autorun.inf worm removal

[PatriciaW]

Hello again,
Am I in the right place for this type of situation?

   On my Desktop PC I picked up an autorun.inf worm or virus from my flash drive. It was changing how my D: drive was running. It was making me open it like a file. I don't know if that PC is fixed yet..  I have used that flash drive on this laptop.  I didn't find any files like that on it.. Instead I found a virus called HTML/Spoofing.Gen. I quarantined and removed it with Avira Antivir. I did everything on the list of things to do and here is the logs...

Should I do all this on the Desktop PC with the flash drive attached to clean those out to or, is there a different procedure for the autorun.inf worm??
                Thanks .. Patricia

[attachment deleted by admin]

[evilfantasy]

Sorry for the delay.

Download random's system information tool (RSIT) by random/random from and save it to your Desktop.

• Double click on RSIT.exe to run.
  
• Click Continue at the disclaimer screen.
  
• Once it has finished, two logs will open.
• log.txt <will be maximized and info.txt <will be minimized
  
• Please post the contents of both logs in the next reply.

[evilfantasy]

Should I do all this on the Desktop PC with the flash drive attached to clean those out to or, is there a different procedure for the autorun.inf worm??

Sorry I missed that the first time through.

Use this for any flash drive you have used on the infected computer.

Flash Drive Cleanup

Download Flash Disinfector by sUBs and save it to your Desktop.
 

• Double-click Flash_Disinfector.exe to run it.
• Your desktop and icons may disappear. This is normal.
• It will do a cleanup of removable storage devices, and write a protected Autorun.inf file to help prevent re-infection.
  
• Follow any prompts that may appear.
• The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
• Wait until it has finished scanning and then exit the program.
• There will be no GUI interface or log file produced.
• Reboot your computer when done.

.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

Will be awaiting the RSIT log...

[harry 48]

quote author=PatriciaW link=topic=78698.msg518498#msg518498 date=1236883936]
I was wondering the same thing myself. I followed everything I was suppose to do and still no reply.. I see they answer others with hijack logs.... If they won't answer and don't have the knowledge why make it sound like they do in the first place? waste of my time going through all that stuff and then no one will help me anyway. False advertising I might add... Free computer help for EVERYONE..  I will go else where from now on and tell others to do the same. Have you tried majorgeeks.com???  That's where I am heading.. good luck with your situation..
[/quote]

take your time and wait this time , not like above , help is not at hand for every-one

on tap , harry

[Dias de verano]

Yup, leave the attitude at the door, lady.

[evilfantasy]

Trust me you will have a much longer wait at MG's. They usually have at the least a 3 day turn around on the first reply. And their pre-steps are much more involved. Good luck!!

[PatriciaW]

 Evil fantasy
thank you for your help even after my attitude on the other post. Its just frustrating not being able to fix things on my own.. I haven't had any computer training I learn as i go. no one was born with this knowledge. it's taught to you. Even big companies get a virus so for Dias to act like I'm an idiot for getting a virus is uncalled for if he can't help me then don't answer  posts that wasn't addressed to him. . I have never posted to a forum before and didn't understand why you skipped me and helped others that posted after me once again sry bout the attitude and thanks for the help. here are the logs you asked for...

[attachment deleted by admin]

[PatriciaW]

Sorry I missed that the first time through.

Use this for any flash drive you have used on the infected computer.

Flash Drive Cleanup

Download Flash Disinfector by sUBs and save it to your Desktop.
 

• Double-click Flash_Disinfector.exe to run it.
• Your desktop and icons may disappear. This is normal.
• It will do a cleanup of removable storage devices, and write a protected Autorun.inf file to help prevent re-infection.
  
• Follow any prompts that may appear.
• The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
• Wait until it has finished scanning and then exit the program.
• There will be no GUI interface or log file produced.
• Reboot your computer when done.

.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

Will be awaiting the RSIT log...

   Antivir found a worm while downloading it..so i didn't open it.

[PatriciaW]

I found out it's a false positive.. so I am trying it again...

[evilfantasy]

Many of the tools I will have you use will be flagged by Avira. The way they work is similar to that of malware. Fight fire with fire...

Don't let Dias bother you. He is somewhat likable once you figure out he has that attitude with everyone. Right Dias?

Be right back. Looking at the logs now.

[Dias de verano]

Don't let Dias bother you. He is somewhat likable once you figure out he has that attitude with everyone. Right Dias?

More or less. I just can't stand people who come on here badmouthing the "service" they get (or don't get), and/or expecting to be at the head of the queue.

I still find the title of this thread objectionable.

[evilfantasy]

OK back to business now. Everyone can play nicely long enough to take care of this I hope.

Do you know what this is?

O23 - Service: SessionLauncher - Unknown owner - C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)

If not then please scan it.

Please go to VirusTotal.com
(If more than one file needs scanned they must be done separately and logs posted for each one)

1. Copy the file path in the below Code box:

Code: [Select]

C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe2. At the upload site, click once inside the window next to Browse.
3. Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
4. Next click Send File
Your file will possibly be entered into a queue which normally takes less than a minute to clear.
This will perform a scan across multiple different virus scanning engines.
Important: Wait for all of the scanning engines to complete.
5. Copy and then Paste the link to the results in the next reply.

[PatriciaW]

I tried to scan the file and it said path don't exist. I'm pretty sure it's an old music file I transferred via the USB flash drive. The date on the file is from 2006 and I didn't have this laptop at that time.I scanned it with antivir and the malwarebytes neither of them detected anything. I was working on the desk top most of the afternoon. I have dial up so everything takes forever to download and i have to keep switching the telephone cord to whichever computer i am working on.. lol anything else i need to do?? thanks again..

[evilfantasy]

I have dial up so everything takes forever to download and i have to keep switching the telephone cord to whichever computer i am working on.. lol anything else i need to do?? thanks again..

I will try to use all small tools so it doesn't take too long to download.

Do you want to get rid of that service since you don't use it anymore or do you need it?

Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

• R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
• O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

.
Important: Close all windows except for HijackThis and then click Fix checked.

Exit HijackThis.

[PatriciaW]

Ok.. here is a new log from hijackthis. which service were you asking about??? my dial up or something else? 

[attachment deleted by admin]