Sign in to follow this  
Followers 0
cargo

cannot delete autorun.inf system.exe on memory stick

9 posts in this topic

I am running Kapersky Internet 7.

 

When I plug in a USB memory stick I get the (noisy) Kapersky virus warning of

 

Worm.win32.autorun.sjn

 

There are two files in the stick's root directory - autorun.inf and system.exe.

 

I can delete these 2 files but they return after just a few seconds.

 

I attach the sysinfo file:

avz_sysinfo.zip

Share this post


Link to post
Share on other sites

hello

hold shift while you insert your stick into the usb port.

please send both files to the lab: http://forum.kaspersky.com/index.php?showtopic=13881

afterwards run this script:

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\Program Files\Microsoft Common\svchost.exe','');
DeleteFile('C:\Program Files\Microsoft Common\svchost.exe');
ExecuteSysClean;
BC_ImportDeletedList;
BC_Activate;
RebootWindows(true);
end.

 

afterwards make a full scan of your whole pc and post the detected list

Share this post


Link to post
Share on other sites

I have sent off a zipfile to you with the offending file in a RAR archive.

 

Unfortunately, after running your script above, the comp then rebooted but only so far: I cannot get my desktop back! :angry:

Share this post


Link to post
Share on other sites

that's strange the file deleted shouldn't have any effect on the loading process. can you boot into safe mode?

Share this post


Link to post
Share on other sites
that's strange the file deleted shouldn't have any effect on the loading process. can you boot into safe mode?

 

Unfortunately, no. I should have mentioned that the laptop affected was running Win2000 Pro. I have now reformatted and installed a clean copy XP Home on the same machine (this machine). So the problem has gone away, but its a LOT of work getting all the progs set up again...

 

There is one other laptop running XP Pro and a desktop running XP Home that both have the problem stated in the first post on this thread. I have only attempted to use the desktop this morning and one interesting thing is that i can get on the internet, but the machine cannot connect to Kapersky or Symantec sites! Though other sites are accessible and all Google searches for anything now send me to pay sites for discount holidays and new antivirus software.

 

I'd prefer not to touch those two machines again until and if Kapersky can come up with a fix.

 

 

 

 

Share this post


Link to post
Share on other sites

well, there won't be any fix if you can't update.

Share this post


Link to post
Share on other sites
well, there won't be any fix if you can't update.

 

Ok, i'll try running the script above on the desktop and see what happens..

Share this post


Link to post
Share on other sites

no, post a new AVZ log made on the desktop, the issues don't have to be identical.

Share this post


Link to post
Share on other sites
no, post a new AVZ log made on the desktop, the issues don't have to be identical.

 

Unfortunately, am too late - now both other machines boot into Windows and then just hang before the desktop appears - cannot get Safe Mode to work either. So now doing full OS re-installs on both machines. No fun at all.

 

I did email Kapersky a copy of 'System.exe' and the script contents of 'Autorun.inf'. I can re-send if it will help...

 

 

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0