cleaning Win32/AutoRun.Agent.BE
So yeah, I got my first worm in quite a while, the awesome and overall cute Win32/AutoRun.Agent.BE. But I also got a piece of wisdom from cleaning it – make sure you never download any software from sources you aren’t 100% sure of. That includes torrent trackers, dc++, any other p2p interface, random [free] download websites and so on.
As I said, my PC, the mighty Shoarec, has caught a nasty case of Win32/AutoRun.Agent.BE and I had a bit of trouble cleaning it. Google adviced me to different methods to get rid of it but none actually worked so now I will post here the best way to get rid of it without much headache. For me it went pretty much like this: nod32 detected the worm as soon as it was in my system but didn’t manage to actually get me rid of it.
This is how I cleaned it, step by step:
#1: Downloaded and installed the Malwarebytes’ Anti-Malware software. It’s free for scanning and cleaning, you can get it from here. It’ll detect the worm and delete some of its parts.
#2: If you check in [My Computer] at this point you will still notice that the drive’s default action is Autoplay instead of Open. You shouldn’t double click the drive or use the autoplay option at any time! That’s definitely not good. Now you need to get those pesky “autorun.inf” files out in the open, to do that you will type in Run “attrib c:\autorun.inf -r -h -s”, it’will remove the attributes for the autorun.inf file found in the root C:\ drive. Replace C: with D:, E: etc. to remove the attributes for the file on all of your drives..
#3: Delete C:\autorun.inf, D:\autorun.inf and so on.
#4: Reboot.
#5: Run MBAM again to make sure the worm is gone.
There you go, now the worm is gone and your drives should again behave properly.
PS: Have a happy New Year. I will.
Thanks,
The management.
5 Comments
Make A CommentComments RSS Feed TrackBack URL
January 2nd, 2009 at 5:27 pm
Oh! Man Thx Ya So Muchhhhhh
Ya safe ma comp
January 5th, 2009 at 6:50 pm
‘welcome :P
January 19th, 2009 at 6:29 pm
Hello!
My father also has got this worm. We don’t have much experience with computers, know some things, but this kind of trouble can be really a pain in the ass. He tried to follow your instructions, there was a problem because he couldn’t connect to internet anymore. There was a connection, but couldn’t get to any page.. He was trying with that deleting things but still didn’t succed. Do you have any more ideas what to do? Maybe we should call some expert to come and see anyway.. :(
Thanks for sharing your knowledge
January 19th, 2009 at 10:29 pm
Download MBAM on another computer from here: http://www.malwarebytes.org/mbam.php – after you do that copy it on an usb drive, plug it into your computer and install the program from there. About your i-net connection, try and ping some random website like google.com (go to run, type ping http://www.google.com -t, hit enter), if it replies to your ping than it means your connection it’s working and it’s just a browser problem that can be caused by another worm or virus. In this case also download on an another computer an alternate browser to the one you’re using now (Firefox, Opera, Chrome etc.) and install it on your machine. Hope it helps. :)
March 20th, 2009 at 4:36 pm
[...] Asa ca, there we go… Printre cele mai relevante ar fi autorun.agent.be – evident duce spre aici; pisdos – destul de evident unde duce; start pisdos – duce in main; tubelu – duce aici; mieii [...]