Symptoms :
This is a popularly known virus of personal computer users it is name as regsvr.exe or new folder.exe and is identify by most people as autorun.inf but trend micro identified it as worm delf.fkz It spread mostly by using pendrive or flashdrive, it spread very fast by just inserting the flashdrive having this virus to the system. This are not so danger but uses free space of the hard drive by making folder without any content.
This is a popularly known virus of personal computer users it is name as regsvr.exe or new folder.exe and is identify by most people as autorun.inf but trend micro identified it as worm delf.fkz It spread mostly by using pendrive or flashdrive, it spread very fast by just inserting the flashdrive having this virus to the system. This are not so danger but uses free space of the hard drive by making folder without any content.
The contents give list of "shortcuts" that should not be there, such as My Documents, My Pictures, etc. It does not allow Folders or Hard disk Drive to open by double-click or by right click and clicking open do nothing. This can be only open by right clicking and then explore
How to KILL these Viruses manually
Step 1.
* Search autorun.inf file. It is a read only file and have to be change to normal
to state in order to edit by right clicking the file , select the properties and
un-check the read only option
* Open the file in notepad, select all the content and delete everything and then
save the file.
* Now change the file back to read only mode so that the virus could not get
access again.
* Search autorun.inf file. It is a read only file and have to be change to normal
to state in order to edit by right clicking the file , select the properties and
un-check the read only option
* Open the file in notepad, select all the content and delete everything and then
save the file.
* Now change the file back to read only mode so that the virus could not get
access again.
Step 2.
* Click start then run
* In the box type msconfig and press enter or click ok
* Go to startup tab and look for regsvr and uncheck the option then click OK
* Click Exit without Restart, because there are few things to done before PC can
be restarted.
* Now go to control panel and scheduled tasks, and delete the At1 task listed
there.
* Click start then run
* In the box type msconfig and press enter or click ok
* Go to startup tab and look for regsvr and uncheck the option then click OK
* Click Exit without Restart, because there are few things to done before PC can
be restarted.
* Now go to control panel and scheduled tasks, and delete the At1 task listed
there.
Step 3.
* Click start then run
* in the box type gpedit.msc and press enter or click Ok.
* Go to users configuration then Administrative template sand then system
* Find “prevent access to registry editing tools”, change the option to disable.
* Once you do this you have registry access back.
* Click start then run
* in the box type gpedit.msc and press enter or click Ok.
* Go to users configuration then Administrative template sand then system
* Find “prevent access to registry editing tools”, change the option to disable.
* Once you do this you have registry access back.
Step 4.
* Click start then run
* in the box type regedit and press enter or click ok
* Go to edit then find and start the search for regsvr.exe.
* Delete all regsvr.exe found but remember to take a backup before deleting.
(Keep in mind that regsvr32.exe is not to be deleted).
* in some place it is found after explorer.exe and in theses cases only the
regsvr.exe should be deleted and the explorer.exe should be kept.
* Click start then run
* in the box type regedit and press enter or click ok
* Go to edit then find and start the search for regsvr.exe.
* Delete all regsvr.exe found but remember to take a backup before deleting.
(Keep in mind that regsvr32.exe is not to be deleted).
* in some place it is found after explorer.exe and in theses cases only the
regsvr.exe should be deleted and the explorer.exe should be kept.
Step 5.
* Click start then search and click on files and folders.
* Click all files and folders
* Type “*.exe” as filename to search
* Click on ‘when was it modified’ option and select the specify date option (here
the date has to be enter when the pc runs without this problem to the current
date).
* Click search and wait for all the exe’s to be displayed.
* Once search is over select all the exe files and press shift+delete to delete the
files, (the legitimate exe file that was in the beginning state when the pc runs
should not be deleted)
* In the same way search all regsvr.exe, svchost .exe and delete it.
* Its time to relax and restart the PC.
* Click start then search and click on files and folders.
* Click all files and folders
* Type “*.exe” as filename to search
* Click on ‘when was it modified’ option and select the specify date option (here
the date has to be enter when the pc runs without this problem to the current
date).
* Click search and wait for all the exe’s to be displayed.
* Once search is over select all the exe files and press shift+delete to delete the
files, (the legitimate exe file that was in the beginning state when the pc runs
should not be deleted)
* In the same way search all regsvr.exe, svchost .exe and delete it.
* Its time to relax and restart the PC.
Note that It it most recommended to use USB Disk Security software so that it scans the flashdrive for these threats as soon and it is inserted in the Computer, this software can be downloaded HERE or HERE.
Another option is that one can use Autorun Removal Software by downloading from these SITE.
No comments:
Post a Comment