About Autorun.inf
Autorun.inf is a file programmed to initiate build-in services of a system automatically so that Windows would give out the desktop to PC users and respond to the strikes made on the keyboard. Also, it is employed by many other programs/ devices including memory stick, CD-ROM to run themselves automatically upon double click for a real-time provision of all-rounded services.
Since it loads information on installed programs or devices that connect to computer, virus makers start to target it for vicious infiltration without being easily detected and deleted. And such situation when autorun.inf being exploited happens on memory stick or CD-ROM mostly. Since autorun.inf is taken by Windows to be system file, error messages would come up when the removal of it is implemented to guarantee that no service will become dysfunctional.
Dangerous Autorun.inf Virus
Nowadays, autorun.inf virus has fallen as the initiator of Trojan. Removal of autorun.inf virus is fatal to Trojan as it can help Trojan to re-emerge even after removal to continue the vicious actions:
- Collecting information stored on memory and configuration.
- Opening up backdoors through vulnerability and seldom used terminals to make the machine become more susceptible to other types of virus.
- Compromising installed secure coefficient.
- Randomly deleting/ adding/ modifying values under directories referencing kernel services in the target computer to help with its survival.
How to Tell Autorun.inf Virus from the Genuine One?
Recognizing autorun.inf virus is the premise to commence the removal, otherwise, mistake would trigger system failure which can be fatal.
Methods are:
- The genuine autorun.inf file occupies zero byte while autorun.inf virus takes up more than 0 bytes.
- Right click on “Computer”/ “My Computer” on the desktop to see if the first order is “Open” rather than “Auto”; if it is changed to “Auto” or “Open sxs/.xls/.exe”, it can be autorun.inf affection.
Steps to Remove Autorun.inf Virus
A
Exterminate “RavMonE.exe”, if any, in Task manager.Windows 8
- Type “Task” in Search Charm bar from Start screen and hit Enter key.
- Check running process under Process tab.
- Select the item named “RavMonE.exe” and press on “End task” button for eradication.
- Press and hold Ctrl, Alt and delete key combination to bring up Task Manager.
- Check running process under Process tab.
- Select the item named “RavMonE.exe” and press on “End Process” button for eradication.
If error message pops up to tell that “RavMonE.exe” cannot be removed, follow the steps.
Windows 7/XP/Vista
- Hold Ctrl, Alt and Delete keys together to bring up Task Manager.
- Hit View tab to select ‘Show Kernel Times’/ ‘Select Process Page Columns’.
- Tick PID (Process Identifier) and press OK.
- Find ‘LSASS.exe’ for its image of the User Account which does not belong to system.
- Back to desktop and press Win key and R together.
- Put in ‘CMD’ and press Enter key.
- Type ‘ntsd –c q -p (PID, the number you saw on Task Manager)’ (without quotation marks) and press Enter key.
- Type ‘Task’ in search charm bar from Start screen.
- When Task Manager shows, follow the same process as depicted above.
B
Find and delete RavMonE.exe file, if any under C:\Windows and the sub-directories.
C
Insert flash drive/ external hard drive and click open its drive (take “H:\” as example) on computer before removing autorun.inf virus from cmd lines.
- Press and hold Win key and R key together to launch Run box.
- Type “cmd” and hit enter key to get a black window.
- Type the commands one by one as listed below:
attrib -s -h H:\ravmone.exe
attrib -s -h H:\autorun.inf
attrib -s -h H:\msvcr71.dll
del H:\ravmone.exe
del H:\autorun.inf
del H:\msvcr71.dll
D
Remove all temp folders under System32
Since autorun.inf is a Windows file, it is not considered by anti-virus programs as virus. Therefore, manual way is recommended to fix problems caused by autorun.inf virus completely. However, it calls for computer technology so as to go through the above steps without causing additional problems. If one cannot differentiate the genuine autorun.inf from the vicious one, please feel free to contact professionals from VilmaTech Online Support for real-time help.
Reference: What Is Autorun.inf and How to Remove Autorun.inf Virus
No comments:
Post a Comment