Tuesday, December 23, 2008

Resolving the newfolder.exe virus

Two days back my PC got affected by this virus very badly as it eat up all my empty hard disk space of around 700 MB.

This virus is know popularly as regsvr.exe virus, or as new folder.exe virus and most people identify this one by seeing autorun.inf file on their pen drives. It is spreading mostly using pen drives as the medium.

So I will tell you that how to remove this virus manually.

I prefer manual process simply because it gives me option to learn new things in the process.
  • Search for autorun.inf file. It is a read only file so you will have to change it to normal by right clicking the file , selecting the properties and un-check the read only option.
  • Open the file in notepad and delete everything and save the file.
  • Now change the file status back to read only mode so that the virus could not get access again.
  • Click start->run and type msconfig and click ok
  • Go to startup tab look for regsvr and uncheck the option click OK.
  • Click on Exit without Restart.
  • Now go to control panel -> scheduled tasks, and delete the At1 task.
  • Click on start -> run and type gpedit.msc and click Ok.
  • Go to users configuration->Administrative templates->system Find “prevent access to registry editing tools” and change the option to disable.
  • Once you do this you have registry access back.
  • Click on start->run and type regedit and click ok
  • Go to edit->find and start the search for regsvr.exe,
  • Delete all the occurrence of regsvr.exe; remember to take a backup before deleting.
  • Don't delete the regsvr32.exe.
  • Delete regsvr.exe occurrences only.
  • At one or two places you will find it after explorer.exe in theses cases only delete the regsvr.exe part and not the whole part. E.g. Shell = “Explorer.exe regsvr.exe” the just delete the regsvr.exe and leave the explorer.exe
  • Click on start->search->for files and folders. Their click all files and folders Type “*.exe” as filename to search for
  • Click on ‘when was it modified ‘ option and select the specify date option Type from date as 10/16/2008 and also type To date as 10/16/2008
  • Now hit search and wait for all the exe’s to show up.
  • Once search is over select all the exe files and shift+delete the files, caution must be taken so that you don’t delete the legitimate exe file.
  • Also find and delete regsvr.exe, svchost .exe
Now reboot your PC.


Source for this post:
http://amiworks.co.in/talk/how-to-remove-new-folderexe-or-regsvrexr-or-autoruninf-virus/
Posted by Novice-Techies at 7:38 AM
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
Computers Add to Technorati Favorites Programming Blogs - BlogCatalog Blog Directory