Location main file:
* C:\Windows
* C:\Documents and Settings\All Users\Start Menu\Programs\Startup
File Virus:
* icon = Folder
* type = Application
* size = 198 kb
* Extensions = EXE or SCR if in FlashDisk
and virus tati will be create registry value:
* HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9bc849ac-6d5f-11dc-b18f-00016ccdd524}\Shell\AutoRun\command
Default = tati.exe
* HKEY_USERS\S-1-5-21-527237240-2052111302-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9bc849ac-6d5f-11dc-b18f-00016ccdd524}\Shell\AutoRun\command
Default = tati.exe
Cleaning step Trojan:W32/Autorun.AQK
1. Disable “system restore”, if your OS Windows XP,use Safe Mode(recommendation)
2. Kill process tati.exe (ico Folder). you can download this tool
http://download.sysinternals.com/Files/ProcessExplorer.zip
3. Search and delete file Tati.exe in directory
>> C:\Windows
>> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
4. Search and delete file duplicate in tour flashdisk
5. Open [Windows Explorer]
6. Click menu Tools - Folder Options - View
7. On folder [Hidden files and folders], uncheck [Hide extensions for known file types] and
Hide protected operating system files (recommended)
# Click [Ok]
# To search file virus open Windows Explorer,then Right-Click your FlashDisk and Click “Search...”
# on column “All or part of the file name” write (*.SCR)
# Click “What size is it”, and select “Specify size (in KB)
# Select “at most” wrte it “198”
# Click “More Advanced option" and select
1 Searh system folders
2 Search hidden files and folders
3 Search subfolders
# and click commandl “Search” to start searching file
# Delete file :
ico = Folder
type = Application
Extensions = EXE or SCR
size = 198 kb
# To show all file hidden and super hidden
# Click menu Run write CMD and write ATTRIB –s –h /s /d -->> enter
0 Comments