Remove Autorun.inf Virus – What Is Autorun.inf and How to Remove Autorun.inf Virus Published on November 8, 2013
What Is Autorun.inf By default, autorun.inf is a program that allows specific file to run itself automatically when double click on disk is made. It was developed from a program that helped with auto-installation for Windows 95. Generally speaking, autorun.inf is composed of three parts: • • •
AutoRun: a required item for computers with system above Windows 95 and CD-ROM of more than 32 bit. AutoRun.Alpha: an optional item applicable to CD-ROM based on RISC in Windows NT 4.0. DeviceInstall: an optional item for system above Windows XP.
It can be learned that autorun.inf is commonly seen in memory stick, CD-ROM as well as a system. Any random removal of it from a computer would incur the trouble that some services will not run anymore. However, there have been not a few cases lately that virus target autorun.inf and set up a program looks exactly like it to avoid being easily detected and deleted while conducting evil deeds through counterfeit autorun.inf at the same time. And such virus is usually applied to virus affection through external device.
About Autorun.inf Virus Usually, autorun.inf virus encompasses autorun.inf 、msvcr71.dll 、RavMonE.exe、RavMonLog altogether and it is prone to appear as text, folder and exist in mobile equipment. Downloading files onto mobile equipment is the major way to be affected by autorun.inf virus. Upon the double click on USB flash disk, autorun.inf, a hidden file contains installation information, will be initiated automatically. Such initiation can also happen in C,D,E,F disk if you have made disk partition. For the sake of overall computer health, it is a necessity to remove autorun.inf virus. However, autorun.inf virus can be ignored and invisible to both security utilities and PC users as it would not slow down the overall computer performance significantly. Such feature has attracted many spammers who make Trojan and has gained vicious collaboration for money. As a consequence, victims would always be warned to be affected by Trojan. Removing the items related to the flagged Trojan would not prevent its reimage permanently as the initiator autorun.inf is still alive on the compromised machine, which would help the Trojan to resume secrete conducts, such as: • •
• •
Collecting information stored on memory and configuration. Opening up backdoors through vulnerability and seldom used terminals to make the machine become more susceptible to other types of virus. Compromising installed secure coefficient. Randomly deleting/ adding/ modifying values under directories referencing kernel services in the target computer to help with its survival.
Apparently, removing autorun.inf virus is essential to get rid of other virus collaborating with it.
Identification of Autorun.inf Virus To tell the difference between the genuine one and the counterfeit one is a premise to remove autorun.inf virus without causing additional dysfunctions. The identification method is shown below:
•
• •
If a new window pops up rather than the current window when double clicking on USB flash disk, one might be infected by autorun.inf virus. The genuine autorun.inf file occupies o byte while autorun.inf virus is always more than 0 bytes. To further confirm the affection, one should right click on “Computer”/ “My Computer” on the desktop to see if the first order is “Open” rather than “Auto”; if it is changed to “Auto” or “Open sxs/.xls/.exe”, it can be autorun.inf affection.
How to Remove Autorun.inf Virus Since autorun.inf is programmed by Windows and is used to achieve the goal of running/ installing a program automatically for a quicker and better operation, it is not considered by all anti-virus programs as virus. Manual way is thus recommended to fix problems caused by autorun.inf virus completely. However, it requires some computer technology to go through the entire steps. If one lacks the knowledge of computer programming or uncertain about if the autorun.inf found by self is virus, feel free to contact professionals from VilmaTech Online Support for real-time help.
Step One Enable Task Manager to check if there is any running program named “RavMonE.exe”; if so, follow the instruction here to remove autorun.inf virus:
Windows 8 section:
1. Type “Task” in Search Charm bar from Start screen and hit Enter key.
2. Check running process under Process tab. 3. Select the item named “RavMonE.exe” and press on “End task” button for eradication.
Windows 7/XP/Vista section: 1. Press and hold Ctrl, Alt and delete key combination to bring up Task Manager. 2. Check running process under Process tab. 3. Select the item named “RavMonE.exe” and press on “End Process” button for eradication. One may encounter error message telling that “RavMonE.exe” cannot be removed. If it is the case, follow the steps below to end process smoothly so as to proceed with the work of removing autorun.inf virus.
Windows 7/XP/Vista 1. Hold Ctrl, Alt and Delete key combination together to bring up Task Manager. 2. Hit View tab to select ‘Show Kernel Times’/ ‘Select Process Page Columns’.
3. Tick PID (Process Identifier)
4. Press OK. 5. Find ‘LSASS.exe’ for its image of the User Account which does not belong to system. 6. Back to desktop and press Win key and R together. 7. Put in ‘CMD’ and press Enter key. 8. Type ‘ntsd –c q -p (PID, the number you saw on Task Manager)’ (without quotation marks). 9. Press Enter key.
Windows 8 1. Type ‘Task’ in search charm bar from Start screen. 2. When Task Manager shows, follow the same process as depicted above.
Step Two
Navigate to C:\Windows and the sub-directories thereof to find and delete RavMonE.exe file, if any.
Step Three Insert flash drive/ external hard drive and click open its drive (take “H:\” as example) on computer before removing autorun.inf virus from cmd lines. 1. Press and hold Win key and R key together to launch Run box.
2. Type “cmd” and hit enter key to get a black window. 3. Type the commands one by one as listed below: • • • • • •
attrib -s -h H:\ravmone.exe attrib -s -h H:\autorun.inf attrib -s -h H:\msvcr71.dll del H:\ravmone.exe del H:\autorun.inf del H:\msvcr71.dll
Step Four Remove all temp folders under System32 1. 2. 3. 4. 5. 6.
Double click on Temp folder under System 32. Press Ctrl and A key together. Right click on one of the selected items. When a drop down list shows, press Shift and D key together. A box comes up for confirmation. Press Enter key.
Tips: Bear in mind to restart the computer after finishing the steps to save changes. Also one should bear in mind that the Trojan or other types of virus that collaborate with autorun.inf virus should also be removed after removing autorun.inf for vicious items would be able to bring autorun.inf back. Taking the fact that virus nowadays are tend to infiltrate from the World Wide Web into consideration, it is recommended to manually modify browser settings and observe good PC practice after the removal: • • • • • •
Run full scan on regular base. Update latest version of Windows and programs from official sites. No downloads of videos, especially porn, from unreliable source. Install website monitor, Firewall to help filter junk sites and sites with sensitive content. Do not click open any attachments in an Email sent by strangers. Do not accept and run files/ documents sent through chat tools casually.
If one is overwhelmed by other virus that appear along with autorun.inf, which lead to failure to remove autorun.inf virus, feel free to get efficient and feasible solution by live chatting with experts from VilmaTech Online Support.