It's just a script made by script kiddos to make some fun on your computer. Trend Micro rate it as a malware and give a name JS_AUTORUN.ABE
(http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JS%5FAUTORUN%2EABE&VSect=P)
Symtomps:
1. Your Windows Explorer / Internet Explorer window title changed to Mawar.js / AhPaw.js
2. When you right-click any drive inside My Computer, be it C drive or USB flash drive, the default option which is "Open" is not the first choise & it's not in BOLD. It will come up with "Op%n" or "Search" instead of Open.
3. Double clicking the drive won't open it. Instead it will perform another function such as "Search" etc.
4. You have to go to the address bar and select your drive from the small arrow icon to open it, instead of double-clicking the drive.
5. etc. etc
It's caused by the Autorun.ini which resides inside the drive.
---
code removed: http://pastebin.ca/1910347
---
--- OK.. now end that shit ..let's go to removal instruction. Some additional tools (Hijackthis, CCleaner, Spybot S&D, WinPatrol) may help but I prefer manual removal.
REMOVAL INSTRUCTION
-------------------
1. Disable System Restore
(Right click My Computer --> Properties --> System Restore --> check at the Turn Off System Restore box --> OK
2. Restart your computer in Safe Mode
(Restart PC, while Windows tried to load, Press F8 repeatedly and choose the 1st option - "Safe Mode"
3. Login to your computer
4. Unhide all Hidden Files and protected Operating System Files
- Go to My Computer
- Click Toools --> Folder Options... --> View
- Check the "Show hidden files and folders" radio button
- Check the "Hide protected operating system files (Recommended) button
- Click OK to apply the changes
5. Go to My Computer --> C:\ drive (or any additional/removable drive) and..
- Find autorun.ini and DELETE it!
- Find VirusMwrdy.js (if any) and DELETE it!
- Find ahpaw.js (if any) and DELETE it!
6. Go to My Computer again, and right-click C:\ drive
- Click Properties --> Disk Cleanup --> More Options --> System Restore --> Cleanup.. --> click Yes when asked --> Click OK
7. Run Registry Editor
- Click Start -- > Run --> type in regedit
- Highlight at the My Computer icon and press Ctrl+F to start search
- now.. when the search box appears, type VirusMwrdy.js (for Virus Mawar) OR ahpaw.js (For AhPaw.js) and let the system search for the key
- delete all the key once detected
- repeat the search function again and again until you sure that the key is completelty removed.
- ***For virus Mawar, you may need to find additional key -- mawar (and search it over again)
- ***For AhPaw.js you may try to find alternative key -- ahpaw (and search it over again)
8. Read again from steps 1 if you missed any. Now you can safely reboot your computer and login to Windows as normal.
To restore back window title/Internet Explorer title bar you'll need to remove this entry from Registry:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
look at the string value: Windows Title and safely remove it.
Please let me know if you have additional info or send me some winks if you found this article helps.
Thanks
ripped from switch
#shell @ FreeNode
irc.freenode.net:6667
-------------------
1. Disable System Restore
(Right click My Computer --> Properties --> System Restore --> check at the Turn Off System Restore box --> OK
2. Restart your computer in Safe Mode
(Restart PC, while Windows tried to load, Press F8 repeatedly and choose the 1st option - "Safe Mode"
3. Login to your computer
4. Unhide all Hidden Files and protected Operating System Files
- Go to My Computer
- Click Toools --> Folder Options... --> View
- Check the "Show hidden files and folders" radio button
- Check the "Hide protected operating system files (Recommended) button
- Click OK to apply the changes
5. Go to My Computer --> C:\ drive (or any additional/removable drive) and..
- Find autorun.ini and DELETE it!
- Find VirusMwrdy.js (if any) and DELETE it!
- Find ahpaw.js (if any) and DELETE it!
6. Go to My Computer again, and right-click C:\ drive
- Click Properties --> Disk Cleanup --> More Options --> System Restore --> Cleanup.. --> click Yes when asked --> Click OK
7. Run Registry Editor
- Click Start -- > Run --> type in regedit
- Highlight at the My Computer icon and press Ctrl+F to start search
- now.. when the search box appears, type VirusMwrdy.js (for Virus Mawar) OR ahpaw.js (For AhPaw.js) and let the system search for the key
- delete all the key once detected
- repeat the search function again and again until you sure that the key is completelty removed.
- ***For virus Mawar, you may need to find additional key -- mawar (and search it over again)
- ***For AhPaw.js you may try to find alternative key -- ahpaw (and search it over again)
8. Read again from steps 1 if you missed any. Now you can safely reboot your computer and login to Windows as normal.
To restore back window title/Internet Explorer title bar you'll need to remove this entry from Registry:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
look at the string value: Windows Title and safely remove it.
Please let me know if you have additional info or send me some winks if you found this article helps.
Thanks
ripped from switch
#shell @ FreeNode
irc.freenode.net:6667
No comments:
Post a Comment