1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: autorunme.exe manual removal of virus or SERVCE.EXE removal

Discussion in 'General Security' started by guruganes, Oct 14, 2009.

Thread Status:
Not open for further replies.
  1. guruganes

    guruganes Thread Starter

    Oct 14, 2009
    Hi Guys,
    Recently I have gone through a serious virus which is not catchable by updated anti-virus symantec 14 october 2009.
    When i put my pendrive, the system shows autorun.inf deleted. But the underlying virus,
    autorunme.exe exists in location Drive:/RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe.

    Even I delete this virus, this gets automatically generated by itself or recreates itself.
    autorunme.exe is not the actual virus, but it is just a duplicate.

    Then actual underlying virus which triggers autorunme.exe is SERVCE.EXE
    Note SERVCE.EXE is not service.exe or services.exe. It is new named SERVCE.EXE

    Manual removal autorunme.exe process:
    After connecting your pendrives, when it shows the file RECYCLER in hidden state,Open your task manager and end the process SERVCE.EXE

    Now delete the entries Drive:/RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe , Drive:/RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\desktop.ini and Drive:/autorun.inf.
    They will not recreate now.

    Then open C:/WINDOWS and find SERVCE.EXE and to be on safe side just make a local copy of file to some other place and delete SERVCE.EXE

    Now even if you restart your computer, since SERVCE.EXE is not running at start up of system, the system is safe and manual removal of virus is complete.

    SERVCE.EXE is the actual culprit. http://static.techguy.org/smilies/biggrin.gif
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/868448

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice