Tuesday, November 16, 2010

How to manually remove virus which generates folder.exe

Step: 1

  • Search for autorun.inf file. It is a read only file so you will have to change it to normal by right clicking the file, selecting the properties and un-check the read only option.
  • Open the file in notepad and delete everything and save the file.
  • Now change the file status back to read only mode so that the virus could not get access again.
  • Click start->run and type msconfig and click ok
  • Go to startup tab look for regsvr and uncheck the option click OK.
  • Click on Exit without Restart, because there are still few things we need to do before      
  • We can restart the PC.
  • Now go to control panel -> scheduled tasks, and delete the At1 task listed there.

Step: 2

  • Click on start -> run and type gpedit.msc and click Ok.
  • If you are Windows XP Home Edition user you might not have gpedit.msc in that case
  • download and install it from Windows XP Home Edition: gpedit.msc and then follow
  • These steps.
  • Go to users configuration->Administrative templates->system
  • Find “prevent access to registry editing tools” and change the option to disable.
  • Once you do this you have registry access back.

Step: 3

  • Click on start->run and type regedit and click ok
  • Go to edit->find and start the search for regsvr.exe,
  • Delete all the occurrence of regsvr.exe; remember to take a backup before deleting.
  • KEEP IN MIND regsvr32.exe is not to be deleted. Delete regsvr.exe occurrences only.
  • At one or two places you will find it after explorer.exe in these cases only deletes the
  • Regsvr.exe part and not the whole part. E.g. Shell=“Explorer.exe regsvr.exe” the just delete the regsvr.exe and leave the explorer.exe

Step: 4

  • Click on start->search->for files and folders.
  • Their click all files and folders
  • Type “*.exe” as filename to search for
  • Click on ‘when was it modified ‘ option and select the specify date option
  • Type from date as 1/31/2008 and also type To date as 1/31/2008
  • Now hit search and wait for all the exe’s to show up.
  • Once search is over select all the exe files and shift+delete the files, caution must be taken so that you don’t delete the legitimate exe file that you have installed on 31st January.
  • Also selecting lot of files together might make your computer unresponsive so delete them in small bunches.
  • Also find and delete regsvr.exe, svchost .exe( notice an extra space between the svchost and .exe)


Now do a cold reboot (i.e. press the reboot button instead) and you are done.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)