How to remove COLD Folder and auTORUN.inf" on usb drive root

How to remove COLD Folder and auTORUN.inf" on usb drive root

Try:
Start/Run/Regedit
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Delete the Raidhost.exe

Browse to C:\Windows\Raidhost.exe - Rename this to Raidhost.old (may be necessary to do this from safe mode. Reboot the computer and you should be done. I would recommend formatting the infected thumb drive before you do the above steps and pull it out before it has time to recreate the cold/Hott folder.

*******************************

I have developed an antivirus tool to remove this idiot virus program at my lab. Please remove it as soon as possiblel because it steals and send your details to a server located in US and it downloads another trojans from above server. use following link to see more details on that virus and download free removal tool for it
Link : http://it.web44.net/VirusDetails/raidhost.exe_Recover_Report.html

more details from our labs.
raidhost.exe (CRC32 : D8AB4DA6) is a backdoor virus. It supports to create a bot net. raidhost.exe is the parent virus. when it is executed it downloads other viruses from its master servers. In Imago labs we detected the servers are 64.131.83.170 on port 80 and 216.17.104.155 on port 51987. It downloads a malcious file dl.exe from above servers and executes it. Then dl.exe download another malcious file update.exe .

"Raidhost" use autorun.inf to propagate himself. It creates a system folder called cold. Inside cold directory it creates a system folder hott which appears as a recycle bin.then it copies its clone (¥¶¾³¿¸¤£ù²¯².exe and ¥¶¾³¿¸¤£ù²¯² ) into hott directory.

raidhost.exe resides in %system drive% \ Windows. dl.exe and update.exe resides on the root of the system drive.

Thank you,
Imago Labs(Sri Lanka)

thank