My tussle with autorun.inf virus

One of my friend's PCs was infected with the Infostealer virus. Although the Antivirus identified the virus and cleaned it. Couple of weird things happened

(a) If you double click on C: or D: , it asks you to chose a program. However if you right click and say Explore, it opens up fine

(b) It was not possible to see hidden files and folders any longer. If you go to Explorer->Tools->Folder Options->View and check "Show hidden folders and files" and say ok, and then immediately go back and check , the option would reset to "Do not show hidden files and folders"

Very perplexing problem and our in-house technicians gave up on solving this problem. Time for the master technician to step in :-)

Problem (a) is easily solvable, provided your Antivirus had already caught and cleaned the virus. It is caused by the "autorun.inf" file in c: and d: drive. To complicate matters a bit, this is set as a hidden file. Best option that I found out is follows.

• Start->Run->cmd , Enter
• Type c: , followed by "dir /ah *.inf" . Now you should see a listing for autorun.inf.
• Switch the attribute of the file by doing "attrib -h -s autorun.inf" . -h is to unhide, -s is to remove system attribute
• Now go to c: ( by right click on My computer and explore ) and shift + delete the autorun.inf file
• Repeat the procedure for d:
• After re-start, your problem should be fixed.

Problem (b) is a bit more tricky and requires messing around with registry. So be sure to backup your registry. Type "regedit" from the command prompt , click on "My computer", go to File->Export and save the file is say c:\.

Next trick is to find an uninfected XP system and export the following two sets of registry entries

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced

HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Explorer\Advanced

Just click on the Advanced and go to File->Export to export this key. These will be two very small files, 20 kB or so.

Copy them on to the affected PC , invoke registry editor and import these two files. You can go the explorer and change the hidden file options and they should stick now !!

This solution is thanks to the suggestions found on http://www.techspot.com/vb/topic65215.html

Another feather in the cap of the unofficial tech support guy. Our internal tech support will have a fit if they find out that I have been steadily eating away at their business :-)