Problem with autorun.inf from usb pen drive

[maxfor]

My computer in now infectet by an intrusion with autorun.info file from usb pen. The autorun.inf seem contains:

moderated::: dangerous information removed


Anytime i insert a new usb pen these file come out again: autorun.inf and trazeme.ini
Thank you.

[Rene-gad]

Switch off/Disable:
- Antivirus and and, if you have - Firewall.
- System Restore
- Clear hosts- file: http://virusinfo.info/showthread.php?t=61042

- Execute following script

Код:

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
ClearQuarantine;
 QuarantineFile('c:\programmi\truesuite access manager\usbnotify.exe','');
 QuarantineFile('c:\programmi\truesuite access manager\pwdbank.exe','');
 DelBHO('{710EB7A1-45ED-11D0-924A-0020AFC7AC4D}');
 DelBHO('{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}');
 QuarantineFile('C:\RECYCLER\S-1-5-21-1570498888-3371587576-878673708-7575\nissan.exe','');
 DeleteFile('C:\RECYCLER\S-1-5-21-1570498888-3371587576-878673708-7575\nissan.exe');
 DeleteFileMask('e:\da8f4026820a69b241a8f5\','*.*',true);
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows NT\CurrentVersion\Winlogon','Taskman');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
ExecuteRepair(13);
SetAVZPMStatus(True);
RebootWindows(true);
end.

After reboot execute following script

Код:

begin
CreateQurantineArchive('C:\quarantine.zip');
end.

and upload the C:\quarantine.zip over the link Upload quarantined files on the top of this page.

- Remove Bonjour
- Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProg
- Close all the programs and start only Internet Explorer!!!
- Repeat 3 logs in accordance with the rules, avptool_sysinfo is in such case not necessary.

[maxfor]

I would like to thank you. Your solution seems to works. Thank you again.

[Rene-gad]

Clear hosts- file: http://virusinfo.info/showthread.php?t=61042 over replacing it.
Any problem more?

[maxfor]

No more problems, for now.
Thank you again.

[CyberHelper]

Статистика проведенного лечения:

• Получено карантинов: 1
• Обработано файлов: 9
• В ходе лечения обнаружены вредоносные программы:
  
  1. c:\recycler\s-1-5-21-1570498888-3371587576-878673708-7575\nissan.exe - P2P-Worm.Win32.Palevo.pkf ( DrWEB: Win32.HLLW.Lime.18, BitDefender: Trojan.Inject.WN )