9 Replies Latest reply on Apr 14, 2011 4:44 PM by hostcielo

    Help me please!!!

      Hi there!

       

      Is Autorun.exe or Packed.Generic.307 a virus?

      Does it comes from a hidden file by the name of "Recycler".

       

      I have tried disabling System Restore followed by updated of current engine and DAT file then a complete scan as suggested by McAfee.

      But it does not seem to work to detect it.

       

      An Autorun.inf file and a hidden folder containing the Recycler always appear just by plugging in and out a formated removeable drive.

       

      Any advice?

       

      LOSS

       

      Message was edited by: iusemcafee on 4/1/11 9:32:30 AM CDT
        • 1. Re: Help me please!!!
          pato

          Can you open the autorun.inf in an editor? I wonder what the content ist. But by it's small size of 1KB it's probably not much...

          • 2. Re: Help me please!!!

            Hi pato..thank you for your responds.

            In the .inf view from Notepad, there is this autorun.exe in there.

            I have just attached the screen grab on my post.

             

            Below list was detected by Symantec too..

            FilenameVirus Name
            Autorun.exePacked.Generic.307

             

            This autorun. exe troubles me.

            • 3. Re: Help me please!!!

              Hi,

               

              Open the autorun.inf file in a notepad.....delete all the content in the notepad.....save the changes.....close the file and shift+delete it.

              Once you done this restart the machine.......you wont face this problem again.

               

               

              Regards

              Sundar

              • 4. Re: Help me please!!!
                hem

                I don't think, you will be able to delete/modify the contents of Autorun.inf because it will be locked by some other Malicious process.

                 

                Rather than this, I will suggest you to submit it  (Autorun.inf) and exe in it.

                 

                From the snap, I see that the file 'Autorunme.exe'  in it when opened with Notepad.

                 

                Please submit both the file (Autorun.inf and Autorunme.exe) to McAfee labs.

                 

                on 7/4/11 5:35:08 PM IST
                • 5. Re: Help me please!!!

                  Use "Safe Mode"

                   

                  First, Disable "system restore".

                  Then Restart your computer, Press F8.

                  One your in the BOOT menu, Choose "safemode"

                  Then Manually Run McAfee complete virus scan

                  *Note: if your Mcafee doen't appear in you tray, then go to "Start" Menu and open your Mcafee application.

                   

                  When you complete those steps above, restart again in "Normal Mode"

                  Try it. good luck

                   

                  You may also delete the suspicious folder or file manualy by following those steps above.

                   

                  Message was edited by: hostcielo on 4/7/11 7:51:44 AM CDT
                  • 6. Re: Help me please!!!

                    Hi all, thank you for your reply.

                     

                    Yes, indeed I am unable to delete the file nor change the content in the notepad follow by saving the file.

                     

                    Problem is be it in SAFE mode or Normal mode, I can't find this autorun.inf file? It is only when I plug in a removeable drive (formatted clean) these two files appears shortly after (couple of seconds).

                     

                    I will try to run McAfee in Safemode to see if it can detect.

                    • 7. Re: Help me please!!!

                      Try it first.

                      If it still fails then u might have to use another method. I will tell you how if this one fails.

                       

                      Goodluck

                      • 8. Re: Help me please!!!

                        Hi

                         

                        I am unble to boot up on any of the SAFE MODE options. I get the blue screen with messages asking me to check for virus or do a CHKDSK.

                        I did a CHKDSK on normal mode, seems ok.

                        But no way I can get into any SAFE MODE to perform the scan.

                        • 9. Re: Help me please!!!

                          Dont worry..

                           

                          There are 2 reasons to make your pc vulnerable:

                           

                          1. You are using a profile that given an  "administrator credidentials"

                               It means YOU as the USER or the VIRUS/UNWANTED APPLICATION, could make any changes

                               to the computer. such as: creating registry entries, install new programs, create system startup list, or any

                                                                              permission that's given to an administrator's account.

                              

                               *In this case, the antivirus program wont be able to identify the Virus or its running processes,

                                 because the Virus would pretend to be the "current user". The virus wont install anything NEW,

                                 but it will UNPACK the files from it's CACHE DIRECTORY.

                                 It will run a very common thing; "THE BATCH" (.bat file)

                           

                          2. By letting your computer idle+online, then it will be easy for the Virus to start it's work/tasks.

                           

                          Now the easiest way to fix this problem:

                           

                          Go to your control panel, select user accounts, then create a new limited user with password.

                          Then restart your computer and login to you new limited-user account, the Virus wont be able to do anything on this Limited account because The User itself not given much permissions. If the Virus try to do anything drastically then the antivirus program will stop it.

                           

                          Then after 5 or 6 days you can try  to login to the infected account and run the full system scan again.

                           

                          Do it.. i had this problem before, and now my pc works smooth after following those steps above..

                          Relax, take time to do it... NOTHING IS IMPOSSIBLE

                          Ask me again if you dont understand..