Avast WEBforum
Other => Viruses and worms => Topic started by: neilmboma on December 18, 2008, 06:39:04 PM
-
Hello everyone? I'm having trouble removing the virus BV:AutoRun-H [Wrm]. I have installed the avast home edition and updates are not helping at the moment. please help me to remove it, it's really disrupting my daily computer activities and i fear it will shortly start to hit my files and data. Please. Thanks alot!!!
-
any other detections over there? malicious autoruns are bundled with the executive part (frequently located in drive root or in recycle bin)... can you post here the content of the malicious autorun?
-
To get clean, I also suggest:
1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! (http://www.freedrweb.com/cureit/) instead.
3. Use SUPERantispyware (http://www.superantispyware.com), MBAM (http://malwarebytes.org/mbam.php) or Spyware Terminator (http://www.spywareterminator.com/) to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
4. Test your machine with anti-rootkit applications (http://www.antirootkit.com/software/index.htm). I suggest avast! antirootkit (http://files.avast.com/files/beta/aswar.exe) or Trend Micro RootkitBuster (http://www.trendmicro.com/download/rbuster.asp).
5. Make a HijackThis (http://www.bleepingcomputer.com/files/hijackthis.php) log to post here or this analysis site (http://www.hijackthis.de/#anl). Or even submit the RunScanner (http://www.runscanner.net/) log to to on-line analysis.
6. Disable System Restore and then reenable it again.
7. Immunize your system with SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) or Windows Advanced Care (http://www.iobit.com/AdvancedWindowsCarePersonal/index.html).
8. Check if you have insecure applications with Secunia Software Inspector (http://secunia.com/software_inspector/).
-
This kind of Virus is a program that is hidden and activated by windows. If you don't remove the *.com it will come back.
Wow.... That's just a little over done. Avast will find it.... but you have some work to do yourself....
1: Locate - either avast will find it or you will notice it when you just doubleclick you c: in MyComputer.
2: Use notepad and create the following
autorun.inf
(code) [autorun]
(code) open=c:\
Note: When you hit save as make sure that it is selected to "any file" instead of txt
3: Go to tools>folderoptions>viewtab
Uncheck": hide protected operating files
4: go to c:\recycler\ Delete any program files
5: Go to run command in startmenu and type regedit
(be careful here)
HKEY_CURRENT_USER
+ HKEY_CURRENT_USER\Software
+ HKEY_CURRENT_USER\Software\Microsoft
+ HKEY_CURRENT_USER\Software\Microsoft\Windows
+ HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion
+ HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
+ HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
(this is where it is different for everyone... in the keys expand till you see anything that says recycler... if it does delete the directory that says autorun... WARNING make sure you check the drive path because your cdrom or usb device autoruns are here too.)
Have a nice day