Detailly removing folder inside folder virus

Removing folder inside virus

Manual Process of removal


I prefer manual process simply because it gives me option to learn new things in the process.

So let’s start the process off reclaiming the turf that virus took over from us.

1. Cut The Supply Line
1. Search for autorun.inf file. It is a read only file so you will have to change it to normal by right clicking the file , selecting the properties and un-check the read only option
2. Open the file in notepad and delete everything and save the file.
3. Now change the file status back to read only mode so that the virus could not get access again.
4. Autorun INF: cutting the supply line
5. Click start->run and type msconfig and click ok
6. Go to startup tab look for regsvr and uncheck the option click OK.
7. Click on Exit without Restart, cause there are still few things we need to do before we can restart the PC.
8. Now go to control panel -> scheduled tasks, and delete the At1 task listed their.
2. Open The Gates Of Castle
1. Click on start -> run and type gpedit.msc and click Ok.
2. Opening the gate of castle: starting the gepedit or msconfig
3. If you are Windows XP Home Edition user you might not have gpedit.msc in that case download and install it from Windows XP Home Edition: gpedit.msc and then follow these steps.
4. Go to users configuration->Administrative templates->system
5. Find “prevent access to registry editing tools” and change the option to disable.
6. Opening the gate of castle: Group Edit Policies
7. Once you do this you have registry access back.
3. Launch The Attack At Heart Of Castle
1. Click on start->run and type regedit and click ok
2. Go to edit->find and start the search for regsvr.exe,
3. Launch the attack in the heart of castle: registry search
4. Delete all the occurrence of regsvr.exe; remember to take a backup before deleting. KEEP IN MIND regsvr32.exe is not to be deleted. Delete regsvr.exe occurrences only.
5. At one ore two places you will find it after explorer.exe in theses cases only delete the regsvr.exe part and not the whole part. E.g. Shell = “Explorer.exe regsvr.exe” the just delete the regsvr.exe and leave the explorer.exe
4. Seek And Destroy the enemy soldiers, no one should be left behind
1. Click on start->search->for files and folders.
2. Their click all files and folders
3. Type “*.exe” as filename to search for
4. Click on ‘when was it modified ‘ option and select the specify date option
5. Type from date as 1/31/2008 and also type To date as 1/31/2008
6. Seek and destory enemy soldiers: the search option
7. Now hit search and wait for all the exe’s to show up.
8. Once search is over select all the exe files and shift+delete the files, caution must be taken so that you don’t delete the legitimate exe file that you have installed on 31st January.
9. Also selecting lot of files together might make your computer unresponsive so delete them in small bunches.
10. Also find and delete regsvr.exe, svchost .exe( notice an extra space between the svchost and .exe)
5. Time For Celebrations
1. Now do a cold reboot (ie press the reboot button instead) and you are done

Read more »

Posted in: Remove Virus

How to remove the Orkut virus

" Orkut is Banned "

Trying to open orkut on your PC ?? Is your PC giving you a popup message " Orkut is banned you fool , the administrators didn't write the program .. guess who ?? Muhahahah ... " . Irritiated by this ?? Some of my reader has got this problem and he sent me a message asking for help . Here is the solution :

About the virus :

The name of the virus is W32/AHKHeap , It basically creates a folder with the name heap41a in C drive that will be disguised as system folder with hidden attributes enabled and copies all its contents in that heap41a folder.The running process that is responsible for this is svchost.exe and it will be spawned under user name.The virus will even make a entry into your registry so that it can run every time the system is started . This spreads mostly through pen drives .

How to get Rid of this :

Most of the antivirus leave this virus unnoticed . I personally tried 3-4 antivirus on this . None of them detected it. So you have to remove it manually .

• Go to your task manager by pressing ctrl + alt + del .In that go to processes tab .
• In that look for svchost.exe . You might find more than one of them . In that look for those who have user name as your login name of computer and end those processes .
• Now open My ComputerIn the address bar, type C:\heap41a and hit enter. It is a hidden folder, and is not visible by default.Delete all the files in this folder .
• Now go to Start –> Run and type Regedit , Go to the menu Edit –> FindType “heap41a” here and press enter. You will get something like this “[winlogon] C:\heap41a\svchost.exe C:\heap(some number)\std.txt”Select that and Press DEL. It will ask “Are you sure you want to delete this value”, click Yes. Now close the registry editor and you are done .

Precaution :

Before inserting any kinda pen drive in your pc , just delte the autorun.inf file in it and delete any .exe files that exist in it

Read more »

Posted in: Remove Virus