Worms spreads by creating a copy of itself and starts by autorun.inf files. It is essential to remove the malicious and autorun.inf files not only from computers but also from the source, and that is the USB Drive. PreciseSecurity have created a procedure to delete the malicious files on infected drives.
PROCEDURE:
1. While the computer is still off;
2. Plugin the USB Drive
3. Insert the Windows XP CD-ROM into the CD-ROM drive. It must be the bootable Windows XP Installer
4. Start the computer from the CD-ROM drive. It will start Windows Setup screen
5. When the “Welcome to Setup” prompt appears.Press “R” to start the Recovery Console
6. If asked “Which Window installation would you like to logon to” select the number. Type “1? then Enter, if only one installation of Windows is present
7. Enter the administrator password, press Enter
8. It will bring you to command prompt, C:\Windows>
9. Proceed with the following command:
- Type d: (This is the drive letter of USB. It can be e: or f: defending on how many hard disk or cd drive is installed)
- Type attrib -h -r -s autorun.inf
- Type “edit autorun.inf” it will open DOS Editor and display contents as follows
==========================
[autorun]
open=file.exe
shell\Open\Command=file.exe
shell\open\Default=1
shell\Explore\Command=file.exe
shell\Autoplay\command=file.exe
==========================
Take note on the file that it called to open (in above example it is file.exe)
10. Exit DOS Editor and return to command prompt, D:\>
11. Delete the file that was called to open on DOS Editor
- Type del /f /a file.exe
12. Delete autorun.inf file
- Type del /f /a autorun.inf
13. Exit Recovery Console by typing exit.
PROCEDURE:
1. While the computer is still off;
2. Plugin the USB Drive
3. Insert the Windows XP CD-ROM into the CD-ROM drive. It must be the bootable Windows XP Installer
4. Start the computer from the CD-ROM drive. It will start Windows Setup screen
5. When the “Welcome to Setup” prompt appears.Press “R” to start the Recovery Console
6. If asked “Which Window installation would you like to logon to” select the number. Type “1? then Enter, if only one installation of Windows is present
7. Enter the administrator password, press Enter
8. It will bring you to command prompt, C:\Windows>
9. Proceed with the following command:
- Type d: (This is the drive letter of USB. It can be e: or f: defending on how many hard disk or cd drive is installed)
- Type attrib -h -r -s autorun.inf
- Type “edit autorun.inf” it will open DOS Editor and display contents as follows
==========================
[autorun]
open=file.exe
shell\Open\Command=file.exe
shell\open\Default=1
shell\Explore\Command=file.exe
shell\Autoplay\command=file.exe
==========================
Take note on the file that it called to open (in above example it is file.exe)
10. Exit DOS Editor and return to command prompt, D:\>
11. Delete the file that was called to open on DOS Editor
- Type del /f /a file.exe
12. Delete autorun.inf file
- Type del /f /a autorun.inf
13. Exit Recovery Console by typing exit.
Nice blog and very informative thank you for sharing us.
ReplyDeleteBullion Jackpot Calls || Intraday Tips for Commodity Only
How can Show Pandrive's autorun.inf file Which is hide By Company And How can Delete Them.
ReplyDeleteglad to read this, great works..!!
ReplyDeleteAdvanced Systemcare Ultimate Serial | Avs Video Converter 9.1 Serial Key
Thanks for this amazing article. Loved your post. Waiting for your next article.
ReplyDeleteIntraday Tips.