Author Topic: Please help me out about this virus: BV:AutoRun-H [Wrm]  (Read 5917 times)

0 Members and 1 Guest are viewing this topic.

neilmboma

  • Guest
Please help me out about this virus: BV:AutoRun-H [Wrm]
« on: December 18, 2008, 06:39:04 PM »
 Hello everyone? I'm having trouble removing the virus BV:AutoRun-H [Wrm]. I have installed the avast home edition and updates are not helping at the moment. please help me to remove it, it's really disrupting my daily computer activities and i fear it will shortly start to hit my files and data. Please. Thanks alot!!!

Offline Maxx_original

  • Moderator
  • Super Poster
  • *
  • Posts: 1479
Re: Please help me out about this virus: BV:AutoRun-H [Wrm]
« Reply #1 on: December 18, 2008, 06:49:12 PM »
any other detections over there? malicious autoruns are bundled with the executive part (frequently located in drive root or in recycle bin)... can you post here the content of the malicious autorun?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Please help me out about this virus: BV:AutoRun-H [Wrm]
« Reply #2 on: December 18, 2008, 07:21:36 PM »
To get clean, I also suggest:

1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
3. Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
5. Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
6. Disable System Restore and then reenable it again.
7. Immunize your system with SpywareBlaster or Windows Advanced Care.
8. Check if you have insecure applications with Secunia Software Inspector.
The best things in life are free.

Mystic

  • Guest
Re: Please help me out about this virus: BV:AutoRun-H [Wrm]
« Reply #3 on: March 08, 2009, 08:00:33 AM »
This kind of Virus is a program that is hidden and activated by windows. If you don't remove the *.com it will come back.
Wow.... That's just a little over done. Avast will find it.... but you have some work to do yourself....
1: Locate - either avast will find it or you will notice it when you just doubleclick you c: in MyComputer.
2: Use notepad and create the following
                    autorun.inf
  (code)         [autorun]
  (code)         open=c:\
Note:     When you hit save as make sure that it is selected to "any file" instead of txt
3: Go to tools>folderoptions>viewtab
          Uncheck": hide protected operating files
4: go to c:\recycler\ Delete any program files
5: Go to run command in startmenu and type regedit
(be careful here)
       HKEY_CURRENT_USER
            + HKEY_CURRENT_USER\Software
                           + HKEY_CURRENT_USER\Software\Microsoft
                                    + HKEY_CURRENT_USER\Software\Microsoft\Windows
                                            + HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion
                   + HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
            + HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
    (this is where it is different for everyone... in the keys expand till you see anything that says recycler... if it does delete the directory that says autorun... WARNING make sure you check the drive path because your cdrom or usb device autoruns are here too.)
                                             Have a nice day