Apparently my PC has gotten another virus, even though I play it safe. Its that autorun.inf thing, i think. I tried to delete it using the command prompt, but that didnt work, since for some reason, I can't change directories. Can anyone help me with this? my antivirus program isnt doing jack shit but alerting me to having a virus.

here's my report from SDfix:

SDFix: Version 1.142

Run by Sq on Fri 02/15/2008 at 03:19 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\Documents and Settings\Sq\Local Settings\Temp\aax2CE.tmp.exe - Deleted
C:\autorun.inf - Deleted





Removing Temp Files...

ADS Check:



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-15 15:27:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 4


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2re s.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Ena bled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Ya hoo! FT Server"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\PPMate\\ppmate.exe"="C:\\Program Files\\PPMate\\ppmate.exe:*:Enabled:PPMate"
"C:\\Program Files\\PPMate\\ppamnet.exe"="C:\\Program Files\\PPMate\\ppamnet.exe:*:Enabled:PPMate"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"="C:\\Program Files\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVUPlaye r Component"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2re s.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sat 12 Jan 2008 115,937 ..SHR --- "C:\ek.com"
Sat 12 Jan 2008 115,937 ..SHR --- "C:\WINDOWS\system32\kavo.exe"
Fri 15 Feb 2008 96,768 ..SHR --- "C:\WINDOWS\system32\kavo0.dll"
Wed 3 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Finished!

but the autorun.inf is still there! Is it possible that it didnt remove the one on my HDD?

less porn = less virus

this virus, is a trojan i think, its been circulating a lot recently, some of my friends got it too. this autorun, wants to start some exe IN THE SAME DIR, which is mostly root.

In my friends case it was called wupdmgr.exe, or something along the lines.

Just download an antivirus app, like avast, check your c:/ d:/ g:/... etc... for the autorun and the exe, delete those manually, run avast to check the drives, best way is to just right click on the drive and click "scan".

This should take care of it, if it doesnt, check your windows/system32 for anything weird, like kvkjc.exe or something, if you are unsure screenshot it, if you are sure its bogus, just delete it.

I agree with above. Sounds like the best course of action. If you have XP, you cant go wrong with Avast.

You caught a pretty bad trojan to. It looks like it went into every program you have.

Actually, I mainly use avast, and have for quite a while. I hasn't really helped all that much.

did you actually scan the drives? its not gonna scan out of itself you know

Try using Kaspersky's online virus scanner to pick up all the infected files and the name of the infection, then try some manual removal methods for the infection on McAfee or Norton's database.

http://www.kaspersky.com/virusscanner

If it's still a problem (maybe you've solved it by now), go to http://forums.majorgeeks.com/forumdisplay.php?f=35 and read the stickies, then post with the information the stickies prompt you for. Please note, they're really sticklers for the stickies (no pun intended). If you leave something out, most of them will ignore you post or redirect you to the stickies.