|
Different methods to remove Autorun.inf
AUTORUN.INF Viruses are virus that uses the Autorun feature of Windows to spread itself on computers. This virus makes a copy of the autorun.inf file to the root or main directory of all the drives on your PC, internal and / or external disks, to make the virus runs every time the external disks like pendrives or USB drives were inserted or every time you double-click the drives through the windows explorer.
Here are the some methods to remove autorun.inf
Metod 1:
Step 1: Boot your system in safe mode.To do this restart your system and keep pressing F8 key before the logo appears.( Its doing in safe mode because all the start up programmes willnot start in safe mode, so it would be more effective)
Step2:Go to command prompt via start ->run->type cmd and press enter
Step3:Navigate to your drive (which drive is affected with the virus, for ex:if its D drive,just type d: and press enter,so it will show like D:> If its usb flash drive just find out wich drive letter is given to usb drive by going to my computer and type that drive letter ,for ex:if its E type E: and press enter, so it will show like E:>)
Step4:Then type ATTRIB -H -R -S AUTORUN.INF and press enter
Step5: Then type del autorun.inf and press enter
Or
Type del /F /A autorun.inf and press enter
Then type del /F /A lky.exe and press enter
You can do this in all drives by changing the root directory ( changing the drive letter)
Download Combofix to your desktop and run it with your external drive plugged in. Make sure you’re currently viewing hidden files/folders and protected operating system files. Look for hidden CONFIG and SYSTEM folders on your C: and your external drive. Thats where the culprit hides, and the autorun is executing the culprit.The Combofix log will be displayed when it’s done. Look at it, and specifically for an entry near the bottom of the log that might show ROX.exe. DELETE that entry from the registry.
Reboot your system and check whether these hidden forlders msconfig and system exists anywhere, if so delet it.
Done!! | 
