Author Topic: Autorun.inf  (Read 5747 times)

Offline jackls

  • Newbie
  • *
  • Posts: 2
    • Personal Message (Offline)
Autorun.inf
« on: August 05, 2010, 04:24:45 PM »
Each time a UDS memory stick is pluged in, an autorun.inf file is added together with DIJAMANTE\veciti.exe to which autorun refers.   Cant delete these files unless explorer.exe process is stopped and then I can erase them via cmd. prompt.    They will not reappear if I restart explorer.exe but will appear next time I remove it and  plug in again.  Avast scan of these files is clear.  I also tried malwarebytes but also gives clear report.    No entry in the registry for veciti.exe.  Veciti.exe file properties describe it as CDBurnerXP version 4.3.2.2140 and is 151040 bytes.

What is this and how can I stop the process putting the files on the memory stick?

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69213
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: Autorun.inf
« Reply #1 on: August 05, 2010, 05:20:51 PM »
Flash Drive Disinfector
Information and Download Flash_Disinfector.exe by sUBs from >here< and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

Mirror download site, http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe

- Also see, AutoRun.inf problems, etc. - Download and run Autorun Eater
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21699
  • Gender: Male
    • Personal Message (Offline)
Re: Autorun.inf
« Reply #2 on: August 05, 2010, 05:21:54 PM »
Quote
Avast scan of these files is clear.  I also tried malwarebytes but also gives clear report.
Have you tried uploading the file to www.virustotal.com and have it checked by 42 virus scanners
when you have the result copy the URL in the adressbar and post it here
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline jackls

  • Newbie
  • *
  • Posts: 2
    • Personal Message (Offline)
Re: Autorun.inf
« Reply #3 on: August 05, 2010, 08:49:12 PM »
Thanks for the Virustotal link Pondus.  Scan results as follows

autorun.inf see http://www.virustotal.com/analisis/4aef6afbe53b9bb3dc1f0eb7f18c3cea8693c7c1b26a71b76968357f490c670d-1280931250
veciti.exe see http://www.virustotal.com/analisis/6d0942d3ddea7b28ffe0e20c499c7bf85cb3146d15e91fd87d6c2965072e8d2c-1280851185
or together in a zip file see
http://www.virustotal.com/analisis/73b117c67b4e0cface9f681bff0786301c529f04eb5ac0739ab6cadedf33e13c-1281039889

Seems to be a lot of info there but I have no idea what to do to remove it.   Any pointers as to how to analyse the results?  I dont really want to use a tool if I can help it and would rather do things manually.

Many thanks
jackls

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21699
  • Gender: Male
    • Personal Message (Offline)
Re: Autorun.inf
« Reply #4 on: August 05, 2010, 09:09:55 PM »
The first two are detected by Norman and the zip file by DrWeb, so you shoud be able to remove using these

Dr.Web CureIt http://www.freedrweb.com/cureit/?lng=en
How Do I Use Dr.Web CureIt!? http://www.freedrweb.com/cureit/how_it_works/
Norman Malware Cleaner http://www.norman.com/support/support_tools/58732/en-uk

Download and save to desktop, and run from there ( fully updated when downloaded )
the programs are not installed so when the work is done you can just remove by drag and drop in resycle bin

and you also have the tools suggested by DavidR
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69213
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: Autorun.inf
« Reply #5 on: August 05, 2010, 09:16:46 PM »
Use the Flash Drive Disinfector tool as that will place a folder on your hard disk partitions preventing reinfection of the autorun.inf file and then run the tool for for each USB that you have to do the same preventative measure.

Autorun eater may be required to remove the autorun.inf file on your USB and hard drives.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now