Autorun.inf often cause problems to pendrive or flash drive user who always used public access computer or a computer that used by many users. Autorun.inf facilitate all kinds of trojans, malware and other infectious or reproduce from one system to a system other. Once this script is scrutinized, it is actually Haha.js scripts that have been modified slightly, and the name was changed to another name.
What will you see if your computer has been infected by "selamat_berposa..." is;
- Internet Explorer Title changed from "Windows Internet Explorer" to "selamat_berposa_dari_umt"
- Context menu on the disk drives you will have options such as "Scan For Viruses", "Scan with Norton AntiVirus", and "Scan with AVG
- "Open" and "Explore" will be taken over by this script also.
- If you double click on the drive, it takes quite some time from the appropriate period.
This script is spread through the implementation of autorun.inf in every drive. Once it is active, it will copy itself into;
- each root directory of all drives either fixed or removable drive.
- Windows and System32 folder
Once it is copied, it will change the attribute to the Archive, Readonly, Hidden, System. This causes it can not be seen and removed easily with.
How to Delete?
This script depends on wscript.exe to operate. When it is active, wscript.exe process can be seen in Task Manager. Do this step,
- Terminate wscript.exe process using Task Manager, by right-click on the wscript.exe and select "End process".
- delete the autorun.inf and selamat_berposa_dari_umt.js files from disk drives, including removable drives (both files are hidden, so you must show this file using "Folder Options".).
- To restore the title of Internet Explorer, use Regedit, go to HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ Main and delete directly "Window title" in the right pane.
- Restart your computer.
That's it. good luck.
p/s: be very careful while editing the registy ... I do not take responsibility if other problems arise on your PC.