Manually Removing An Autorun Virus

Reading Time: 3 minutes

usb stick
So called “autorun viruses” were developed to infect external devices, such as infecting a victim’s PC while opening a flash drive in Windows Explorer. An autorun viruses exploits the Autorun.inf file in the Windows OS which is used to launch and auto play programs and files that are stored in removable disks such as Memory sticks, DVDs, CD ROMs, USB Devices and much more. The autorun virus uses this feature to destroy files.

If your USB Drive is infected with autorun.inf virus, whenever you insert the USB stick virus files start to execute and infect your PC, it further replicates itself onto the PC by creating a number of copies of autorun.inf and .exe files on all drives of your PC.

If infected, the malwarecovertly directs the user to malicious websites. It might also install a key logger on to your PC that can capture your web site activity, login credentials usernames, passwords, account numbers, credit card details and other personal and sensitive information.

An autorun virus must be removed from a PC for it to be safe to use.

Instructions to remove autorun.inf virus from the USB drive:

Insert the USB drive onto your computer, dialogue box appears, click cancel
Type the USB drive letter on to the command prompt
Type dir/w/a and press enter, which will show up a list of the files in your flash drive. If you find Ravmon.exe, New Folder.exe, ntdelect.com, kavo.exe, svchost.exe, autorun.inf, remove these files
If the virus name is autorun.inf, type F:del autorun.inf and enter to delete the same.
After all the above steps, perform an antivirus scan on the USB stick, just to verify whether all the viruses are removed

How to Delete autorun.inf on hard drive of a PC

Start the PC in safe mode
Open the command prompt
You will come across all these files mentioned below, go ahead and delete all these files.

%System%configcsrss.exe
%WinDir%mediaarona.exe
%System%logon.bat
%System%configautorun.inf
C:autorun.inf
D:autorun.inf
E: autorun.inf
F:autorun.inf
autorun.inf files in all drives.

Open the registry editor to delete the parameters that are mentioned below

[HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
DisableTaskMgr = 1
[HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer]
NoFolderOptions = 1
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionRunOnce]
“Worms” = “%System%logon.bat”

Restart your computer

This manual method to remove autorun virus can be implemented only for some simple type of autorun viruses. If you find the autorun virus even after the manual removal, it means that your PC has got infected with a mutant of autorun virus, which cannot be removed manually. There are autorun virus remover tools available that can help to remove and solve other variants of autorun virus.

Comodo Internet Security Software offers the best security solution with the defense + technology and auto sandbox technology which is found as the best defensive mechanism protecting the PC by removing malware and viruses in an isolated environment.