NickGolovko
03.08.2007, 12:06
Last time we often see malware similar to Virus.VBS.Small.a. After such malware is deleted, disks in My Computer stop opening correctly: the system shows messages that it cannot find autorun.vbs (or copy.exe, ms32dll.dll.vbs etc). To get rid of such consequences do the following.
1. Start Windows Explorer (just press WinKey + E), go to Service - Properties - uncheck "Hide protected system files" and check "Show hidden files and folders".
2. View the root of all hard and removable drives you have, even MP3 players and flash cards, and Windows\system32 folder too. Any files named "autorun" are to be deleted.
Attention! Open the drives clicking on them in the left side of the Explorer window, where the folder tree is displayed. Do not open the drives in the usual way, double-clicking on them, because your computer will be immediately infected again.
3. Go to Start - Run, input "regedit" (without quotes), click OK. Do the following:
а) Check key value
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows NT/Current Version/Winlogon: Userinit.
The right value is
'C:\WINDOWS\system32\userinit.exe, '
(if your system is installed on D:\ drive, it will be 'D:\WINDOWS\system32\userinit.exe, ' etc.)
b) Delete the whole key
HKEY_CURRENT_USER/Software/Microsoft/Windows/Current Version/Explorer/MountPoints2.
Repeat the last operation for all user accounts, then reboot.
1. Start Windows Explorer (just press WinKey + E), go to Service - Properties - uncheck "Hide protected system files" and check "Show hidden files and folders".
2. View the root of all hard and removable drives you have, even MP3 players and flash cards, and Windows\system32 folder too. Any files named "autorun" are to be deleted.
Attention! Open the drives clicking on them in the left side of the Explorer window, where the folder tree is displayed. Do not open the drives in the usual way, double-clicking on them, because your computer will be immediately infected again.
3. Go to Start - Run, input "regedit" (without quotes), click OK. Do the following:
а) Check key value
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows NT/Current Version/Winlogon: Userinit.
The right value is
'C:\WINDOWS\system32\userinit.exe, '
(if your system is installed on D:\ drive, it will be 'D:\WINDOWS\system32\userinit.exe, ' etc.)
b) Delete the whole key
HKEY_CURRENT_USER/Software/Microsoft/Windows/Current Version/Explorer/MountPoints2.
Repeat the last operation for all user accounts, then reboot.