I visited to check a virus infected computer. They removed virus with help of Anti Viral software before I reached there but they had troubled opening Hard drive on Double click. They could easily open Hard drive with help of Right click option but Double click couldn't work there. I have just found some solution on this trouble and maybe it works with same.
Well, in normal situation when you hit Double click on Hard drive (or its partition) then it opens but, in this kind of situation it prompts you "Open With" dialog box and ask you to "Choose the program you want to use to open this file".
It happens because of when autorun.vbs is created by Trojan or Virus or Worm. They normally load an autorun.inf file into root folder of all hard drive, and then execute autorun.bat file which contains script to apply and merge autorun.reg into the registry, with possible change to the following registry key.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT \CurrentVersion\Winlogon]
Userinit=userinit.exe,autorun.exe
Where autorun.bat will call wscript.exe to run autorun.vbs. Above key loads at the time of Windows Start.
When Anti Viral software detected the autorun.vbs file as infected, the file will be deleted or removed or quarantined. However, other files (autorun.*) and registry value still referring to autorun.vbs, and this document no longer exists, hence the error when users double click to open a drive folder.
Solution:
Run Task Manager (Ctrl-Alt-Del or right click on Taskbar)
Stop wscript.exe process if available by highlighting the process name and clicking End Process.
Then terminate explorer.exe process.
In Task Manager, click on File -> New Task (Run…).
Type “cmd” (without quotes) into the Open text box and click OK.
Type the following command one by one followed by hitting Enter key:
del c:\autorun.* /f /s /q /a
del d:\autorun.* /f /s /q /a
del e:\autorun.* /f /s /q /a
In Task Manager, click on File -> New Task (Run…).
Type “regedit” (without quotes) into the Open text box and click OK.
Navigate to the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\ CurrentVersion\Winlogon
Check if the value name and value data for the key is correct (the value data of userint.exe include the path which may be different than C drive, which is also valid, note also the comma which is also needed:
“Userinit”=“C:\WINDOWS\system32\userinit.exe,”
If the value is incorrect, modify it with help of following registry merger code. Just type or copy-paste following text in Notepad and save it with .reg extension then simply run it.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT \CurrentVersion\Winlogon]
“Userinit”=“C:\\WINDOWS\\system32\\userinit.exe,”
Well, in normal situation when you hit Double click on Hard drive (or its partition) then it opens but, in this kind of situation it prompts you "Open With" dialog box and ask you to "Choose the program you want to use to open this file".
It happens because of when autorun.vbs is created by Trojan or Virus or Worm. They normally load an autorun.inf file into root folder of all hard drive, and then execute autorun.bat file which contains script to apply and merge autorun.reg into the registry, with possible change to the following registry key.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT \CurrentVersion\Winlogon]
Userinit=userinit.exe,autorun.exe
Where autorun.bat will call wscript.exe to run autorun.vbs. Above key loads at the time of Windows Start.
When Anti Viral software detected the autorun.vbs file as infected, the file will be deleted or removed or quarantined. However, other files (autorun.*) and registry value still referring to autorun.vbs, and this document no longer exists, hence the error when users double click to open a drive folder.
Solution:
Run Task Manager (Ctrl-Alt-Del or right click on Taskbar)
Stop wscript.exe process if available by highlighting the process name and clicking End Process.
Then terminate explorer.exe process.
In Task Manager, click on File -> New Task (Run…).
Type “cmd” (without quotes) into the Open text box and click OK.
Type the following command one by one followed by hitting Enter key:
del c:\autorun.* /f /s /q /a
del d:\autorun.* /f /s /q /a
del e:\autorun.* /f /s /q /a
In Task Manager, click on File -> New Task (Run…).
Type “regedit” (without quotes) into the Open text box and click OK.
Navigate to the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\ CurrentVersion\Winlogon
Check if the value name and value data for the key is correct (the value data of userint.exe include the path which may be different than C drive, which is also valid, note also the comma which is also needed:
“Userinit”=“C:\WINDOWS\system32\userinit.exe,”
If the value is incorrect, modify it with help of following registry merger code. Just type or copy-paste following text in Notepad and save it with .reg extension then simply run it.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT \CurrentVersion\Winlogon]
“Userinit”=“C:\\WINDOWS\\system32\\userinit.exe,”
2 comments:
Thank you,, was looking for a solution !! lets hope it works...
Thank you so much for this.... works like a charmmm ..
Post a Comment