You're the Visitors & Web Site Hit Counter Page Views.

Thursday, December 25, 2008

How to Automatically Delete Autorun Virus from Flashdrive & Immunize it??

Hello all, Today is Christmas, but I'm not going anywhere. So I'm going to give a tips here.

In Indonesia, where I used to live now. Most of virus come from Autorun Flashdrive / Flashdisk / Pendrive. And mostly spread from infected college computers.

I did tell you tips about : HOW TO prevent VIRUS to AUTORUN from flashdrive by Disabling Autoplay. But it's still autorun when we double-click the drive.

So we need a better trick to patch that weakness. We are going to need Ninja Pendisk Freeware. Which will AUTOMATICALLY delete Autorun Virus from Flashdrive/pendrive/Flashdisk.


"Ninja is the freeware zero-configuration program designed for guarding computers against viruses transmitted by USB pendisks.

To keep things simple, ninja is fully portable, self-contained and requires no installation.
Besides removing known virulent files, this tool will also immunize your pendisk and create a folder called autorun.inf with special protection permissions to protect your pendisk from being infected again when plugged on contaminated computers."
Follow these steps:
1.Go to NunoBrito.eu/ninja to Download Ninja Pendisk or click here to download!
2.Run it once downloaded, keep ur internet connection online.
Ninja will try to download configuration file which will automatically updated when connected to internet.
3.You will see a file named "ninja.txt" comes up, that's an update and setting of Ninja Pendisk. Change the setting if you want ^^.
4.Right-click on Ninja in taskbar, and activate disable autoplay.
5.Plug in your Flashdrive, a dialog pop-up displaying the processes of Virus Deletion and Immunize your Flash Drive.

FYI : It support XP & Vista; This tricks gonna prevent most common virus using autorun, but don't let your guard down in Internet and other things.

Read more about it from: NunoBrito.eu/Ninja

Hope it helps, Merry Christmas

7 Comments:

Anonymous said...

Hi,

Ninja Pendisk can be OK to prevent infections by the Autorun.inf virus but the question is: How do you get rid of the virus once you've got an infestation in your C: drive?

I've been unsuccessfully trying to delete it for weeks.
Thanks.

mickeel said...

Did you mean ur computer already infected before using Ninja Pendisk??
*Ninja Pendisk can only prevent and automatically deletes autorun virus from flashdrive.

->If you want to immunize your c: drive. Maybe you can try copying Ninja made "autorun.inf" super hidden folder to your c:drive.

->BUT if you want to delete "the virus" in c:drive. Ninja Pendisk can't help you.

Additional notes: Ninja Pendisk will be useful if your computer free of virus.

Thanks, hope it helps. ^^

Anonymous said...

Exactly. I have the Autorun.inf virus in the hard drive. I tried many many removal tools (mostly anything related to Autorun.inf that Google can find) and, while they seem to get rid of the virus, just a few hours later NOD32 starts triggering the alerts again. Surprisingly, NOD32 succeeds at detecting Autorun.inf once it's in the hard drive, however, it fails miserably when it comes to stop the initial infestation to begin with.

Thanks.

Anonymous said...

wah...

artikel yang bagus...

tapi saya punya cara bagus untuk menonaktifkan autorun.inf tampa program apapun...

Buat saja file .reg dengan isi:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"

perintah ini akan membuat windows mangabaikan autorun.inf

Anonymous said...

I am known as SoLaRFLaRe and I live in the Philippines.

I am proposing a VERY LONG and TIRING WAY of eliminating them, even if they have already infected your computer. I was so pissed one day that I actually did everything I can to eliminate them, and that's how this method was born. But my hardwork did pay off; it worked for me and I hope it works for your pc as well.

I think you already know how to access the registry. Do you know how to use Command Prompt? Basically, I used those two to delete the autorun.inf related viruses...

Most (if not all) of them are erasable using the command prompt. TWO GOLDEN RULES are: 1. One should know where are the exact locations of the autorun.inf and its "allies", and 2. One should be familiar with his/her files.

Commonly, one can find them HIDDEN inside the root directory of the hard drive (if your bootdisk is in C:\ you can find them there! and also in the other partitions, if there are any) and in C:\Windows\system and system32 folders.

One Problem: Some of these viruses DISABLE Folder options (and Show Hidden Files, so how do I do it when i can't even see the hidden files???

You will also use the command prompt to "see" all your hidden files. using dir/ah you will see all your hidden files IN THAT DIRECTORY and dir/ah/s to see all hidden files IN THAT DIRECTORY AND ALL DIRECTORIES UNDER IT. Cmd has a Help system anyway, so just check that out if you need to see the list of other commands you need...

Take note of ALL the directories that contains the autorun and its allies (btw, sometimes, it's not "autorun.inf" but "autorun.ini"), and then DELETE them, ONE BY ONE. to delete hidden files, you need to neutralize their attributes first by typing the command attrib (filename) -s -h -r and then you will be able to delete them.

NOTE: You will find that some of them NOT HIDDEN but you will notice that they "mimic" the filename of some of your system files. One of the most common is scvhost.exe, and you will find the copycats to have CLOSE, but weird filename spellings like scvvhhost.exe, or scvhhosst.exe etc.

Then I use gpedit.msc to ENABLE all that has been disabled by the virus (ie. Folder options, Task manager, and registry edit etc). This is also for you to be able to use regedit.

After this, i normally open the registry and locate the keys that the virus modified or created and then delete or modify them CAUTIOUSLY (since this is the registry), but for those of you who are not that familiar with the registry, i recommend RESTORING your computer to a configuration PRIOR to the virus infection. But if there's none (sigh!), do as i normally do, but make a backup of your registry first... and when in doubt, just don't alter keys that you are REALLY not sure with.

There! It REALLY Takes A LOT of time but for me, it's all worth it. And next time, along with your antivirus, also use Command Prompt to "scan" your USB devices with these kind of viruses.

Anonymous said...

i forgot...

if you have any questions, just email me at rennsolarflare@yahoo.com. I will try to answer as much as i can. Ü

On to eliminating Viruses!! Ahahahaha! Ü

SoLaRFLaRe

Anonymous said...

SoLaRFLaRe here...

I forgot...

In order for you to verify that the autorun.inf IS really a virus (NOT ALL autorun.inf's are virus-realted), use the command prompt, go tothe location of the autorun.inf and then type "type autorun.inf" (without quotes). you will then see what filenames are associated with it. Autorun.inf, I believe, is NOT a virus per se, but it triggers viruses. so if you se the filenames of the viruses there, delete it.


OH bad! I misspelled "svchost.exe" into "scvhost.exe"... sorry...

Recent Comments

 

Mod By Mickeel Pramono