Sunday, July 20, 2008

Removing Autorun.inf/Autorun.ini virus manually

Please note that I've already posted this thing but it was only few steps.. Now I want you to apply several methods to remove the autorun.inf or autorun.ini virus.
METHOD I
You can easily remove the VB script viruses like MS32DLL.dll.vbs and others which works with the aid of autorun.inf in your harddrive. This virus is mostly transferred via USB pendrive which don't have any write protect function.
Although i recommend you to use a good virus removal software or script blocker. When you open any of the hard drives may be USB or primary hard disk. You will be directed to this visual basic script which drives your computer crazy. It becomes hard to access your harddrive.
Here's a way how to disable this script atleast.
As it works with the help of autorun.inf you must be aware to find the autorun.inf file in your hard drive which is read-only and hidden.
NOTE: Remember this script also blocks some of the contents in Folder options . For example, "show the hidden files".
So DOS, which is the best way for hackers as well as repairers to edit your computer.
Do the following.
STEP 1:
Locate the infected drive either C:, D:, E:, F, and so on.
STEP 2:
Now search for the file name autorun.inf using dir command.
" C:/dir autorun.inf (where C, is your drive)"
STEP 3:
I know that, it won't discover any of the file name autorun.inf as it is the hidden one. Try the following:
" C:/dir/ah (where C is ur drive letter)
Now you can see the files autorun.inf of approx 100+ Kb and MS32DLL.dll.vbs file.

STEP 4:
Autorun.inf is the Master and MS32DLL.dll.vbs is a worker. Autorun.inf gives order to work out on the computer. So first you must delete the file named autorun.inf try these codes.
"C:/del/ah/f autorun.inf"
I think the file is now deleted

STEP 5:
Now type following commands:
"C:/copy con autorun.inf (Enter)
[AutoRun]
open=explorer.exep(Press F6 button and hit enter)

Now you are approx. done.
Now do the same steps for MS32DLL.dll.vbs file as i mentioned in STEP 4
Try to restart the computer
You'll see the result, if not worked better you use a better virus removable and be prepared for future. If you want to remove this virus first download your usb drives and ur hard drives. Don't keep any backup.
AND HEY DON'T forget about the program wscript.exe check if it is running or not in you taskmanager. It makes the vbs file work.

METHOD II
Alternative method to remove autorun.inf virus or ms32dll.dll.vbs
1-2. double click on My computer on Desktop ,
- choose Tool and select "Folder options"
- click on "View" tap select "Show Hidden files and folders" and un hake "Hide Extention...."
- and "Hide protected operating system file" (this selections are important to find the files you need to delete)
- then click "OK"

3. open Windows Task Manager (ctrl-alt-del) and select the "Processes" tap
- Click on "Image name" to sort File
- find "wscript.exe" and click on "End Process" (if there is more than one process with that name you have to end all of them)
- close the "Task Manager"

4. then you will click on Start and select "Search" and search for "autorun.inf" (Search the computer)
- you will then delete all the files that contains the text MS32DLL.dll.vbs (the virus) by pressing: SHIFT + DELETE. (There of course should not be Autorun.inf in the C rooth).

5. you will also delete the virus from the system (C:\WINDOWS\ MS32DLL.dll.vbs) by pressing: SHIFT + DELETE

6. Next step is to edit the Register (Like always you have to be very care fool in the registry tools. Some mistake there can crash your computer)

- first, click on "Start" and select "Run" and type in "Regedit" and press "Enter".
- select HKEY_LOCAL_MACHINE --> Software -->Microsoft -->Windows --> Current Version --> Run.
- find there "MS32DLL" and delete that entry.

6. Then select HKEY_CURRENT_USER --> Software --> Microsoft --> Internet Explorer --> Main. There you find "Window Title "Hacked by Godzilla"" and you should delete that entry. You can close the registry now.

7. next you will click on Start --> Run and type in "gpedit.msc" and press "Enter". then you will open "Group Policy".
- there you will select User Configuration --> Administrative Templates --> System --> and there you will double click on "Turn Off Autoplay"

- in the window there you should select "Enabled" and select "All drives" (they say in this Thai webside that select all turn of Autoplay will be safer for not getting viruses). Now you can close the Group Policy.

8. Next you will click on Start --> Run and type "msconfig" and press "Enter".
- you will open "System Configuration Utility".
- click on "Startup" tap
- find the file MS32DLL, choose Enable All, then unhake "MS32DLL"
- click Apply then OK to close

- then you will exit the "System Configuration Utility" and select "Exit Without Restart" when prompt.

9. After this you double click on My Computer and select "Tools" and "Folder Options" and "View" tap to change back there.
- select "Hide Extention..." and "Hide protected operating system file" and "Don't show hidden files and folders".

- then you will empty the "Recycle bin" and "Restart" your computer.

After applying both methods, I trusted the second method. Which one worked great on you?Please do comment in it.