I found "qazwsx/zaqxsw.exe" in my c drive.and i am facing a problem whenever I connect pen drive, automaticly a autorun.inf file i found in pen drive.i tried to delete it, but it is in process unable to delete.after formating pen drive, again i found the same file whenever i connect pen drive.
:jmp3
;wÝ#??m?{??L??íõÀµ????
open=qazwsx\zaqxsw.exe
;捄?sxaA
icon=%SystemRoot%\system32\SHELL32.dll,4
action=Open folder to view files using Windows Explorer
:je0
if the said virus not even detected by Symantec antivirus, it is highly recommended to submit this file to Symantec Security response team to analyze the file
Comments
unable to run full scan
hi,
i am unable to run full scan on unmanage client.whenever i run it, it is scan like a active scan.
pls help
autorun file unable to delete
I found "qazwsx/zaqxsw.exe" in my c drive.and i am facing a problem whenever I connect pen drive, automaticly a autorun.inf file i found in pen drive.i tried to delete it, but it is in process unable to delete.after formating pen drive, again i found the same file whenever i connect pen drive.
Disable AutoplayGPedit.msc
Looks like there is a threat on your computer.
Download NSS and run full scan in safe mode.
Disable autoplay aswell
https://www-secure.symantec.com/connect/articles/more-how-disable-autoplay-feature-prevent-virus-spreading-way
and also check
https://www-secure.symantec.com/connect/articles/how-find-suspected-threats-your-computer
Submit all the suspected files to https:..submit.symantec.com/gold
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
Hi
What happens when you try to do the full scan?
Please don't forget to mark your thread solved with whatever answer helped you : ) Rafeeq
hi
iot is acan like a active scan only for less then 1 minute
Hi
connect the pen drive
open the cmd prompt
navigate to pen drive ,say F:\>
type attrib -h -s -r
del autorun.inf
try to run the scan now
Please don't forget to mark your thread solved with whatever answer helped you : ) Rafeeq
hi
and the coding i found in inf file.....................
[[[[[[[[[autorun[][[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[]
[autorun
:jmp3
;wÝ#??m?{??L??íõÀµ????
open=qazwsx\zaqxsw.exe
;捄?sxaA
icon=%SystemRoot%\system32\SHELL32.dll,4
action=Open folder to view files using Windows Explorer
:je0
shell\\\\open\\\\\\command=qazwsx/zaqxsw.exe
:cmp
shell\\\explore\\\\\command=qazwsx/zaqxsw.exe
;ÃxöJ?â?g??(nçÒ#
useautoplay=1
;?üC}?ëÄ??{?Z
[AutoRun]
:GOTO NUL
hi
unable to delete the autorun.inf file. it is being used
Hi
Follow this forum discussion and remove autorun.inf
https://www-secure.symantec.com/connect/forums/how-remove-autoruninf-file
Please don't forget to mark your thread solved with whatever answer helped you : ) Rafeeq
hi
thanks rafeeq,
but still when i reconnect pen drive system rebuild the same autorun.inf file
have you disabled autoplay
have you disabled autoplay following the above article.You can download and run Malwarebytes it will surely clean all the virus from your computer
Hi
Check the autorun file on all your hard drives, delete those too.
try donig a full scan with latest virus defs.
seem like its coming from your system to pen drive.
Please don't forget to mark your thread solved with whatever answer helped you : ) Rafeeq
Hi, If this computer is
Hi,
If this computer is connected to LAN, then try to map the drive from the another computer and run full scan.
if the said virus not even
if the said virus not even detected by Symantec antivirus, it is highly recommended to submit this file to Symantec Security response team to analyze the file
:-)
Virus Cleaned
if pen drive is affected by autorun.inf trojan,It is als associated with hidden files
qazwsx\zaqxsw.exe
qazwsx\Desktop.ini
size of zaqxsw.exe file is 211,968
use safe mode command prompt to delete it
del /a *
sometimes zaqxsw.exe affect your PC and sit under in C:\RECYCLER\S-1-5-21-8751926100-3516730847-449045751-7323
directory as czzi.exe
search the file czzi.exe in c:
dir /s czzi.exe
and delete it
del /a czzi.exe
make a autorun.inf directory in your pen drive root, set its attribute as hidden and system
attrib +r +h +s autorun.inf
ISSUE RESOLVED !
- Dennis Jaat
Would you like to reply?
Login or Register to post your comment.