This works on any removable device detected as a mass storage device -Flash cards, SD cards, Digital Cameras (in mass storage mode), Mp3 players, mobile phones, Pen drives, USB/Firewire and probably eSATA hard drives -actually any removable medium on which you can save a file on!

USB Pen drives/Flash drives and hard disks are  convenient ways of carrying data around. You can get Portable USB storage as small as a few MB and as large as 500GB either as cards, pen drives or hard disks. The sizes , cost and power consumption keep decreasing while the capacity of the drives increase.  Unfortunately, on the Windows Operating Systems, these drives tend to get infected and many a time have been the source of infection for an unprotected system.

Most anti virus software install an entry in the context menu (right click), so you can  right click your device in My Computer and click on “scan with xyz” anti virus software. Fortunately for us  the mode of infection here is simple -it makes use of  a legitimate Windows function -the autorun function which enables media to automatically run selected software on device/media insertion. It basically consists of an autorun.inf text file. This tells Windows what program to run, where it is located on the media and optionally specifies an icon which is shown against the device in My Computer.

Usually, in this case, the virus/trojan/malware is deployed by running its deployer using the autorun feature. Of course once a competent and updated anti virus software detects it, it will either quarantine or delete it depending on your input. What happens next is that you are left with an autorun.inf file pointing to a non existent file as the antivirus does not delete the autorun.inf file assuming that it is a system file and therefore not a threat.

The consequence?  Every time you click on the drive in My Computer, Windows processes the autorun.inf file and not finding the target file (which your anti virus deleted/quarantined) it either shows you an error dialog or opens the “open file with” box. The logical solution would be to delete the autorun.inf file which although seems easy enough to do, (which it is when it is used normally) is almost impossible in this situation. The virus/trojan/malware not only marks the file read only and hidden but also marks it as a system file thus causing stupid Windows to protect it!

The easiest way out is to use the attrib command at the command prompt to reset the readonly, system and hidden attributes and then delete the file. Here is how you do it.

Click on Start > Run and type cmd and click OK. Change over to the root directory of your portable storage device by typing in the drive letter followed by a colon (:) – in this case the commands to delete the autorun.inf file from a pen drive g: from the command prompt would be…

• g:
• cd\ (In case it is not at the root directory)
• 
• attrib -s -h -r autorun.inf
• del autorun.inf

Or you could make your own batch file for automatically cleaning your drive. In this example E: is the letter assigned to the pen drive as shown in My Computer. Replace E with whatever the drive letter is for your pen drive.

Open Notepad and type in the following:

echo off
cls
E:
cd \

Click on save. Give it a name, say autoclean.bat (It is important to enter the .bat at the end of the file name)

Double clicking the batch file should be sufficient to delete  the autorun.inf file.

I use a variation of the file as I work on different computers and people bring me their drives to sort out. Here it is.

echo off
cls
%1:
cd \
attrib -s -h -r autorun.inf
del autorun.inf
echo done cleaning

I run the file this way autoclean f (where F: is the current drive letter)

This is easier when drive letters keep changing.

Eject your media safely and re-insert it. It should now open normally in My Computer

Comment on this post

If you would like to make a comment, please fill out the form below.