Wednesday, February 1, 2012

Double Click-Open with' problem solved

I have been encountering this windows error very frequently:
Whenever I click on my hard drive, it opens a Open With window.

This is because more and more malwares are resorting to 'autorun.inf' file tactics.

Q:What is autorun.inf?
A:Autorun.inf is basically an optional file in the root directory of CD which contains instructions for what action to perform as the CD is inserted. These instructions can include, for example, a command for an installation program to be executed. Autorun.inf file can also be associated with drives on your system. When you double click the drive icon in 'My Computer', instructions in the autorun.inf file are run.

Q:How does it spread?

A:These type of virus infections are commonly spread by portable USB drives. The moment you click on the USB drive which is already infected by virus, the virus creates replica of autorun.inf file in your entire system under each drive.

Q:How to fix them?
A:Geeky solution for Deleting Autorun.inf files :

Open task manager and end the "wscript.exe" process
Click Start, Run and type cmd,
run these commands:

-------------------------
cd\
c:
attrib -h -s -r *.inf
del *.inf
-------------------------
Try this for all of your drives. You might need system restart after this.

You may also encounter one of these system restrictions:

1 - Disable Registry Tools >> so the user can't see what is going on during system startup!


Geeky solution for Enabling Registry Editor:

Click Start, Run and type this command:

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\
Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f

Click OK.


2 - Disable Folder Options >> so the user can't set the option to show hidden files!


Geeky solution for Enabling Folder Options:

Once registry editor has been enabled, click Start, Run and type regedit, browse to the entries given below and edit these dword values:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Policies\Explorer]"NoFolderOptions"
=dword:0000000

[HKEY_CURRENT_USER\Software\Policies\Microsoft\
Internet Explorer\Restrictions]"NoBrowserOptions"
=dword:00000000


3 - Disable Ctrl+Alt+Del (Task Manager)>> so the user can't see the virus and the other applications running!



Geeky solution for Enabling Task Manager:

Click Start, Run and type this command exactly as given below:

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\
Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f

Click OK.


Ungeeking the task:
Autorun Eater is a tool that removes any suspicious 'autorun.inf' files in real time, even before the user attempts to access the drive. It will prompt the user before any autorun.inf file is deleted. Besides this the tool is also capable of removing above three common system restrictions made by virus.

Sergiwa RRT(Remove Restrictions Tool) is a useful troubleshooting utility to clear around 30 more restrictions like the one mentioned above. You can find the complete list on the developer's site. Though it doesn't eat autorun.inf files!

0 comments:

Post a Comment