Raghupathy’s Tech Page

Recently, I had been facing this problem on all the virus hit systems on one of my client’s network. The problem was that I was getting the “Open With” dialog every time I double clicked any drive in My Computer. I had to select Internet Explorer from Open With dialog to open the drives. One of my friends came up with an idea and it worked great. The idea was to create a blank autorun.inf file in the drive having problems. And it was perfect .. now I can open all my drives (after placing the blank autorun.inf in the drive) by double clicking them.

To make a blank autorun.inf, open notepad and Save As “autorun.inf”. Place the autorun.inf in the affected drive.

Having the same problem? Did this trick solve your problem or you had a better solution? Share your experiences.

UPDATE: Please use the following DOS command for the ease of deleting the autorun.inf file.
C:\>attrib -S -H -R C:\autorun.inf
C:\>del /F C:\autorun.inf
Replace C with your drive that you want to disable autorun of.

There is a trojan/virus (either the Win32/Pacex virus or the Win32/PSW.Agent.NDP trojan) that uses those two files. Here is how you can get rid of them:

1) Open up Task Manager (Ctrl-Alt-Del)
2) If wscript.exe is running, end it.
3) If explorer.exe is running, end it.
4) Open up “File | New Task (Run)” in the Task manager
5) Run cmd
6) Run the following command on all your drives by replacing c:\ with other drives in turn (note: if you have autorun.inf files that you think you need to backup, do so now):

del c:\autorun.* /f /a /s /q

7) Go to your Windows\System32 directory by typing cd c:\windows\system32
Type dir /a avp*.*
9) If you see any files names avp0.dll or avpo.exe or avp0.exe, use the following commands to delete each of them:

attrib -r -s -h avpo.exe
del avpo.exe

10) Use the Task Manager’s Run command to fire up regedit
11) Navigate to HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run (as usual, take a backup of your registry before touching it!)
12) If there are any entries for avpo.exe, delete them.
13) Do a complete search of your registry for ntde1ect.com and delete any entries you find.
14) Restart your computer.