Now many of us might not know what actually the NewFolder.exe virus is a Generic Win32 Trojan Virus which has the ability to replicate into folders by creating a folder with the same name in the folder itself. This virus has its icon same that of new folder so very difficult to track it too , now here?s the trick to remove this virus
a. Search for autorun.inf file. It is a read only file so you will have to change it to normal by right clicking the file , selecting the properties and un-check the read only option
b. Open the file in notepad and delete everything and save the file.
c. Now change the file status back to read only mode so that the virus could not get access again.
d. Click start? run and type msconfig and click ok
e. Go to startup tab look for regsvr and uncheck the option click OK.
f. Click on Exit without Restart, cause there are still few things we need to do before we can restart the PC.
g. Now go to control panel -> scheduled tasks, and delete the At1 task listed their.
h. Click on start -> run and type gpedit.msc and click Ok.
i. If you are Windows XP Home Edition user you might not have gpedit.msc in that case download and install it from Windows XP Home Edition: gpedit.msc(link give) and then follow these steps.
j. Go to users configuration?Administrative templates?system
k. Find “prevent access to registry editing tools” and change the option to disable.
l. Once you do this you have registry access back.
Click on start?run and type regedit and click ok
m. Go to edit?find and start the search for regsvr.exe
n. Delete all the occurrence of regsvr.exe; remember to take a backup before deleting. KEEP IN MIND regsvr32.exe is not to be deleted. Delete regsvr.exe occurrences only.
o. At one are two places you will find it after explorer.exe in these cases only delete the regsvr.exe part and not the whole part. E.g. Shell = “Explorer.exe regsvr.exe” the just delete the regsvr.exe and leave the explorer.exe
p. Click on start?search?for files and folders.
q. Their click all files and folders
r. Type “*.exe” as filename to search for
s. Click on „when was it modified „ option and select the specify date option
t. Type from date as 1/31/2013 and also type To date as 1/31/2013
u. Now hit search and wait for all the exe?s to show up.
v. Once search is over select all the exe files and shift+delete the files, caution must be taken so that you don?t delete the legitimate exe file that you have installed on 31st January.
w. Also selecting lot of files together might make your computer unresponsive so delete them in small bunches.
x. Also find and delete regsvr.exe, svchost .exe( notice an extra space between the svchost and .exe)
Now do a cold reboot (i.e. press the reboot button instead) and you are done.
Now for the newfolder.exe virus, this is the best suited method win7 and xp users go to the SEARCH windows and search “*.exe” this will show all .exe files and see for newfolder.exe and there you go all the F***n viruses are out now simple CTRL+A then SHIFT+DELETE and you are done but don?t forget to include the non indexed locations, system files and hidden files and folders. I don?t have the virus so could not search it but see the date and size of the application carefully....
p.s:- there is a trojan that copies movies name to executable files for example movie name is terminator and the trojanwill make a copy of it named "terminator.exe".!!! it can also happen with music files so i advice you to install an antivirus like ESETNOD32(download here)),MICROSOFT SECURITY ESSENTIALS(its free and really a good antivirus program)(download here)...
For Downloading skip the ad on the top right of the browser.....
a. Search for autorun.inf file. It is a read only file so you will have to change it to normal by right clicking the file , selecting the properties and un-check the read only option
b. Open the file in notepad and delete everything and save the file.
c. Now change the file status back to read only mode so that the virus could not get access again.
d. Click start? run and type msconfig and click ok
e. Go to startup tab look for regsvr and uncheck the option click OK.
f. Click on Exit without Restart, cause there are still few things we need to do before we can restart the PC.
g. Now go to control panel -> scheduled tasks, and delete the At1 task listed their.
h. Click on start -> run and type gpedit.msc and click Ok.
i. If you are Windows XP Home Edition user you might not have gpedit.msc in that case download and install it from Windows XP Home Edition: gpedit.msc(link give) and then follow these steps.
j. Go to users configuration?Administrative templates?system
k. Find “prevent access to registry editing tools” and change the option to disable.
l. Once you do this you have registry access back.
Click on start?run and type regedit and click ok
m. Go to edit?find and start the search for regsvr.exe
n. Delete all the occurrence of regsvr.exe; remember to take a backup before deleting. KEEP IN MIND regsvr32.exe is not to be deleted. Delete regsvr.exe occurrences only.
o. At one are two places you will find it after explorer.exe in these cases only delete the regsvr.exe part and not the whole part. E.g. Shell = “Explorer.exe regsvr.exe” the just delete the regsvr.exe and leave the explorer.exe
p. Click on start?search?for files and folders.
q. Their click all files and folders
r. Type “*.exe” as filename to search for
s. Click on „when was it modified „ option and select the specify date option
t. Type from date as 1/31/2013 and also type To date as 1/31/2013
u. Now hit search and wait for all the exe?s to show up.
v. Once search is over select all the exe files and shift+delete the files, caution must be taken so that you don?t delete the legitimate exe file that you have installed on 31st January.
w. Also selecting lot of files together might make your computer unresponsive so delete them in small bunches.
x. Also find and delete regsvr.exe, svchost .exe( notice an extra space between the svchost and .exe)
Now do a cold reboot (i.e. press the reboot button instead) and you are done.
Now for the newfolder.exe virus, this is the best suited method win7 and xp users go to the SEARCH windows and search “*.exe” this will show all .exe files and see for newfolder.exe and there you go all the F***n viruses are out now simple CTRL+A then SHIFT+DELETE and you are done but don?t forget to include the non indexed locations, system files and hidden files and folders. I don?t have the virus so could not search it but see the date and size of the application carefully....
p.s:- there is a trojan that copies movies name to executable files for example movie name is terminator and the trojanwill make a copy of it named "terminator.exe".!!! it can also happen with music files so i advice you to install an antivirus like ESETNOD32(download here)),MICROSOFT SECURITY ESSENTIALS(its free and really a good antivirus program)(download here)...
For Downloading skip the ad on the top right of the browser.....
0 comments:
Post a Comment