Question : Need help removing Worm Autorun.B

The user on my front desk computer immediately told me that five of her applications were not working. One is usually downloaded easy from my website. It opened but clicking on the download wouldn't work. One icon didn't do anything on the desktop. Another program would start to open and you would see the startup window for about two seconds and then close. So, all things pointed to a virus.

I have eSet NOD32 version 4 which is up to date, but I guess it missed it. Ironically, I ran my other two malware products which I run every week just to be careful. I ran one of them today. Malwarebytes' Anti-Malware found one worm which is Worm Autorun.B. It is currently scanner window with No action taken under the Action Taken column. The item is C:\RECYCLERS\S-1-5-21-2595256846-21884. There are four of these files.

In the registry, I can see:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ with the key:

Userinit: C:\WINDOWS\system32\userinit.exe  (I read where you do not want __.bat after .exe)  

and

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ with the key:

SuperHidden (I read that ShowSuperHidden is not what you want)

I apologize if "key" is the wrong word for the values in the right hand pane.

I don't know if it is as simple as clicking on Remove Selected in MBAM or if I need an actual removal tool.

Answer : Need help removing Worm Autorun.B

Well Malwarebyte is very good software and most of us here on expert exchange do recommend it to the people who reports issues related to the virus, worm or malware.

So I think you are good to go and could simply do what malwarebytes asked you to do. Do remove.

Sudeep
Random Solutions  
 
programming4us programming4us