Kicking Out The Autorun Viruses Manually

It’s not as difficult as it seems

Yesterday, my friend brought a 160GB Portable HD drive to get some good stuff from my HD. I plugged it into the port and what caught my attention was that, in the usual autorun window, there was something very unusual i.e the ‘Open folder to view files’ was mention two times. I ran a quick scan with Avira on the portable drive and “unsurprisingly” it was infected with ‘TR/Crypt.XPACK.Gen’. Again, unsurprisingly, the antivirus failed to disinfect, remove and even quarantine the virus!

A long time ago my OS was infected with a similar Autorun virus and i was forced to find my own way to deal with it and it took me almost 15 minutes to kick it out of my PC, though a short time, it was a real pain in a$$ as the virus was just multiplying!

The way can you deal with such stubborn virus is that if the antivirus fails to fix them, you have to manually remove them so as to avoid the boring procedure of formatting the drives and re-installing the OS.

My solution to deal with Autorun viruses

  • First of all, NEVER rush toward exploring the portable partitions,
  • If you find anything suspicious about the portable device, run a through antivirus scan and if still you are not satisfied, unhide all the folders and system files from the toolbar menu and check whether you see any stranger file hidden in the portable drive.
  • Install the Unlocker appĀ (It helps to stop the active processes from using the drive/folder/file, thus making the drive/folder/file writable)
  • Right click on the portable drive, click on Unlocker, and kill all the processes using the infected portable drives.
  • If you are unable to unhide the folders, start the search window and set the options as ‘highlighted’ in the screen shot:
Screenshot
  • After you’ve selected the correct options, hit the search tab (Remember to set the searcha path to your portable drives).
  • If infected, you will find some suspicious hidden files like autorun.inf and others that are no supposed to be a part of the drive(beware, do not run the autorun file directly, it’s another way of getting your OS infected). Instead drag the .inf file in the notepad to check it’s contents.
  • Now, leave the search results window as it is and run the file shredder tool.
  • Go back to the search results window and drag all the stranger files including the ‘RECYCLER’ and ‘System Volume Information’ folder into the File Shredder window and hit the “Chop it away” button.
  • This will remove the infection from the portable device and will save your OS from being infected.
  • If your OS is also infected, follow the same steps but, in the this case the only difference will be that you will be dealing with your local drives (C: D: E: and so on).

Feel free to drop in a comment if you have any questions/suggestions.