How many times have you plugged in your removable drive into some pc and next time you insert your removable drive and you see an autorun command. You double click on the removable drive and bam your pc is infected. Sometimes the clicking on the Open and Explore command will also execute the virus and your pc will be infected.

When your flash drive is infected it normally contains two files autorun.inf and some executable file. The autorun.inf can be found in the root of your flash drive.

If your system is infected formatting the media also will not clean the virus and sometimes you can’t even show hidden files. When you try to show hidden files from the folder options it simply won’t work.

If you have ever faced such problems then read along. When I plug-in any removable media to my pc I follow few steps to avoid such malwares. Even if you get infected its easy to eliminating such viruses.

Prevention Is Better Than Cure

Method 1:

Disable Autorun by running this reg file.  This will turn off the autorun feature.

Method 2:

If you do not want to turn off the autorun feature and still want to be safe then follow these few steps before opening any flash drive to avoid triggering the virus.

Do not double click and open your flash drive. Always open it from the explorer folder list.

This way you avoid triggering the virus via autorun.inf.

To check if your flash drive contains the virus. Open folder options from the tools menu. Select the View tab and select Show hidden files and folders radio button under the Hidden files and folders tree. Also uncheck the Hide protected operating system files (recomended) check box. Click on apply and the OK.

Now you should be able to view hidden files and folders. Open your flash drive and explorer from the explorer folder tree. If you see see autorun.inf file in the root of your flash drive then open it in notepad. Delete any executable file or batch files it is pointing to and then the autorun.inf file itself.

If you still can’t see the hidden files then open command prompt and type the command dir /AH to view all the hidden and system files.

If you get an access denied error while deleting the files then it means that you are already infected by the virus.

If Show Hidden Files & Folders option in the folder options dialog doesn’t work then follow the steps mentioned at the end of the post to fix this issue.

Manually Deleting The Autorun.inf Virus

If you can’t show hidden files or you are not able to delete the autorun.inf file and the executable then you are already infected by the virus. Now you need to manually delete the virus.

Step 1

The first place to look for the virus is the startup program list. Open Run dialog from the start menu and type msconfig and press enter. This will bring the System Configuration dialog box. Under the startup tab look for any suspicious unwanted program.

If you suspect any program then google the executable name and gather some information about it. Usually all the viruses copy themselves to the windows or system32 folders and sometimes to the root or program files.

After un-checking all the unwanted programs click Ok. The dialog will prompt you to restart for the changes to apply. Click on Exit without restarting. We still have some steps to complete.

Step 2

Some viruses hook into the shell. Open the run dialog from the start menu and type regedit and press enter, this will open the registry editing tool.

Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon using the tree in the left hand panel. Check the value of the Shell key.

The value of the Shell key should be explorer.exe if you see name of any other executable file along with the explorer.exe, double click on the Shell key and delete anything except the explorer.exe and click ok.

Now reboot your pc. After rebooting your pc you should now be able to delete the autofun.inf and any other virus that you were not able to delete before.

Folder Options – Fix For “Show Hidden Files & Folders” Not Working

Sometimes even after removing the virus you won’t be able to show the hidden files. After settings the options in the folder options they get back to the old settings. You need to do change another key in the registry to fix this problem.

Method 1:

Go to registry editor by running regedit in the run box.
Go to this key:
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer\Advanced

In the right hand area, double click hidden and change the value to 1.

Now you’re all set to go. Check it in your tools menu if the changes have taken effect.

Method 2:

1. Click “Start” -> “Run…” (or press Windows key + R)
2. Type “regedit” and click “Ok”.
3. Find the key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Folder\Hidden\SHOWALL
4. Look at the “CheckedValue” key… This should be a DWORD key. If it isn’t, delete the key.
5. Create a new key called “CheckedValue” as a DWORD (hexadecimal) with a value of 1.
6. The “Show hidden files & folders” check box should now work normally.

Hope it helps