You are not logged in.

Wednesday, July 30th 2014, 7:11pm

The Avira Forum will be moved to the new platform Avira Answers soon. We'll make the transition of existing user profiles and threads as smooth as possible.
New visitors are able to log in on Avira Answers with the existing Avira account directly or sign up with a new account.

  • "buloheart" started this thread

Date of registration:
Oct 25th 2013

Version:
Avira Free Antivirus

Operating System:
Windows 7

  • Send private message

1

Friday, October 25th 2013, 9:23pm

\Device\HarddiskVolume1\Autorun.inf blocked on windows 7 right after booting

I have the following happening to me since yesterday and every time Windows 7 starts:


[Real-Time Protection] Autorun blocked
In accordance with security guidelines, the Administrator has blocked access to
file '\Device\HarddiskVolume1\Autorun.inf'.

I have no CD/DVD or any usb connection on my notebook (other than a mouse and webcam).

Is my notebook infected? Can you please help me diagnose the problem?

Thanks...

Michael_Mann

Moderator

Date of registration:
Oct 24th 2005

Version:
Avira Ultimate Protection Suite
Avira Free Unix/Linux
Avira Android Security

Operating System:
AmigaOS 3.9, Ubuntu 13.10+ & Windows XP SP3, win7 HEdit. 64b (sp1)

  • Send private message

2

Friday, October 25th 2013, 9:49pm

Please include this autorun.ini-file into the three exclusion lists of aVir. Then reboot the PC, open this inf-file with an Texteditor and post the content of the file here in the forum.
Meine PCs: Amiga 1200 und WinUAE. Daf├╝r ist Virenfreiheit garantiert.
Links: Tipps & Tricks -- HiJackThis -- Video Anleitungen
I speak german and english only

redwolfe_98

Community member

Date of registration:
Nov 14th 2006

Version:
Avira Antivirus Suite

Operating System:
Win XPsp3

  • Send private message

3

Saturday, October 26th 2013, 5:12pm

there are several forums where people can get help with removing malware.. you could go to one of them, to get help..

here is a list of some of the forums where people can get help with removing malware:

http://forums.techguy.org/54-virus-other-malware-removal/

http://www.geekstogo.com/forum/forum/37-…alware-removal/

http://forums.malwarebytes.org/index.php?showforum=7

http://www.bleepingcomputer.com/forums/f…e-removal-logs/
win xpsp3, "windows firewall", avira antivirus pro, SSM, RegDefend

  • "buloheart" started this thread

Date of registration:
Oct 25th 2013

Version:
Avira Free Antivirus

Operating System:
Windows 7

  • Send private message

4

Saturday, October 26th 2013, 9:51pm

I couldn't really find the autorun.inf file. I've disabled the autorun functionality all together in Windows 7. Now it stopped complaining about it. I still do not feel very safe though. I'll run a full scan tonight with Avira.

redwolfe_98

Community member

Date of registration:
Nov 14th 2006

Version:
Avira Antivirus Suite

Operating System:
Win XPsp3

  • Send private message

5

Saturday, October 26th 2013, 11:31pm

from what i read on the internet, i think that the autorun.inf file that was being flagged belongs to a recovery program that is found on a hidden partition on acer computers.. however, i don't know why the file was trying to run..
win xpsp3, "windows firewall", avira antivirus pro, SSM, RegDefend

  • "buloheart" started this thread

Date of registration:
Oct 25th 2013

Version:
Avira Free Antivirus

Operating System:
Windows 7

  • Send private message

6

Sunday, October 27th 2013, 1:40am

When I check on the device manager, I see that there is a System Reserved 100MB volume, that might be a similar case. My notebook is a Sony one by the way.

  • "buloheart" started this thread

Date of registration:
Oct 25th 2013

Version:
Avira Free Antivirus

Operating System:
Windows 7

  • Send private message

7

Sunday, October 27th 2013, 7:54pm

Couldn't find virus. Have a hidden object though. It could probably be the daemon tools though.

redwolfe_98

Community member

Date of registration:
Nov 14th 2006

Version:
Avira Antivirus Suite

Operating System:
Win XPsp3

  • Send private message

8

Sunday, October 27th 2013, 10:07pm

i wouldn't worry about the "hidden object(s)" that was flagged by the avira program's rootkit-scanner.. it is not unusual for it to flag "hidden objects" and, when it does, no one can tell if they are OK, or not.. whenever anyone asks about them, if they are OK or not, essentially they are told to just ignore them.. no one knows if they are OK or not, it is just presumed that they are OK..

if you say "that makes it sound like the rootkit-scanner is useless?".. yes, those are my sentiments, exactly.. and, since i think that it is useless, i uninstall it.. you can use a "modify-install" to uninstall the rootkit-scanner.. to do that, go to windows "add/remove", click "avira" and then click "change", to run a "modify-install".. then, to uninstall the rootkit-scanner, untick the option for "protect against rootkits", or however it is worded..

incidentally, the rootkit-scanner does not "protect against rootkits", in only supposedly has the potential to flag a rootkit after it already has been installed.. the problem is that 99.99999% of fhe "hidden objects" that it flags are legitimate and shouldn't be removed and, if it ever did flag a malicious hidden object, no one could tell the difference..

if you want to scan for rootkits, i would recommend using other programs, instead, like:

GMER
aswMBR
kaspersky's TDSSKiller

"hitmanpro" is another good program to use, to scan for malware..

you also could run a scan with eset's "online scanner", to double-check for a malware-infection.. here is a link for it:

http://www.eset.com/us/online-scanner/

note that eset's "online scanner" can be installed "locally" on your computer.. if you go to the eset webpage with "firefox", or "chrome", or "opera", you will be offered to install the program locally.. if you go the webpage with "internet explorer", an activex version of the program will be installed in IE, instead..

if you install eset's online scanner locally, it does not create a shortcut for launching the program in your "start menu", so you will have to create a shortcut for the program yourself, and paste it in your "start menu"..

you also could run a scan with "adwcleaner" to see if your computer is infected with any "scumware" :

http://general-changelog-team.fr/en/down…de/2-adwcleaner

"malwarebytes" is another program that is commonly used to scan for malware..

i will say again, if you need help, go to one of those forums that i listed and ask for help..

:)
win xpsp3, "windows firewall", avira antivirus pro, SSM, RegDefend