Tuesday, August 12, 2008

VIRUS SOLUTION: Nhatquanglan.exe, New Folder.exe

Virus Details

Names:

Nhatquanglan.exe
New Folder.exe
SCVHSOT.exe
SCVSHOSTS.exe
SVCCHSOT.exe
SVCCHOST.exe

Size: Around 194 KB - 196 KB depending on each version

Processes commonly running:

Nhatquanglan.exe
Nhatquanglan.exe
SVCHSOT.exe
SCVHSOT.exe
New Folder.exe

Icon: Folder (actually an exe)

You have the Virus if you have any one of the below symptoms

  • There is a folder X inside every folder X.
  • There is a folder called New Folder.exe
  • Nhatquanglan.exe shows up on task-manager (before it gets blocked)
  • Task-Manager is Blocked
  • Regedit is blocked
  • Folder options is blocked
  • msconfig is blocked
  • A startup item called "Yahoo Messengger" is present (note the two 'g' s)

Virus Removal Steps:

Enable Task-Manager, Regedit access by the first post, else run these registry entries to get them back temporarily.
Download TuneUp Utilities and follow the standard three steps:

1. Kill Process (Use Tune-up task-manager if Task-Manager is disabled)
2. Remove from File System (You can use unlocker, if necessary)
3. Remove registry Entries (Use Tune-up Registry editor if regedit is disabled)


Technicalities:

The Following .BAT code is again a repetition of what's said above, the three steps


You can either copy this code, save it as virusRemover.BAT or download it from here
Run this (Double-Click) this in safe-mode. The steps are:
  1. Restart computer
  2. Keep pressing F8
  3. Choose one of the three Safe Mode options
  4. Login to your Account
  5. Double-Click on this file
  6. Once it is done, restart back normally
______________________________________________________

title Nhatquanglan.exe Removal
echo off
cls
echo MicrosoftPowerPoint.exe Removal
echo Killing Virus Processes...
pause
taskkill /IM "NewFolder.exe" /t /f
taskkill /IM "nhatquanglan.exe" /t /f
taskkill /IM "SVCHSOT.exe" /t /f
taskkill /IM "SCVHSOT.exe" /t /f
taskkill /IM "SVCSHOSTS.exe" /t /f
taskkill /IM "SVCCHOST.exe" /t /f
pause
echo Deleting Virus files from file-System...
pause
del "%windir%\SVCHSOT.exe" /f /a
del "%windir%\SCVHSOT.exe" /f /a
del "%windir%\system32\SVCHSOT.exe" /f /a
del "%windir%\system32\SCVHSOT.exe" /f /a
del "%windir%\system32\blastclnnn.exe" /f /a
del "C:\heap41a\*.*" /f /a
del "D:\heap41a\*.*" /f /a
del "E:\heap41a\*.*" /f /a
del "F:\heap41a\*.*" /f /a
del "C:\autorun.inf" /f /a
del "C:\MicrosoftPowerPoint.exe" /f /a
del "D:\autorun.inf" /f /a
del "D:\MicrosoftPowerPoint.exe" /f /a
del "E:\autorun.inf" /f /a
del "E:\MicrosoftPowerPoint.exe" /f /a
del "F:\autorun.inf" /f /a
del "F:\MicrosoftPowerPoint.exe" /f /a
echo Reverting Registry Entries...
echo Enabling Registry...
pause
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f
echo Enabling TaskManager...
pause
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f
echo Enabling Run...
pause
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRun /t REG_DWORD /d 0 /f
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v DisallowRun /t REG_DWORD /d 0 /f
echo Enabling Control Panel...
pause
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v NoDispCPL /t REG_DWORD /d 0 /f
echo Enabling Folder Options...
pause
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoFolderOptions /t REG_DWORD /d 0 /f
echo Enabling Hidden Files...
pause
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN /v CheckedValue /t REG_DWORD /d 2 /f
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN /v DefaultValue /t REG_DWORD /d 2 /f
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL /v CheckedValue /t REG_DWORD /d 1 /f
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL /v DefaultValue /t REG_DWORD /d 2 /f
echo Removing Autoruns...
pause
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run /f
reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run /f
reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Runonce /f
reg delete HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Runonce /f
echo Fixing Explorer Handles...
pause
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /t REG_SZ /d Explorer.exe /f
echo Finishing...
echo MicrosoftPowerPoint.exe Remover terminated successfully
pause
exit
______________________________________________________
Posted by at No comments:

VIRUS SOLUTION: MicrosoftPowerPoint.exe, Orkut Banned - Solution

Virus Details

Names:

heap41a
MicrosoftPowerPoint.exe
Orkut Banned virus
AutoHotKey

Size: Around 261 KB depending on each version

Processes commonly running:

Winlogons.exe
MsUpdate.exe

You have the Virus if you have any one of the below symptoms

  • There is a folder called Heap41a in C:\
  • You have a small "H" icon in green color that sits on your task-bar
  • Orkut is not working, messages like "muhuhahaha orkut is banned you fool" keep appearing
  • Mozilla and Internet Explorer opening messages similar to above
  • Folder options are not working, they never display the hidden files.
  • A file called "MicrosoftPowerPoint.exe" has infected your pendrive.
  • Autoruns are created and double-click on drive opens in a new window

Virus Removal Steps:

Enable Task-Manager, Regedit access by the first post, else run these registry entries to get them back temporarily.
Download TuneUp Utilities and follow the standard three steps:

1. Kill Process (Use Tune-up task-manager if Task-Manager is disabled)
2. Remove from File System (You can use unlocker, if necessary)
3. Remove registry Entries (Use Tune-up Registry editor if regedit is disabled)


Technicalities:

The Following .BAT code is again a repetition of what's said above, the three steps


You can either copy this code, save it as virusRemover.BAT or download it from here
Run this (Double-Click) this in safe-mode. The steps are:
  1. Restart computer
  2. Keep pressing F8
  3. Choose one of the three Safe Mode options
  4. Login to your Account
  5. Double-Click on this file
  6. Once it is done, restart back normally
______________________________________________________

title MicrosoftPowerPoint.exe Removal
echo off
cls
echo MicrosoftPowerPoint.exe Removal
echo Killing Virus Processes...
pause
taskkill /IM "MsUpdate.exe" /t /f
taskkill /IM "WinLogons.exe" /t /f
pause
echo Deleting Virus files from file-System...
pause
del "%userprofile%\Local Settings\TEMP\MSDATA" /f /a
del "%userprofile%\Local Setings\Temp\IXP000.TMP" /f /a
del "%windir%\system32\WinLogons.exe" /f /a
del "C:\heap41a\*.*" /f /a
del "D:\heap41a\*.*" /f /a
del "E:\heap41a\*.*" /f /a
del "F:\heap41a\*.*" /f /a
del "C:\autorun.inf" /f /a
del "C:\MicrosoftPowerPoint.exe" /f /a
del "D:\autorun.inf" /f /a
del "D:\MicrosoftPowerPoint.exe" /f /a
del "E:\autorun.inf" /f /a
del "E:\MicrosoftPowerPoint.exe" /f /a
del "F:\autorun.inf" /f /a
del "F:\MicrosoftPowerPoint.exe" /f /a
echo Reverting Registry Entries...
echo Enabling Registry...
pause
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f
echo Enabling TaskManager...
pause
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f
echo Enabling Run...
pause
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRun /t REG_DWORD /d 0 /f
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v DisallowRun /t REG_DWORD /d 0 /f
echo Enabling Control Panel...
pause
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v NoDispCPL /t REG_DWORD /d 0 /f
echo Enabling Folder Options...
pause
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoFolderOptions /t REG_DWORD /d 0 /f
echo Enabling Hidden Files...
pause
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN /v CheckedValue /t REG_DWORD /d 2 /f
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN /v DefaultValue /t REG_DWORD /d 2 /f
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL /v CheckedValue /t REG_DWORD /d 1 /f
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL /v DefaultValue /t REG_DWORD /d 2 /f
echo Removing Autoruns...
pause
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run /f
reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run /f
reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Runonce /f
reg delete HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Runonce /f
echo Fixing Explorer Handles...
pause
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /t REG_SZ /d Explorer.exe /f
echo Finishing...
echo MicrosoftPowerPoint.exe Remover terminated successfully
pause
exit
______________________________________________________
Posted by at No comments:
Labels: , , ,

Monday, August 11, 2008

VIRUS SOLUTION: Funny UST Scandal.avi.exe

Virus Details:

Name : Funny UST Scandal.avi.exe
SMSS.exe

Size: 224KB

Common Characteristics:
  • Task-Manager Blocked
  • CMD Blocked
  • Regedit Blocked
  • Autoruns Created
  • System is slower than ever
  • Folder "log" in drive
  • smss.exe and Funny UST Scandal.avi.exe in Drives

Virus Removal Steps:

Enable Task-Manager, Regedit access by the first post, else run these registry entries to get them back temporarily.
Download TuneUp Utilities and follow the standard three steps:

1. Kill Process (Use Tune-up task-manager if Task-Manager is disabled)
2. Remove from File System (You can use unlocker, if necessary)
3. Remove registry Entries (Use Tune-up Registry editor if regedit is disabled)

Technicalities:

The following .BAT code is again a repetition of what's said above, the three steps


You can either copy this code, save it as virusRemover.BAT or download it from here
Run this (Double-Click) this in safe-mode. The steps are:
  1. Restart computer
  2. Keep pressing F8
  3. Choose one of the three Safe Mode options
  4. Login to your Account
  5. Double-Click on this file
  6. Once it is done, restart back normally

______________________________________________________

title UST Scandal Removal
echo off
cls
echo Funny UST Scandal Removal
echo Killing Virus Processes...
pause
taskkill /IM "killer.exe" /t /f
taskkill /IM "Funny UST Scandal.exe" /t /f
taskkill /IM "Funny UST Scandal.avi.exe" /t /f
pause
echo Deleting Virus files from file-System...
pause
del "%windir%\autorun.inf" /f /a
del "%windir%\smss.exe" /f /a
del "%windir%\killer.exe" /f /a
del "%windir%\Funny UST Scandal.*" /f /a
del "C:\log" /f /a
del "D:\log" /f /a
del "E:\log" /f /a
del "F:\log" /f /a
del "C:\Documents and Settings\All Users\Start Menu\Programs\Startup\lsass.exe" /f /a
del "D:\Documents and Settings\All Users\Start Menu\Programs\Startup\lsass.exe" /f /a
del "C:\autorun.inf" /f /a
del "C:\smss.exe" /f /a
del "C:\Funny UST Scandal.*" /f /a
del "D:\autorun.inf" /f /a
del "D:\smss.exe" /f /a
del "D:\Funny UST Scandal.*" /f /a
del "E:\autorun.inf" /f /a
del "E:\smss.exe" /f /a
del "E:\Funny UST Scandal.*" /f /a
del "F:\autorun.inf" /f /a
del "F:\smss.exe" /f /a
del "F:\Funny UST Scandal.*" /f /a
echo Reverting Registry Entries...
echo Enabling Registry...
pause
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f
echo Enabling TaskManager...
pause
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f
echo Enabling Run...
pause
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRun /t REG_DWORD /d 0 /f
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v DisallowRun /t REG_DWORD /d 0 /f
echo Enabling Control Panel...
pause
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v NoDispCPL /t REG_DWORD /d 0 /f
echo Enabling Folder Options...
pause
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoFolderOptions /t REG_DWORD /d 0 /f
echo Enabling Hidden Files...
pause
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN /v CheckedValue /t REG_DWORD /d 2 /f
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN /v DefaultValue /t REG_DWORD /d 2 /f
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL /v CheckedValue /t REG_DWORD /d 1 /f
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL /v DefaultValue /t REG_DWORD /d 2 /f
echo Removing Autoruns...
pause
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run /f
reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run /f
reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Runonce /f
reg delete HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Runonce /f
echo Fixing Explorer Handles...
pause
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /t REG_SZ /d Explorer.exe /f
echo Finishing...
echo UST Scandal Remover terminated successfully
pause
exit
______________________________________________________
Posted by at No comments:

Do you believe it? Top 8 Antiviruses (Supposedly ! )

To protect yourself from viruses that crop up all the time, it’s important to update your antivirus software’s data definition files. Am here posting the list of Some top Anti Virus Programs which are very useful to users.

AVG Free Edition - AVG Resident Shield provides real-time protection executions of files and programs. It features a smart e-mail scanner, virus updates and virus vault for secure handling of the files which are infected by viruses. The base version for windows is Free for private and non-commercial use.

My View: Quite bad, does not detect many viruses, very sad software, but its Free

BitDefender Online Scan System - BitDefender Scan Online scans system̢۪s memory, boot sector, all files and folders and also comes with automatic file cleaning option. Overall, it scans for over 70,000+ viruses, worms, trojans and other malicious applications. Inexpensive product received excellent scores in our performance tests, although its scan speed was sluggish.

My View: Slow, as already mentioned

McAfee VirusScan for Windows: This antivirus package detects all virus types, including Word and Excel macros; boot-sector infections; and file, multipartite, stealth, polymorphic, and encrypted viruses.

My View: Does not detect many viruses, it looks and feels great, offers many features, but fails in detecting, not free

Kaspersky Anti-Virus Personal Pro - A commonly used virus protection solution offering full protection against macro-viruses and unknown viruses. It offers reliable data integrity control and protection of e-mails from viruses.

My View: Looks good, a little pesky, beautiful sound effects, but not free

ESET NOD32 Antivirus - ESET NOD32 Anti-virus is available as an anti-virus for small businesses, individuals and for large networks. The trialware enables the user to try the application for a period of 30 days.

My View: A Decent AV, but did slow down my PC a little, not Free

avast! Home Edition - A free antivirus solution for scanning disk, CDs, in E-mail, HTTP, NNTP, IM and P2P.

My View: Best of the Lot, simple UI, updates itself, Free

Norton AntiVirus - Norton AntiVirus is the most popular and secure virus scanner for checking boot sector records at startup. The live update feature automatically installs new updates for regular protection against viruses.

My View: Worst of the lot, does not detect many viruses, but still people use it, not Free

HijackThis Software - HijackThis is a small application for scanning and cleaning spyware, malware infections in computer. It enables the user to save the scan log in a txt file which can be examined later for system security analysis.

My View: Excellent, but cannot be classified as a true AV program. User has to be educated to work with this. Not for beginners. Free

Source

Posted by at No comments:

An article by Munir Kotadia

Antivirus applications from Symantec, McAfee or Trend Micro -- the three leading AV vendors in 2005 -- are far less likely to detect new viruses and Trojans than the least popular brands.

This has nothing to do with the quality of the software or how long it takes the respective firms to update their clients with signatures and other malware countermeasures.

AV companies continue to refine their products and most will tell you they stopped relying on purely signature-based systems many years ago. These days they use all sorts of clever methods to try and detect suspicious behaviour but the problem is that malware authors are also very clever. Very, very clever.

On Wednesday, the general manager of Australia's Computer Emergency Response Team (AusCERT), Graham Ingram, described how the threat landscape has changed -- along with the skill of malware authors.

"We are getting code of a quality that is probably worthy of software engineers. Not application developers but software engineers," said Ingram. However, the actual reason why the top selling antivirus applications don't work is because malware authors are specifically testing their Trojans and viruses to make sure they can bypass these applications before releasing them in the wild.

"The most popular brands of antivirus on the market... have an 80 percent miss rate... So if you are running these pieces of software, eight out of 10 pieces of malicious code are going to get in," said Ingram. Although Ingram didn't mention any of the leading losers by name, Gartner's figures for 2005 show that Symantec is the clear leader with 53.6 percent of the market. McAfee and Trend own 18.8 percent and 13.8 percent of the market respectively.

One vendor Ingram did mention was Russian outfit Kaspersky, which in the same tests managed to block around 90 percent of new malware. According to Gartner, Kaspersky's market share is a lowly 0.7 percent. Most large firms already use more than one antivirus application but I wonder how many use two of the Symantec, McAfee and Trend trio? If you do then I suggest investing in yet another -- but whatever you do, stay well away from the bestseller shelf.

Source

Posted by at No comments:
Labels:

Easier way to remove ANY virus

The previously mentioned method needs some time and one has to be careful dealing with the registry as it is the heart of the computer. If you do not want to tamper with the registry in reverting changes that effect the

  • Task Manager
  • Control Panel
  • Hidden Files
  • Folder Options
  • RUN
  • msconfig
  • gpedit.msc
  • regedit
Then, download the files from the repository mentioned below. It contains a whole bunch of must-have regedits that are very helpful everytime your computer faces a new virus attack.

Click here to go to the virusRevert repository page. You will also find valuable material about writing your own solutions in the same page.
Also download / copy sample virus codes to write your own !
Posted by at No comments:
Labels: , , ,

Remove ANY virus manually

If viruses infect a system, most usually, the following happen:

1. The virus attempts to start itself every time the machine starts up, automatically because the user isn't dumb enough to go and click that link/exe once again.

2. The virus will do all it can to avoid being removed from the computer.

3. Every virus/program will have a process associated with it.

I am assuming the worst hit machine here, that is, the following things are already blocked:

Task-Manager(ALT+CTRL+DEL)
Run
Regedit
msconfig(Startup)
Folder Options
Hidden files (not working properly)
Control Panel
No Drives
*Autoruns (Explained specifically at the end)


So, to get started, we will first require the following free softwares (Even trial versions are okay)
Click here to download Tune-Up Utilities

Click here to downoad an Unlocker

Install both of them and start Tune-Up. It should look something like this:

Now, select the TuneUp StartUp Manager and look for the startups:



From this screen, make a note all those startup items labeled "Unknown", but checked.
Right click on each of them and click on properties
This screen will give you the location of the startup item, the file-location from where it was called. Note down all those startup entries and their locations.

Now, navigate to each of these entries and right-click. You will find an option called as "Unlocker". This is the tool that finds out the process associated with the exe. It will report some "handles" if indeed it is locked. You have to select each of the hadle and click on "unlock" after noting down the same process name in the list that you are maintaining. If Unlocker does not show any handles, its as simple as SHIFT+DEL. Delete the file immediately (The file will mostly be in WINDOWS folder or WINDOWS/system32).

Make sure the file that you are about to delete is indeed malicious
Google the name of the suspected exe and see the results. If Google also lists it as malicious, then you have got it right. Else, search for the next exe.

Now, again go back to the first screen and click on "Administer Control" and then TuneUp Registry Editor. This will open up the registry application which will look like this:

Now, from the menu bar, click on search and enter the name of the first exe file that you have noted down from the start-up entry details. It should look like this:



Now, the most important part,
Make sure the file that you are about to delete is indeed malicious
Google the name of the suspected exe and see the results. If Google also lists it as malicious, then you have got it right. Else, search for the next exe. Once found, navigate to each found entry and delete the value if it is listed as a value (simply select the value where the name is coming and press "delete"). Be careful not to delete keys, only delete values (left pane is for keys and right pane lists values of those keys in the registry editor)
Be very careful while doing this
Repeat the search to make sure that the entries are indeed gone.
Do this carefully for all those confirmed virus exe files.

At this point of time, you should be free of viruses.


Now, the next part, Reverting the changes made by the virus:

From the initial assumption that many things were blocked, we again open up the Tuneup Registry Editor. Here, we browse to the following key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
There will be values for this key on the right pane: You might see values like these:

(Default Value) (Value not set)

DisableTaskMgr 0x00000001

DisableRegistryTools 0x00000001

and many more depending on your infection. So now delete all of these by selecting each one and pressing DEL. Now, restart explorer.exe from the task-manager (CTRL+ALT+DEL)
Thats right, now your Task-Manager should work if you have followed all the steps perfectly
Find explorer.exe and right-click and select "terminate"
Then go to File>New Task (Run...) and type: "explorer.exe" without the quotes.
This whole process will make your windows and task-bar disappear till you start it back.
Else, just log-off and login if you are stuck here.

Now, navigate to these paths in the registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN

Change the CheckedValue to 2
Change the DefaultValue to 2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL

Change the CheckedValue to 1
Change the DefaultValue to 2

This will restore all you hidden file problems.


Now, the final "autorun" problem:
Navigate to any drive and first open up Notepad.
Now, click on file>open>
Type "autorun.inf" and select any drive. This will show up on notepad something like this:

[AutoRun]
open=blasterrrr.bat
;shell\open=Open(&O)
shell\open\Command=blasterrrr.bat
shell\open\Default=1
;shell\explore=Manager(&X)
shell\explore\Command=blasterrrr.bat

Here, we notice that one particular file (will be mostly a .BAT file or a .CMD file or a .COM file or simply a .EXE file) is being repeated throughout. Now, open up cmd prompt and go to any drive, say c:\ (after closing the notepad file)

C:\> del /F /a autorun.inf
C:\> del /F /a blasterrrr.bat

Now, again, restart your explorer.exe (or simply relogin). Be sure not to click the drives meanwhile.


Done!
Posted by at No comments:
Labels: , , , ,
Subscribe to: Comments (Atom)