# hard disk problem



## aby geek (May 8, 2011)

hi guys,

my brother in law is having problem with his simpletech portable drive.
avast is blocking : autorun.inf(says infected with inf:autorunax(wrm)
   and                 e5188982.exe infected with win32: inject-agc(trj).

he cant acces the drive and the data please suggest what to do.

please reply immediately if any one is online at this hour.

the drive details:SimpleTech SimpleDrive 1 TB 96300-41001-170

thanks in advance
hoping for prompt reply
aby


----------



## topgear (May 8, 2011)

Uninstall avast or disable it's gurad and Use Panda USB Vaccine - it will block any potential malware which tries to inject into system using autorun files - copy the needed contents - format the drive and install a anti virus program again / enable it's gurad - run a full system scan.


----------



## aby geek (May 8, 2011)

thanks a lot topgear 
umm would avg free be a good choice or you reccomend anything else?


----------



## cute.bandar (May 8, 2011)

1. diSABLE usb autorun ( if on xp)
2. then disable avast guard 
3. connect drive , scan and remove any virus.


----------



## 1993gregory (May 8, 2011)

if on XP
keep pressing shift key while attaching the drive(it will disable autorun)
then you can scan and remove the virus.
I dont know will it work on 7 or vista


----------



## topgear (May 9, 2011)

aby geek said:


> thanks a lot topgear
> umm would avg free be a good choice or you reccomend anything else?



Avira AntiVir is the best free Av IMO and it disables autorun automatically - so no need to do it manually or use any other 3rd party tool


----------



## aby geek (May 9, 2011)

thanks for all the replies 

one more thing, his drive is full with 1 tb of imp data, so how can he back it up before formatting. can he safely backup data after using panda usb vaccine?


----------



## modder (May 9, 2011)

You don't need to format it in the first place if you've imp. data on it.

1. Remove the infected files using a good AV
2. Run>CMD
3. type '<drive letter goes here>:' [eg, C: OR D:] > 'enter'
4. type 'dir' > enter
5. see if 'autorun.inf' is listed, if exists
4. type 'del /f autorun.inf'
(without quotes and <>)

Done. Use any file except executable (*.exe) or shellexec (*.com/*.bat/etc) ones not before thoroughly scanning them


----------



## aby geek (May 17, 2011)

humm the autorun.inf is not being listed. if i just access the drive every apppears as a link and theres also avira.lnk there but my brother in law says he hasnt ever used avira.

even if someone must have put avira in his drive what is this link problem can you guys help with this please.


----------



## modder (May 17, 2011)

that's "*.Lnk vulnerability" aka "Shortcut exploit".

"Vulnerability in Windows Shell Could Allow Remote Code Execution", don't view the drive. It infects/get executed just by viewing/when windows draws the icons.

See if *KB2286198* shows in windows updates list in control panel, if it doesn't:

DL the fix KB2286198 from here:
*www.microsoft.com/technet/security/bulletin/MS10-046.mspx

If you're using Win7 SP1 then you're safe as KB2286198 is included in it. If you're using Win 7 and haven't installed SP1,* its always better* to get it/install it.


----------



## Paresh996 (Aug 13, 2011)

Hey Sudheesh! I had the same problem too. Actually, your hard drive is not infected. Your operating system is infected with a malware. You just have too re-install Windows 7 or any other operating system you want. Then in that operating system also you'll see the shortcut folders. Delete Them. On the Menu Bar, go to Tools-->Folder Options...-->View. Click on 'Show hidden files, folders and drives' and on 'Hide protected operating system files.' A Warning dialog box will pop up. Click on yes. Then you'll see all your folders (NOT shortcuts) permanently hidden. You'll just have to make new folders, move all files from your permanent folder to the new folders you've created and then delete the permanently hidden folders. Unplug and then again plug-in your drive. You'll not be able to see any of the shortcuts. All your files are back in normal folders. Enjoy!!


----------



## Zangetsu (Aug 13, 2011)

Install Avira Antivirus & do a full scan of the portable drive all infections will come out & cleaned...


----------



## d6bmg (Aug 13, 2011)

Avast autometically detects any autorun.inf as virus. For example, try to make a autorun.inf by yourself & run avast scan in it. 
Solution: get rid of avast or disable autorun in your PC.


----------



## topgear (Aug 14, 2011)

I really don't know to whom Paresh996 was referring as Sudheesh - anyway, this thread is old enough and OP's issue might have been solved by now.


----------

