Well the most common and notorious virus in recent time is the Newfolder.exe and regsvr.exe virus which spreads mainly by pen drives.
The main features of the newfolder.exe virus are:
1) Creates file NewFolder.exe in each directory
2) Blocks Folder options/Regedit and TASK MANAGER.
And the most surprising part is most of the Antivirus are unable to detect it.
Well here are the steps how to remove this virus:
1) Open Autorun.inf located in the root of each partition on Harddisk.
Like C:Autorun.inf
2) It is a read only file so you will have to change it to normal by right clicking the file , selecting the properties and uncheck the read only option. Open the file in notepad and delete everything and save the file. Now change the file status back to read only mode so that the virus could not get access again.
3) Start start->run and type msconfig.
4) Go to startup tab look for regsvr and uncheck the option click OK.
5) Click on Exit without Restart
6) Goto control panel-> scheduled tasks, and remove all the visible tasks (most likely At1).
Getting back regsitry Access
1) Start->run and type gpedit.msc
2) User confiuration->Administrative templates->System->Find “prevent access to registry editing tools” and change the option to disable.
3) Once you do this you have registry access back.
Removing the Virus
1) Start->run-> type regedit
2) Edit->find-> SEARCH regsver.exe
3) Delete all the occurrence of regsvr.exe;Dont delete regsvr32.exe
4) At one ore two places you will find it after explorer.exe in theses cases only delete the regsvr.exe part and not the whole part. E.g. Shell = “Explorer.exe regsvr.exe” the just delete the regsvr.exe and leave the explorer.exe
Removing the traces
1) Start->search-> files or folders-> and search for *.exe
2) Size <1mb
3) Delete all the files with same size(573kb in my case)
The main features of the newfolder.exe virus are:
1) Creates file NewFolder.exe in each directory
2) Blocks Folder options/Regedit and TASK MANAGER.
And the most surprising part is most of the Antivirus are unable to detect it.
Well here are the steps how to remove this virus:
1) Open Autorun.inf located in the root of each partition on Harddisk.
Like C:Autorun.inf
2) It is a read only file so you will have to change it to normal by right clicking the file , selecting the properties and uncheck the read only option. Open the file in notepad and delete everything and save the file. Now change the file status back to read only mode so that the virus could not get access again.
3) Start start->run and type msconfig.
4) Go to startup tab look for regsvr and uncheck the option click OK.
5) Click on Exit without Restart
6) Goto control panel-> scheduled tasks, and remove all the visible tasks (most likely At1).
Getting back regsitry Access
1) Start->run and type gpedit.msc
2) User confiuration->Administrative templates->System->Find “prevent access to registry editing tools” and change the option to disable.
Removing the Virus
1) Start->run-> type regedit
2) Edit->find-> SEARCH regsver.exe
4) At one ore two places you will find it after explorer.exe in theses cases only delete the regsvr.exe part and not the whole part. E.g. Shell = “Explorer.exe regsvr.exe” the just delete the regsvr.exe and leave the explorer.exe
Removing the traces
1) Start->search-> files or folders-> and search for *.exe
2) Size <1mb
3) Delete all the files with same size(573kb in my case)
0 comments:
Post a Comment