"autorun.inf" autogenerated in each drive generates EXE and PIF files in Windows CP

I have Windows XP SP2 installed on my laptop, its been infected by a virus, which creates autorun.inf in each of my drives as read-only, hidden and system file attribute being set, and which generates some EXE file and PIF file. I tried some free versions of anti-rootkit, anti-malware, registry scanning softwares but of no use. For most of them it denies installation. I also tried online scanning but it disconnects the process. Then I deleted them using Live Ubuntu running on a bootable USB. But after rebooting the laptop in Windows XP they were autogenerated again. I think the registry is being affected by the virus which is restoring them. I dont want to format my laptop. Earlier the safemode was also being disbled but anyhow I enabled it then, I tried deleting the autorun.inf files from there Is there any way to check what is causing them to be autogenerate.

pRAShANT

Posted 2013-08-08T11:52:16.493

Reputation: 171

You're running an outdated version of windows. You're unwilling to do the one thing that will definitely kill off the virus. You're doing a public service by reformatting your laptop. – Journeyman Geek – 2013-08-08T12:02:08.667

The first thing you will want to do is update to Service Pack 3. create a bootable anti-virus disk and scan your hdd that way. If your not willing to install SP3 nor format the HDD your insecure computer will continue to get a virus. There are security holes that you cannnot resolve unless you update SP3 – Ramhound – 2013-08-08T12:12:22.457

1Maybe his hardware is old for newer systems? Maybe he lacks the knowledge to backup and transfer every software and setting? Maybe there's a thousand installed programs and he lacks the time for backing up it all? Maybe he customized his system extensively and don't want to redo it all again? Removing a virus can be much more efficient than format, reinstall, reconfigure, etc etc etc. – That Brazilian Guy – 2013-08-08T12:19:40.030

(That said, yes, XP is quite old, about a decade, and expect more and more for released software to not even be fully compatible with it. You should plan an upgrade the sooner you can) – That Brazilian Guy – 2013-08-08T12:20:54.723

Answers

This is a VERY common virus which reproduces itself by making a copy of itself onto any folder it finds in the infected computer.

For the time being open task manager and navigate to Processes tab.
Now stop any process with names 'New Folder.exe' , 'autorun.inf' or 'Recycler'.

If you can't find them or for a permanent solution,
Get a good free antivirus like AVG or ESET NOD 32 and try installing it using command prompt(Run in Administrator mode).
If that turns futile, try installing it and running a scan in safe mode. I bet the antivirus would detect these files - 'New Folder.exe' , 'autorun.inf' and 'Recycler'.

In the mean time, if your folders get replaced by 'Folder Name.exe' files, don't panic, Your folders have simply been hidden.
To view hidden folders,
1) In Windows Explorer, choose Tools > Folder Options.
2) Click the View tab in the Folder Options dialog box.
3) In Advanced Settings, select Show Hidden Files And Folders.
4) Deselect Hide Extensions For Known File Types.
5) Click OK.
Now the folder will become visible. Right click on it --> Deselect Hidden checkbox and click apply.

user241704

Posted 2013-08-08T11:52:16.493

Reputation:

there's no need to install full antivirus, afaik even 'Microsoft Security Scan' or whatever it's called will remove it after it's ran once – stijn – 2013-08-08T12:11:48.157

Microsoft security scan will work only when the windows is genuine.... Other wise use the antivirus i specified. – None – 2013-08-08T12:13:29.353

Your laptop runs a hopelessly insecure version of Windows which is more than 3 years outdated/out of support.

Don't attempt to fix this: REFORMAT and install XP-SP3 as an absolute minimum OS level.
And XP-SP3 will be out of support in April 2014 as well. Keep that in mind.

Trying to safe this installation is beyond stupid. It is completely irresponsible.

Tonny

Posted 2013-08-08T11:52:16.493

Reputation: 19 919

I've had success in the past in very similar situations using ComboFix: "ComboFix is a program, created by sUBs, that scans your computer for known malware, and when found, attempts to clean these infections automatically. In addition to being able to remove a large amount of the most common and current malware, ComboFix also displays a report that can be used by trained helpers to remove malware that is not automatically removed by the program."

In a few cases I had to use SmitFraudFix, a similar tool, to get rid of the malware.

I suggest you try both (each one at a time, obviously).

That Brazilian Guy

Posted 2013-08-08T11:52:16.493

Reputation: 5 880