Common autorun virus scanning and Removal Methods

Currently, there are many people using mobile storage tools, such as USB flash drives, mobile hard drives, and MP3. At the same time, there will be a crisis. The Autorun virus is one of the most common viruses. Therefore, this article introduces several simple methods to delete the Autorun virus.

First, the symptoms after poisoning are:

Double-click drive letter cannot open, or open a new window, or let you select the file opening method...

In fact, the most obvious picture is that two items are added in the right mouse button, auto or automatic playback. If you find the above symptoms, you can basically determine that you are using a virus such as autorun. However, if it appears only after being attached to a CD, it is normal. Do not think too much. Haha.

Virus trigger method:

In normal times, users double-click the disk to open the disk. The virus uses this. In the registry, two new shell commands are added for the drive letter, then, when you double-click to open the drive letter, the virus will start first, and then open the disk. Sometimes, double-click does not respond, and you can only right-click to open the drive letter. Reinstalling the system will continue.

Next, let's take a look at the general methods of virus detection and removal. We hope everyone can do this by themselves.

The first thing I want to talk about is the first two points that must be done during system creation:

1. Modify the Group Policy to disable automatic playback.

Run --> gpedit. msc --> User Configuration --> System --> disable automatic playback --> enabled-All Drives

2. disable a service used for automatic playback.

Run the --> services. msc --> Shell Hardware Detection Service --> Start type --> disable

The following is what you want to do after you are determined to be poisoned. stop the virus process first.

3. virus detection and removal: Modify the registry [hkey_current_usersoftwaremicrosoftwindowscurrentversionpolicermountpoints2]

Expand All items with "+" under this key value in sequence, such as "command" or "shell,

Write down the files in the following path and delete them all. By default, all drive letters contain no + values.

4. Open CMD to enter your infected drive letter and use the attrib command to view files with hidden attributes. Generally, these attributes are system, read-only, and hidden. First, remove the attribute attrib-s-h-r file name attached to the file, so that you can see the prototype of these files under the root directory, and delete the garbage.

Delete/s/q file name

You can also perform operations in windows. Select the top folder, remove the check mark before the system hides the protected system file, and then display all the files. Then delete the virus.

You can use unlocker1.85 to delete a more powerful virus. After completing the preceding steps, you can basically handle the auto virus.

Finally, we need to delete the virus-related key values in the Registry Startup item!

Currently, there are some autokiller tools on the Internet for this type of virus. You can also download them and disable the network to go to the security mode for detection and removal. Haha.