Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: autorun.ini , hidden folder and shortcut virus on flash drive


08 Jul 2013   #1

Windows 7 Ultimate service pack 1 64bit
 
 
autorun.ini , hidden folder and shortcut virus on flash drive

hi
I download RogueKiller and saved it to the desktop and performed the first scan with windows and browsers open. then realized that they should be closed so did another scan with everything closed. you can find both reports attached.
then as you instructed I used the "attrib -h -s -r -a /s /d G:\*.*"
my flash drive name is G:\
nothing seemed to happen in the command prompt as you see in the attached photo
then I checked my G:\ drive
the administrator shortcut still exists but the autorun.ini is gone for now. not sure if its permenantly gone though.
when i double click on the administrator shortcut i recevie this error: can not find script file "G:\Microsoft.exe".
at some point in the middle of these steps an unnamed folder showed up in the G:\ drive and a file with this extention: ".init" or something and one more file which sadly i can not recall its name. i shift+deleted them successfully.
after these steps I downloaded Rkill and ran scan. you can also find the report attached to this post.

I shoud also inform you that prior to these steps I used autorun exterminator for killing the autorun.ini but it did no good and kept cycling in a loop which the program deleted the autorun file but it kept regenerating itself over and over again.
oh and my anti virus does not detect any threats. it is ESET Smart Security.
there is also this wierd thing about my flash drive! the other day I inserted it into a pc at coffe net and on that pc I could see some stuff on my flash drive which I have deleted really long time ago(over 3years ago). what is wrong? how to fix it?
Is it possible that the virus aslo spread to my other flash drives or even my external hard drive?
one more thing! every time I insert this flash drive into my laptop, it says that it is recommanded to scan and fix the flash drive which I have done in a few times but the problem seems to resist no matter what!
could you plz check these out and help me with my problem?

cottonball, thanks for your reply I will follow your instructions and post the results for you. As you said, I have quoted your reply from the other thread below.


cottonball:
Quote:
tooca,


Please start your own topic right in this forum:
System Security - Windows 7 Help Forums
Just press the orange New Thread button.

Also, plug in the infected USB drive in your computer while pressing the left Shift key so that autorun is disabled (if present).

Press on with RogueKiller as follows...
•Quit all programs
•Right-click the RogueKiller file and select: Run as Administrator
•Wait until the Prescan finishes
•Press: Scan
•Then, press the [Delete] button.

Please post the new RKreport (Mode: Delete) (created on the Desktop) in your reply. <<---


Next, to find the User Name you are currently using, click the Start menu.
In the top right corner Windows 7 displays the current Windows profile that is running, right below your account picture.


Now, go to Start > All Programs > Accessories > Command Prompt
Right-click Command Prompt, and select: Run as Administrator

Please copy (with mouse) the entire contents of the quote box below, paste it at the blinking cursor of the Command Prompt, and press: Enter


Quote:
g:
attrib -s -h -a -r /s /d *.*
dir/b /s > C:\Users\username\Desktop\dirlist.txt


Note: Assumes g, on the first line, is the letter of your USB drive.
Replace username with yours.

Please provide the contents of the dirlist.txt (created on the Desktop) in your reply.

Also, please quote this post in the new thread you create.

Thanks!




Attached Images
  
Attached Files
File Type: txt RKreport[0]_S_07072013_203551.txt (3.8 KB, 1 views)
File Type: txt RKreport[0]_S_07072013_204818.txt (3.4 KB, 3 views)
File Type: txt Rkill.txt (4.1 KB, 3 views)
My System SpecsSystem Spec
.

08 Jul 2013   #2

Windows 7 Ultimate service pack 1 64bit
 
 

I pressed the left shift key and inserted the flash drive, no autorun poped up but the scan and fix error still shows up. did I do it right?
I ran the rougeKiller as administrator then scanned and pressed delete with lots of doubts ! when the deleting finished a notification poped up: "you must restart you computer to ??? user account settings"
should I be worried about this?
The delete report and dirlist are attached.
RKreport[0]_D_07082013_094159.txt
dirlist.txt
I also found out that I have $recycle.bin virus and system volume information on my laptop :|
should I start a new topic for that too?


My System SpecsSystem Spec
08 Jul 2013   #3

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

tooca

You should be fine with just this thread with both of your issues .
My System SpecsSystem Spec
.


08 Jul 2013   #4

Windows 7 Ultimate service pack 1 64bit
 
 

I wonder if this pic helps to find a way for solving the problem?
Name:  C2222apture.PNG
Views: 9
Size:  53.3 KB

Quote   Quote: Originally Posted by VistaKing View Post
tooca

You should be fine with just this thread with both of your issues .
thanks!


My System SpecsSystem Spec
08 Jul 2013   #5

Windows 7 Home Premium
 
 

tooca,

You are doing fine. Not to worry.


Please plug in the USB drive G:\, and get a capture of the notice you get when it is plugged in.
You can use the Snipping Tool to do so:
How to Use the Snipping Tool in Vista and Windows 7
http://www.vistax64.com/tutorials/14...ool-vista.html


Next, please quit all programs
•Right-click the RogueKiller file and select: Run as Administrator
•Wait until the Prescan finishes
•Press: Scan
•Once the scan is done, press the [Shortcut Fix] button.

Please post the new RKreport (Mode: Shortcut Fix) created on the Desktop in your reply.


Now, please scan with Malwarebytes Anti-Malware
Download:http://www.malwarebytes.org/mbam-download-exe.php
Save to the Desktop
Right-click the MBAM file, and select: Run as Administrator

When the installation begins, follow the prompts in the setup process.
DO NOT make any changes to default settings and when the program has finished installing, make sure only the Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware options are checked.
Uncheck: Enable free trial of Malwarebytes Anti-Malware PRO
Click on the Finish button.

If an update is found, the program automatically updates itself.
At the program console, on the Scanner tab, and select: Perform Full Scan
When the Select the Drives to scan appears, make sure all the drives, except the CD/DVD drive, are selected.
Next, click on the Scan button.

When the Malwarebytes scan is completed, click on: Show Results
When presented with a screen showing the malware detected, make sure everything is Checked, and click on: Remove Selected

When removal is completed, a report opens in Notepad.
Please copy/paste the entire contents of the MBAM report in your reply. <<<---


Note: If MBAM encounters a file that is difficult to remove, you are asked to reboot the computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) prevents MBAM from removing all the malware.



Now, go to Start > All Programs > Accessories > Command Prompt
Right-click Command Prompt, and select: Run as Administrator

Please copy (with mouse) the entire contents of the quote box below, paste it at the blinking cursor of the Command Prompt, and press: Enter


Quote:
g:
dir/b /s > C:\Users\username\Desktop\dirlist.txt


Note: Assumes g, on the first line, is the letter of your USB drive.
Replace username with yours.

Please provide the contents of the new dirlist.txt (created on the Desktop) in your reply.
My System SpecsSystem Spec
Reply

 autorun.ini , hidden folder and shortcut virus on flash drive




Thread Tools



Similar help and support threads for2: autorun.ini , hidden folder and shortcut virus on flash drive
Thread Forum
Solved Virus scanner installed on USB flash drive System Security
Solved Shortcut reappearing in USB, autorun.ini deleted already System Security
My Documents folder messed up, it's a hidden shortcut General Discussion
Solved Virus made the windows folder a hidden system folder System Security
How can I remove Heular virus from my USB flash drive? System Security
Library will not accept folder on flash drive Customization
USB Flash drive virus protection??? System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 08:32 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33