How to Correct Win32.Autorun TMP

Reboot the computer and hold “F8” while it is reloading. This displays Advanced Boot Options.

Select the fourth option, which is “Safe Mode with Command Prompt” and press “Enter.” Windows loads into a full screen prompt. Type “Start Regedit.exe” and press “Enter” to start Registry Editor.

Expand “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon” on the left window by clicking each item in the path.

Double-click “Taskman” on the right window. This opens a string value in a dialog window. Locate the name of the executable at the end of the line. The following is an example of what this string typically looks like:

“%appdatadir%\5kstzaw.exe”

Minimize the Registry Editor. Type "DEL %appdata%\name.exe /F," and press “Enter.” Type DEL %systemdrive%\name.exe /F and press “Enter.” Replace “Name.exe” with the executable name listed in the “Taskman” string.

Press “Alt-Tab” to maximize the Registry Editor. Right-click the “Taskman” string, and click “Delete.” Click “Yes” to confirm.

Type “Start Msconfig.exe,” and press “Enter.” This loads System Configuration. Select the “Startup” tab, and look for the same executable name in the startup list. If there, click to deselect the entry. Click “Apply” and close. This takes you back to the prompt.

Type "DEL %systemdrive%\autorun.inf /F," and press “Enter.” Type DEL %Temp%\*.* and press “Enter.” Press “Y” on the confirmation.

Type “Shutdown /R,” and press “Enter.” Click the “Close” button on the Shutdown confirmation. Windows will now restart in normal operating mode. While this particular worm is now deleted, you should still run your security applications to scan for other malware.