How to Get Rid of the Autorun.inf Worm using the Command-line
In the event that the infection is a particularly tricky one to permanently remove, it is best to use the command line interface to remove it.
First, it is important to disable the autorun feature altogether. After plugging in the device, a notification window appears asking the user for the next action to perform. Click on ‘Cancel’ to dispose of the window.
Then navigate to the command prompt of the computer, either by typing ‘cmd’ in the Run command box, or using the Search function for newer versions of Windows.
Once the black window is open, navigate to the root directory of the USB storage device. For example, if the USB drive is denoted by the letter G, and the main drive is C, then the instruction would look like this:
Usually, malware files are hidden or archived which makes them more difficult to spot and remove. Therefore the next step is to change all the file attributes to visible, non-archived, non-system and read-write access:
F:\ attrib –r –a –s –h *.*
(Note: The notation “*.*" means that the command applies to all files with all extensions – essentially all the files on the drive.)
To view all the files on the drive, use the directory command:
The displayed list may have a number of visible infections, like svchost.exe or Ravmon.exe. These files can now be deleted. As mentioned before, to get rid of the Autorun.inf worm permanently, it is important to delete all the malware files on the drive, as the file could be recreated.