1. Technology
You can opt-out at any time. Please refer to our privacy policy for contact information.

Autorun Worms: How to Remove Autorun Malware


Autorun worms spread from USB/thumb drives as well as fixed and mapped drives. Autorun worms typically drop or download additional malware, usually backdoors and password stealers. For a description of how Autorun malware works, see the Autorun FAQs. To remove an Autorn worm, follow the steps below.
Difficulty: Average
Time Required: Varies depending on extent of infection

Here's How:

  1. Before attempting removal of an autorun worm, you must first disable Autorun. See: How to Disable Autorun in Windows XP or How to Disable Autorun in Vista.
  2. After you have disabled autorun, search the root of all drives (including all USB/thumb drives) for the presence of an autorun.inf file. When you have located the autorun.inf file, open it using a text editor such as Notepad and look for any lines that begin with Label=" and "shellexecute=". Note the name of the file designated by these lines.
  3. Close the autorun.inf file and delete it from the drive. Now locate the file that was designated in Step 2 and delete that file as well.
  4. Repeat these steps for all local, mapped, and removable drives.
  5. Note that if an autorun worm is discovered, you should anticipate other infections have occurred and also that your antivirus/firewall/security software may have been disabled and/or tampered with. Ensure the antivirus is working properly by using an Eicar test file.
  6. If you are unable to delete the malware files, or they reappear after deleting, use a bootable antivirus rescue CD to access the drive without allowing the malware to load first. You should then be able to delete the target files.
  1. About.com
  2. Technology
  3. Antivirus Software
  4. Malware Information
  5. Autorun Worms: How to Remove Autorun Malware

©2014 About.com. All rights reserved.