# Virus in Windows XP..pls help



## thetechfreak (Nov 11, 2009)

There is a virus in my PC which creates autorun.inf files in all removable drives and pen drives.The anti-virus doesnot detects virus even in safe mode.I installed new Anti virus in safe mode like Norton 2010 provided in November 2009.Tried avast and threatfire after updating.Pls tell how to remove virus.Thanks.
-----------------------------------------
Posted again:
-----------------------------------------
Help needed.
-----------------------------------------
Posted again:
-----------------------------------------
Help me somebody.Please


----------



## hell_storm2006 (Nov 11, 2009)

*www.bleuken.com/2008/07/01/preventing-and-removing-autoruninf-virus/

Hope this helps!


----------



## thetechfreak (Nov 12, 2009)

I can remove autorun.inf but its created again and also setup.exe...pls help some one..


----------



## Aspire (Nov 12, 2009)

^Did you stop its execution through MSCONFIG->STARTUP??


----------



## CA50 (Nov 12, 2009)

try avast and go for a boot time scan


----------



## Gauravs90 (Nov 12, 2009)

Try antivir antivirus


----------



## ashikns (Nov 12, 2009)

Boot into safemode and disable all unwanted startup from msconfig.Also get avast and run a boot-time scan as CA50 said


----------



## CA50 (Nov 12, 2009)

Test your antivirus efficency : 
copy this code in notepad and save as a text file, then rename the file to an exe one. If your AV detects the exe as a virus then your AV is a good one.

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Though this method is not fool proof, yet this will test the efficency of youe current AV.


----------



## Gauravs90 (Nov 12, 2009)

^^ Norton detects (EICAR test string) and status is high risk!!!!

But why though?
-----------------------------------------
Posted again:
-----------------------------------------
^^ Norton detects (EICAR test string) and status is high risk!!!!

But why though?


----------



## Aspire (Nov 12, 2009)

> X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


Detected Instantly


----------



## CA50 (Nov 13, 2009)

Gauravs90 said:


> ^^ Norton detects (EICAR test string) and status is high risk!!!!
> 
> But why though?


That piece of code is just for testing not virus.
Anyway norton is good. I tried it with Norton 2010 but didn`t detected it immediately. BTW did your AV detected the virus after on-demand scan or just after renaming.
-----------------------------------------
Posted again:
-----------------------------------------


Aspire said:


> Detected Instantly



What is ur AV


----------



## Aspire (Nov 13, 2009)

^ Kaspersky Internet Security 2009


----------



## CA50 (Nov 13, 2009)

Aspire said:


> ^ Kaspersky Internet Security 2009



grt AV then, but did it detect the virus on On-demand scanning or just renaming??
Is just renaming then your AV is not sleeping else it was sleeping and you kow what to do about a sleeping dog


----------



## Gauravs90 (Nov 13, 2009)

It detected instantly. even i was not able to save it


----------



## CA50 (Nov 13, 2009)

^ That means NORTON passes the virus detection test.


----------



## Aspire (Nov 13, 2009)

It detected on renaming


----------



## evewin89 (Nov 13, 2009)

i use NOD32 and according to me itz one of the best anti.virus. so try it.


----------



## CA50 (Nov 13, 2009)

Aspire said:


> It detected on renaming



Though kaspersky is a grt AV, your Av is not detecting a simple piece of code. The resident protection may not be up to the mark. think abt it
-----------------------------------------
Posted again:
-----------------------------------------


evewin89 said:


> i use NOD32 and according to me itz one of the best anti.virus. so try it.



hey man Nod32 is a cool piece of code, it even detected the code in txt form. I am using it with Vista.


----------



## CA50 (Nov 14, 2009)

hi fnds see Nod32 even detected the code in text form, image below
*img36.imageshack.us/img36/2973/nod32p.jpg


----------



## evewin89 (Nov 16, 2009)

CA50 said:


> Though kaspersky is a grt AV, your Av is not detecting a simple piece of code. The resident protection may not be up to the mark. think abt it
> -----------------------------------------
> Posted again:
> -----------------------------------------
> ...


u r rite man...coz one can really trust nod32. i think itz better than most of the well known AV till date


----------



## Gauravs90 (Nov 16, 2009)

^^ i think norton is the best av till date. and 2010 is really great


----------



## CA50 (Nov 17, 2009)

evewin89 said:


> u r rite man...coz one can really trust nod32. i think itz better than most of the well known AV till date



yep nod32 interface is also cool. I am its fan.
-----------------------------------------
Posted again:
-----------------------------------------


Gauravs90 said:


> ^^ i think norton is the best av till date. and 2010 is really great



Nortons but past encounter with it was not gud, so i don`t have a taste for it. There are other grt substitutes to norton


----------



## Gauravs90 (Nov 17, 2009)

CA50 said:


> Nortons but past encounter with it was not gud, so i don`t have a taste for it. There are other grt substitutes to norton



Norton is really changed since 2009 version and it's faster than before.


----------



## CA50 (Nov 18, 2009)

Gauravs90 said:


> Norton is really changed since 2009 version and it's faster than before.



that may be true, but i don`t have any personal interest in norton, i prefer avast and nod32 to norton. I don`t know abt the other members. Every body has got their own taste.


----------



## rhitwick (Nov 18, 2009)

So, has the OP resolved his issue?
If yes, I would like to know how?


----------



## rondadevil (Nov 18, 2009)

thetechfreak said:


> There is a virus in my PC which creates autorun.inf files in all removable drives and pen drives.The anti-virus doesnot detects virus even in safe mode.I installed new Anti virus in safe mode like Norton 2010 provided in November 2009.Tried avast and threatfire after updating.Pls tell how to remove virus.Thanks.
> -----------------------------------------
> Posted again:
> -----------------------------------------
> ...


An autorun.inf file stores information of an external disk. When ever an external disk is inserted, the computer first checks the autorun.inf file and executes the command written in it. First backup all the stuff in the pendrive and then format it. Then get a usb Panda Antivirus and then netralise the pendrive . It just creates an "autorun.inf" which block any software from overwritting it into the pen drive and no softwares are allowed to enter your pendrive.


----------



## CA50 (Nov 18, 2009)

hey buddy why don`t you use this software " USB disk security "

*www.zbshareware.com/setup.exe

this software automatcally detects all tpyes of autorun viruses in removable drives including optical ones.


----------



## thetechfreak (Nov 22, 2009)

Ok here is my update.I have tried the following antivirus-
Norton 2010
Avast! Antivirus
Kaspersky and
i had done a boot time scan but no use.
Result-I have installed Windows 7 RC1 provided by digit in anniversary issue and its       
          clean of any virus as of now


----------



## CA50 (Nov 22, 2009)

try nod32 it may help


----------



## Gauravs90 (Nov 22, 2009)

Well you had not tried  antivirus which are kings in malware detection. They are -

avira antivirus
PC tools antivirus
panda cloud free

they have highest ratings for detection.


----------



## Anorion (Nov 22, 2009)

Create folders by the names of autorun.inf and setup.exe, and write protect them. This is a quick fix to ensure that at least they don't show up again no matter which antivirus you use. Do this on all your USB drives and hard disks. 

Then run a boot time scan. You might lost a lot of data though.


----------



## CA50 (Nov 23, 2009)

actually there isless posibility of recovering your pc after the virus infection. The solution which myself and other members have provided will work to prevent further virus infection. You can do one thing boot from a live CD and delete the autorun.inf files in all the partition and also detele any other suspicios file. Also check you windows\, system32\. If all these doesn`t work then there is no way other then a clean XP reinstall. Also make sure that you keep your pc uptodate with latest virus updates.


----------



## siddarthmallya (Nov 23, 2009)

Install malwarebytes, Which helps to remove malwares.


----------



## jrkraj (Nov 25, 2009)

try kaspersky rescue disk


----------



## thetechfreak (Dec 3, 2009)

Thanks everyone for help


----------



## sude (Dec 8, 2009)

well you are not able to delete the autorun virus from your removable drive because its installed on your system. search through the system for the sourch virus and delete it. then finally format or delete manually the autorun vir from your removable drive. it should go.

post a hijack this log here and we may help you more.

-SUDE


----------

