus and numbered folder but the virus is still hidden somewhere on the system. The batch file can be used after running Kaspersky Virus Removal Tool 2011 to change the file and folder permissions. The Shortcut folders will still need to be deleted manually and also maybe the Random Numbered folder created by the Virus. If using the batch file or remember to change the drive letters to the letters corresponding to the USB Device letters. The lines that need to have changes to it: attrib -h -r -s /s /d F:\*.* del F:\autorun.inf del F:\secure32.exe copy F:\USB_Shortcu-Temp_Viri_Fix\autorun.inf F:\ attrib +r F:\autorun.inf start F:\ The drive letter F:\ will need to be changed to the letter which corresponds to the USB device, if not the commands will not work. The batch file may take a while depending on the amount of File and Folders located on the USB Device. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SHELLEXECUTE = The SHELLEXECUTE command opens a document or starts an application. Mostly used to open documents automatically. If this command is used with a document, an associated program that can open the document will be automatically run. This command requires Windows ME/2000 or newer. This is the method the secure32.exe virus uses to run when a USB device is connected to the computer. Editing or Deleting the autorun.inf file from the use does not help as when the system is infected it will repeat the process when another USB device is connected. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ **************************** * STEP 1 * **************************** * GETTING RID OF THE VIRUS * **************************** I have tried many different AntiMalware, Spyware and Antivirus Software to no avail, (This may also be due to the useless IT Technician at my company and the use of LAME USB Modems which meant all systems were not connected to the net to properly update antivirus and System Software). I finally tried Kaspersky Virus Removal Tool 2011 which detected the virus (secure32.exe) and also the .exe files created and stored in the Randomly Numbered folder. (1) Download Kaspersky Virus Removal Tool 2011 (http://www.kaspersky.com/antivirus-removal-tool?form=1) (2) Connect the infected USB device(s) to the system (3) Run Kaspersky Virus Removal Tool 2011 (4) Go into the settings (Gear wheel to the right of the program and make sure the USB device(s) is/are selected from the list I would recommend selecting Local C, My Computer, My Documents and any other drive on your system to make sure the virus is not hidden anywhere else on the system) (5) Go Back to Automatic Scan and perform a system scan (you will be prompted for an action on what to do when the virus is detected some option may require the system to be restarted) (6) When the scan has completed go to Step 2 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ **************************** * STEP 2 * **************************** *OPENING THE COMMAND PROMPT* **************************** Opening the Command Prompt OPTION 1 (1) Click on Start (2) Run (3) In the Run popup box type in cmd and press Enter OR OPTION 2 (1) Press the Windows Key + R (2) In the Run popup box type in cmd and press Enter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ **************************** * STEP 3 * **************************** *CHANGING FOLDER ATTRIBUTES* **************************** When the Command Prompt has opened type in attrib -r -s -h /s /d e:\*.* That command will (attrib -r -s -d) remove the Hidden feature, Read only and System Attributes added to the file by the virus. The (/s) will process matching files in the current folder and subfolders and (/d) processes folders as well. The Letter e:\ refers to the USB device infected by the virus, change the letter e:\ to represent the drive letter of your infected USB device. The (*.*) option tells the system to apply the attribute to all files and folders located on the device. /\/\/\/\/\/\ /\ INFO /\ /\/\/\/\/\/\ For help with Dos Commands type Help followed by the command name E.G. help attrib /\/\/\/\/\/\ /\ NOTE /\ /\/\/\/\/\/\ Once The Attributes have been change you will now be able to view and access your original folders which were hidden once everything was done correctly you should now be free of the aurotun.inf shortcut virus. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ *************************************************** *BATCH FILE USED TO AUTOMATE ATTRIBUTE CHANGE * *************************************************** *BELOW THIS BATCH FILE ONLY CHANGES THE ATTRIBUTES* *************************************************** @ECHO OFF color 0C prompt LS: ECHO ***************************** ECHO *Altering Folder Permissions* ECHO *~~~~~~~~~~~~~~~~~~~~~~~~~~~* ECHO *This Make Take A While * ECHO *Depending On The Amount Of * ECHO *Hidden Folders On The USB * ECHO ***************************** ECHO. @ECHO OFF attrib -h -r -s /s /d F:\*.* @ECHO OFF start F:\ ECHO. ECHO ********************************************** ECHO * Process Completed * ECHO *~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~* ECHO *Delete Unwanted Shortcut Files From Your USB* ECHo *And Folder 9584549 * ECHO *~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~* ECHO * Brought To You By Lupo Solitario * ECHO *~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~* ECHO * Thank You Come Again!!! * ECHO ********************************************** ECHO @@@@ @@@@ ECHO @ @ @ @ ECHO @@@@ @@@@ ECHO @ ECHO @ ECHO @@@@ ECHO. ECHO @ @ ECHO @ @ ECHO @@@@@@@@ ECHO. pause DOWNLOAD LINKS Batch File: http://www.filefactory.com/file/cd01640/n/USB_Shortcut-Temp_Viri_Fix.rar Kaspersky Virus Removal Tool: http://www.kaspersky.com/antivirus-removal-tool?form=1 <><><><><><><><><><><><><> <> <><><><><><><><><><><> <> GOOD LUCK LUPO SOLITARIO <> <> <><><><><><><><><><><> <><><><><><><><><><><><><> Link to comment Share on other sites More sharing options...
+Warwagon MVC Posted August 17, 2011 MVC Share Posted August 17, 2011 Boot off a linux Live CD or bartpe cd and nuke it off the usb drive. Link to comment Share on other sites More sharing options...
babypp2 Posted August 17, 2011 Share Posted August 17, 2011 Use an anti-virus program, such as AVG. Link to comment Share on other sites More sharing options...
Recommended Posts