autorun.inf

[vagish]

[autorun]
;hudkzbovgewosfhgivmzztf
shellexecute="resycled\boot.com e:"
;irampzikkhrvtaxncuwakys
shell\Open\command="resycled\boot.com e:"
;twymmlhgsoyynsyaowijbmwyverrfycmuwcrywprwkxthukvojrwvpkgcdefdz
shell=Open
;wuhhgxfbcevswyhpbsyybjxqvhfmutrred

The above is the code in the autorun.inf
This file is located in all my drives.
When i double click on the drives, it will open in a seperate folder and when i right click on the drives, the first option is Autoplay.

Before this, i used to keep one autorun.inf file to change the drive icon. Now this has been replaced by the above file. If i delete this file, in the next instant it will come again. Then i opened that file and i got the above code.

now i have to get back to my original setting. So please help me in this regard.

 

[JojoTheDragon]

try system restore. Looks like virus or worm or virus. Install kAV to remove them.

 

[vagish]

Hi

I tried system restore also.

It is not going at all. Previously i Formated the C drive and Re installed the XP even though... this autorun file is not moving.

I am having Symentic Antivirus with daily updates. Now if i remove and Install any other antivirus with updates, it is possible to remove it?

 

[rhitwick]

>First check ur start-up, if any I mean any suspicious entries found (means anything u don't know, any dll, exe etc. check them in processlibrary.com) delete/disavle them.

>Disable system restore (this will delete currently restored data which may contain the virus)

>Try AVG8.0, Avira and KIS2009(recommended), update and scan ur PC.

>Do a HijackThis scan, post results.

 

[mrintech]

Scan with *www.superantispyware.com/download.html and *www.emsisoft.com/en/software/free/

Problem will be solved Also go for: *www.threatfire.com

 

[amitash]

Its a very common worm...use KAV, it helped me

 

[Amir.php]

*bleuken.i.ph/blogs/bleuken/2007/06/29/viruses-that-uses-autoruninf/

 

[shri]

I was a victim of the same worm very recently. I tried two anti-viruses- KAV and NOD32, two anti-spywares- Spybot S&D and AdAware, which failed to remove it.
Also, check your DNS server settings of your internet connection. It may be showing 85.255.x.x which is a DNS hijack.

How I solved my problem:
1. Note that the worm is present in your system32 folder. Note the two files and delete them.
c:/windows/system32/msqpdxosvdnrsr.dll
c:/windows/system32/drivers/msqpdxmaxtofxh.sys

2. Open regedit. Use the find option and search for 'NameServer' and 'DHCP'. Delete all entries having the value 85.225.something.something.

3. Now delete the autorun.inf and resycled folder in every drive root.

Report what happens. All the best

Edit: Use Malwarebytes' Anti-Malware (Link) if you are not comfortable doing it manually.

 

[gopi_vbboy]

arey yaar

use some linux live cd

boot

go to ur drives

delete these exe from their lication and the inf files


(or search *.exe in all directory and sort in descending order...delete the suspicious files if u know or google that exe name n delete of suspicious)

 

[dmenonpm]

Hello Vagish
I think your problem is not rectified by simply running any antivirus.

please follow these simple steps one by one and see the results for yourself

1.Boot XP in the safe mode.(press F8 many times during start up)
2.Enter the folder option in the control panel and
2.1 In the view tab check the "show hidden files and folders"
2.2 Uncheck the "Hide extensions for known file types & Hide protected Operating system files(Recommended)
2.3 Also uncheck use simple file sharing(Recommended)
2.4Click ok.
3.Disable System Restore feature in all drives.
4. Now open the drives one by one and try to enter the recycler folder and the System Volume information folder.
If you can't then right click on each of these folders one at a time and under the security tab add your full user name correctly and check the "full control" option.
5.Now enter these folders and press Ctrl+A and Shift+delete keys.
6.Now come out of these folders and repeat the same in all the drives.
7.After this Look out for the files named "autorun.inf" and for ISSDLL.dll.vbs(script file) and if found any of these select these and perform the "shift+delete" action.
8. Repeat step 7. in all the folders and sub folders in all the drives.
this will consume some time but it works.
9.Now its time for some registry editing
9.1Open the registry editor by typing "regedit" in the run and press ok.
9.2Navigate to the key HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows / CurrentVersion / Run
and delete MS32DLL on the right hand side if found.
10. Type Prefetch in the run and shift delete all the .pf files in the folder.
12.Type %temp% and delete all the files you can in this folder too.
13.Delete all browsing history in all of the browsers that you have installed.
14.shift delete all the recent files in the recent document folder.(Type RECENT in run and press ok)
15. Install CCleaner and run the application to delete user tracks and history.
16.Now use an updated version of Avast Antivirus Home and schedulea boot up scan, if you can.Or at least use your antivirus and perform a complete system scan.

 

[vagish]

1. I could not find andy msqpdxosvdnrsr.dll and msqpdxmaxtofxh.sys files in the windows directory.
2. My DNS does't starts with 85.255.x.x it starts with 202.144.*.*
3. use puppy linux live cd and deleted the autorun.inf and recyclers folder in the drives.
4. I did't find any "MS32DLL" values in the registry.
5. At last i formated the C drive and re installed XP. The problem solved for me.

 

[Anorion]

make a folder called autorun.inf in the affected areas. temp solution.

 

[rajkumar_personal]

Use a good updated AntiVirus software like Kaspersky or Norton and then run a full system scan !
Your prob will be solved.
It really is THAT simple!