Today, I just clean a virus from my friend’s computer (Windows XP). When I found the virus, I could not scan it. The virus (or worm) will create autorun.inf and a Recycle Bin folder in the pendrive. The malicious executable file is in the Recycle Bin folder in the pendrive. So that when the pendrive plugged into other computer, with the autorun feature, the virus will duplicated.
Firstly, I successfully cleaned the virus from the pendrive. Use the Unlocker to remove the Recycle Bin in the pendrive. Delete the autorun.inf.
Next, I used TweakUI to disable the autorun feature for several drives, so that the computer will not generate autorun.inf when the pendrive is plugged into it.
However, I failed to find the source of the autorun.inf virus. I tried to search the process using Process Explorer, and searched for the startup using AutoRuns. I failed to find the suspicious virus. Then I tried to run online PC scan. But none of the website could be visited. And I knew that was the effect of the main virus.
Then, I tried to boot into the computer in safe mode. And visit the online PC scan successfully. Then, I tried to use Malicious Software Removal Tool. Run it, and scan for the Windows folder. Finally, found the virus “Worm:Win32/Conficker.C“. Yeah!
Restart the computer, now it is able to update the virus definition, visit the online PC scan website.