Question

Locked

autorun.inf

By ankitmahapatra22 ·
what are the hazards of having trojan named
autorun.inf in the system or what damage does
it do or what are its threats.

This conversation is currently closed to new comments.

13 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Answers

Collapse -

What makes you think this is a Trojan?

by OH Smeg In reply to autorun.inf

Autorun.inf is a Windows file that enables things to Auto Run like a CD when you insert it.

So what did you scan this computer with to get this notification and where is the file located?

This is a description of the Autorun.inf file

Autorun.inf is the primary instruction file associated with the Autorun function. Autorun.inf itself is a simple text-based configuration file that tells the operating system which executable to start, which icon to use, and which additional menu commands to make available. In other words, autorun.inf tells Windows how to deal open the presentation and treat the contents of the CD.

The entire sequence is initiated when the "disk change notifcation" polling discovers a new disk in the CD or DVD ROM drive. Then, if the "Auto insert notification" feature is enabled (it is by default), Windows checks in the new disk's root directory for the existence of an "autorun.inf" file. If found, Windows then reads and follows the specific instructions this file defines. If no autorun.inf file is found, then Windows refers to the new disk by its serial number and executes the default actions associated with the (data or audio) content on the disk.


Col

Collapse -

detection

by ankitmahapatra22 In reply to What makes you think this ...

whenever i run a scan with avast it detects
it as a trojan even avg did.

Collapse -

OK in that case you will be unable to open the Drives

by OH Smeg In reply to detection

In My Computer. This infection does the exact opposite of what it's name & Windows Counterpart File do instead of making things Auto Run it stops them from running or opening.

Ideally it should be removed so try the Autorun Removal Tool available here

http://www.softpedia.com/get/Antivirus/W32-Autorun-Worm-Removal.shtml

Col

Collapse -

How to remove Autorun.inf Virus

You need to go to this site and then you can choose with cure that meets your needs.. :)

http://babyface.name/2008/02/20/how-to-remove-autoruninf-virus/

Please post back if you have any more problems or questions.
If this information is useful, please mark as helpful. Thanks.

Collapse -

reply

by ankitmahapatra22 In reply to How to remove Autorun.inf ...

i just want to know its threats or the damage
it can do.

Collapse -

duplicate

I have this virus that saves itself on every storage device. Every time i switch on the pc it first goes to personiled settings. I can't delete it. Help!

Collapse -

How to remove a RESTORE Virus

I have this virus that saves itself on every storage device. Every time i switch on the pc it first goes to personalized settings. I can't delete it. Help!

Collapse -

Try this

by Jacky Howe In reply to How to remove a RESTORE V ...

Download HijackThis and run it and then go to the site below to analyze it to find out the name of the infection by posting it or post the log file here.
<br><br>
http://aumha.org/downloads/hijackthis.exe
<br><br>
HijackThis log file analysis
<br><br>
Hijack This opens you a possibility to find and fix nasty entries on your computer easier. Therefore it will scan special parts in the registry and on your harddisk and compare them with the default settings. If there is some abnormality detected on your computer HijackThis will save them into a logfile. In order to find out what entries are nasty and what are installed by the user, you need some background information.
<br><br>
A logfile is not so easy to analyze. Even for an advanced computer user.
<br><br>
http://hijackthis.de/
<br><br>
http://www.whoismadhur.com/2008/01/26/how-to-remove-virus-from-usb-drives/
<br><br>
forgot a link.
</br>

Collapse -

If it is this one

by Jacky Howe In reply to autorun.inf

Virus.Win32.AutoRun.ah
<br>
http://www.viruslist.com/en/viruses/encyclopedia?virusid=160221
<br><br>
According to Kaspersky the virus is the Virus.Win32.AutoRun.ah, a molar virus that searches for passwords to online games and sends them to a server located in China. It also deletes other molar viruses and can disable virus detection software. All of the known games affected are Chinese with the exception of World of Warcraft. The following games are affected.
<br><br>
WSGame<br>
**.com<br>
QQ<br>
Woool<br>
rxjh.17game.com<br>
TianLongBaBu<br>
AskTao<br>
Perfect World (Wanmei Shijie)<br>
World of Warcraft<br>
<br><br>
<i>Keep us informed as to your progress if you require further assistance.</i>
<br><br>
<i>If you think that any of the posts that have been made by all TR Members, have solved or contributed to solving the problem, please Mark them as <b>Helpful</b> so that others may benefit from the outcome.
</i>

Collapse -

reply

by ankitmahapatra22 In reply to If it is this one

i have not been able to see any significant
changes in my computer although that virus is
still there maybe because i got a lot of help
from this site in correcting the changes done
by that virus. Here is my hijack this log can
you make out anything from it:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:38:29 PM, on 10/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00
(7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil
Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil
Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile
Device
Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
C:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil
Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program
Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Microsoft
Office\Office12\GrooveMonitor.exe
C:\Program Files\Common
Files\Real\Update_OB\realsched.exe
C:\Program
Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program
Files\Google\GoogleToolbarNotifier\GoogleTool
barNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common
Files\AOL\1222618135\ee\AOLHostManager.exe
C:\Program Files\Common
Files\AOL\1222618135\ee\AOLServiceHost.exe
C:\Program Files\Spybot - Search &
Destroy\TeaTimer.exe
C:\Documents and Settings\B I C\Local
Settings\Application
Data\Google\Update\GoogleUpdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Webshots\webshots.scr
C:\Documents and Settings\B I C\Local
Settings\Application
Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\B I C\Local
Settings\Application
Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\Google
Talk\googletalk.exe
C:\Documents and Settings\B I C\Local
Settings\Application
Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\B I C\Local
Settings\Application
Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend
Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,SearchAssistant =
http://server.toolbar.rediff.com/toolbar/3.0/
sidesearch.html?mode=toolbar
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://start.gametop.com/?
utm_source=MadTruckers&utm_medium=start
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=6**57
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=6**57
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
http://server.toolbar.rediff.com/toolbar/3.0/
sidesearch.html?mode=toolbar
R3 - URLSearchHook: Winamp Search Class -
{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} -
C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: (no name) - {12F02779-
6D88-4958-8AD3-83C12D86ADC7} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe S
F3 - REG:win.ini: load=
O2 - BHO: Octh Class - {000123B4-9B42-4900-
B3F7-F4B073EFC214} - C:\Program
Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-
C3F9-4EFB-9B51-7695ECA05670} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-
89c1-aa35e3**43ed} - C:\Program
Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-
5730-41bc-8B58-22DDC8AB8C20} - C:\Program
Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record
Plugin for Internet Explorer - {3049C3E9-
B461-4BC5-8870-4C0**46192CA} - C:\Program
Files\Real\RealPlayer\rpbrowserrecordplugin.d
ll
O2 - BHO: Spybot-S&amp IE Protection -
{53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SpeedBitPlus Toolbar - {60270dc7-
9ea0-472f-9b77-66652c06246e} - C:\Program
Files\SpeedBitPlus\tbSpe1.dll
O2 - BHO: Groove GFS Browser Helper -
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} -
C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-
462C-B6EB-D4DAF1D92D43} - C:\Program
Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-
01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO -
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -
C:\Program
Files\Google\GoogleToolbarNotifier\4.1.509.69
72\swg.dll
O3 - Toolbar: (no name) - {12F02779-6D88-
4958-8AD3-83C12D86ADC7} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-
9B18-009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-
9094-4c5a-858B-BB198F3D8DE2} - C:\Program
Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-
C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SpeedBitPlus Toolbar -
{60270dc7-9ea0-472f-9b77-66652c06246e} -
C:\Program Files\SpeedBitPlus\tbSpe1.dll
O4 - HKLM\..\Run: [avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program
Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Persistence]
C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray]
C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program
Files\Microsoft
Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program
Files\Google\Google Talk\googletalk.exe
/autostart
O4 - HKLM\..\Run: [TkBellExe] "C:\Program
Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched]
"C:\Program
Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program
Files\Common
Files\AOL\1222618135\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [Adobe Reader Speed
Launcher] "C:\Program Files\Adobe\Reader
8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2]
C:\Program Files\Uniblue\RegistryBooster
2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\GoogleTool
barNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer]
C:\Program Files\Spybot - Search &
Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster
2009] C:\Program
Files\Uniblue\RegistryBooster\RegistryBooster
.exe /S
O4 - HKCU\..\Run: [VoipBuster] "C:\Program
Files\VoipBuster.com\VoipBuster\VoipBuster.ex
e" -nosplash -minimized
O4 - HKCU\..\Run: [Google Update]
"C:\Documents and Settings\B I C\Local
Settings\Application
Data\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: OneNote 2007 Screen Clipper and
Launcher.lnk = C:\Program Files\Microsoft
Office\Office12\ONENOTEM.EXE
O4 - Startup: Rainlendar.lnk = C:\Documents
and Settings\B I C\Desktop\Unused Desktop
Shortcuts\Rainlendar\Rainlendar.exe
O4 - Startup: Webshots.lnk = C:\Program
Files\Webshots\Launcher.exe
O4 - Global Startup: Orbit.lnk = C:\Program
Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by
Orbit - res://C:\Program
Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by
Orbit - res://C:\Program
Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Winamp Search
- C:\Documents and Settings\All
Users\Application Data\Winamp
Toolbar\ieToolbar\resources\en-
US\local\search.html
O8 - Extra context menu item: Do&wnload
selected by Orbit - res://C:\Program
Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all
by Orbit - res://C:\Program
Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to
Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE
/3000
O9 - Extra button: (no name) - {08B0E5C0-
4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console
- {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote -
{2670000A-7350-4f3c-8081-5663EE0C6C49} -
C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote
- {2670000A-7350-4f3c-8081-5663EE0C6C49} -
C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-
41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-
47F8-48C4-A200-58CAB36FD2A2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search
& Destroy Configuration - {DFB852A3-47F8-
48C4-A200-58CAB36FD2A2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1**0-
F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows
Messenger - {FB5F1**0-F110-11d2-BB9E-
00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-
444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/shockwa
ve/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-
F0CA-4636-A375-3CB6248B04CD} -
C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs:
C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple,
Inc. - C:\Program Files\Common
Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service
(aswUpdSv) - ALWIL Software - C:\Program
Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL
Software - C:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL
Software - C:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL
Software - C:\Program Files\Alwil
Software\Avast4\ashWebSv.exe
O23 - Service: Google Desktop Manager
5.7.806.10245 (GoogleDesktopManager-061008-
081103) - Google - C:\Program
Files\Google\Google Desktop
Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc)
- Google - C:\Program
Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. -
C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 11344 bytes

Back to Windows Forum
13 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums