auturun virus with friends

[vali31]

I am looking for help on this issue. I have a laptop that is infected. Every time I plug in my thumb drives to access my files to help fix this laptop I got autorun errors on the usb drive....all folders are labeled with a ARROW and the size of the folders are 1k/b each. I then burned the files to a disc. I installed the malwarebytes program and found about 42 objects that was quarantined. I ran a registry cleaner and a system cleaner after wards. The system booted up a little faster but I still get the errors when I load in a usb thumb drive etc.

these are the questionable processes that I see:

rhwiop.exe...removed

rigin.exe....removed

gaoafox.exe....still in system"popup window"

waoahodx.exe.......removed

jbruazx.exe........still in system"popup window"

[LDTate]

Download this file

http://download.bleepingcomputer.com/sUBs/...Disinfector.exe

For all of your USB or external drives:

Open the drive.

Click the Tools menu, and then click Folder Options.

Click the View tab.

Uncheck "Hide file extensions for known file types."

Under the "Hidden files" folder, select "Show hidden files and folders."

Uncheck "Hide protected operating system files."

Click Apply, and then click OK.

Look for the file autorun.inf and delete it if found.

Also look for a Folder that's named resycled, make sure of the spelling and delete the folder if found. DO NOT delete the Recycler folder.

Now run the Flash_Disinfector.exe.

Be sure to insert any flash drives or USB devices that you use.

Do this for every USB / external drives:

Once finshed:

Double-click My Computer.

Click the Tools menu, and then click Folder Options.

Click the View tab.

Check "Hide file extensions for known file types."

Under the "Hidden files" folder, Uncheck "Show hidden files and folders."

Check "Hide protected operating system files."

Click Apply, and then click OK.

Reboot and Also please describe how your computer behaves at the moment.

[vali31]

Thanks I did that after I ran the autorun eliminator program to restore my files on the usb stick. I found 2 files named GAOAFOx.exe in the drives and deleted them. Do you know how to install a program that will eliminate the autorun virus in the laptop. I am using a desktop to access the internet. The laptop cannot access the internet because of the infection.

[LDTate]

Do this on the infected computer

Please don't attach the scans / logs, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

Internet Explorer (Windows)

1. Click "Tools", then click "Internet Options". This will bring up the Internet Options window.

2. Click the "Connections" tab, then click the "LAN Settings" button.

3. Uncheck the box labeled "Use a proxy server for your LAN". Click "OK", and click "OK" in the previous window. This will remove the proxy server settings in Internet Explorer.

Firefox (Windows)

1. Click "Tools", then click "Options" to bring up the Options window.

2. Click the "Advanced" button, then click the "Network" tab.

3. Click the "Settings" button, located next to "Configure how Firefox connects to the Internet".

4. Click the radio button labeled "No proxy". Click "OK" twice. This will remove the proxy server settings in Firefox.

Next:

Disable Internet Explorer Proxy Settings and Reset TCP/IP and Winsock

Disable Internet Explorer Proxy Settings and Reset TCP/IP

It is very important that these steps be carried out exactly as shown otherwise the fix will not work.

If you have any questions please ask before moving on.

• Please start Notepad and using your mouse make sure you select and copy all the information below in the Code box into your new document.
  
• Then save the file as "fixme.bat" to your Desktop
  
• In the drop down box for Save as type: make sure you select All Files (*.*) and keep the quotes on the name as well. Then close the new file.
  

  @ECHO OFF
  reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
  reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f
  reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable  /t REG_DWORD /d 0 /f
  reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v GlobalUserOffline /t REG_DWORD /d 0 /f
  netsh int ip reset resetlog.txt
  netsh winsock reset catalog

  
  

• On Windows XP you can double-click the file to run it.
  
• On Vista/Win7 you need to Right click the file and choose Run as administrator to run it. With User Account Control on it should ask permission to run it. Click Yes
  
• This will flash a black DOS box very quickly and go away, this is normal.
  
• Restart your computer now.
  
• Launch Internet Explorer and see if you can connect to the Internet.
  
• Launch MBAM and check for Updates
  

[LDTate]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!