HACK BACK BY EDAN

HACK BACK BY EDAN

HACK BACK BY EDAN


    Remove REGSVR.EXE and New Folder.exe viruses completely

    Share

    botnet
    Admin

    Posts : 4
    Join date : 2010-12-15

    Remove REGSVR.EXE and New Folder.exe viruses completely

    Post  botnet on Wed Dec 15, 2010 4:01 pm

    Remove REGSVR.EXE and New Folder.exe viruses completely
    Friday, May 14, 2010 Posted by X.E.R.O
    Categories: How to, Microsoft, tips n tricks, Tutorials, Windows 7, Windows tricks, Windows Tricks - WINDOWS VISTA
    Plug a pendrive into a public computer and you will be pesked by the continuously replicating “New Folder.exe” virus or the “regsvr.exe” virus. Hear my story, while I transferred my notes last night (around 600 folders) and I was surprised to see that around 450 MB of space was eaten by these self replicating space eaters ! I was running Linux so these were not a concern for me, but when I plugged my pendrive into my virtual machine (windows xp sp3), it caused multiple problems of explorer corruption and disabling registry tools.
    Time for some virus busting I guess..here is how you can remove “regsvr.exe” and “new folder.exe” from your computer.

    Step 1 - Some Startup Repairs
    First of all, boot into safe mode.After you get to your desktop,press F3 or Ctrl + F and search for “autorun.inf” file in your computer and delete all the subsequent files. I case you are no able to delete them, select all the files and uncheck the”Read Only” option. If you are still not able to delete them , you might want to try out Unlocker tool to delete the files.
    Now go to
    start – > run –> type ”msconfig”
    and press enter
    Go to startup tab and uncheck “regsvr”, click ok and then click on “Exit without restart”.
    Now go to
    control panel –> scheduled tasks and delete “At1” task listed there.
    Once done, close all windows.

    Step 2 - Changing Configurations
    Your registry might be disabled,and you need to activate it back to undo all the malicious changes done by worm.In order to do that, you need to go to
    start – > run –> type ”gpedit.msc”
    and press enter
    then navigate to
    users configuration –> Administrative templates –> systems
    Find “prevent access to registry editing tools” , double click it and change the option to disable.

    Once done, your Regedit will be enabled. In case your task manager is disabled, you need to enable it.

    Step 3 - Registry Edits
    Now we have to perform some registry edits to enable our explorer and to remove all instances of worm from the registry. Go to
    start – > run –> type ”regedit”
    and press enter
    Click on Edit –> Find and search for regsvr.exe . Find and delete all the occurrences of regsvr.exe virus (don't delete regsvr32.exe as its not a virus).
    then navigate to entry
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    and modify the entry
    Shell = “Explorer.exe regsvr.exe”

    to delete the regsvr.exe from it,so that it becomes
    Shell = “Explorer.exe”
    Once done, close all windows and get ready to delete all virus files.

    Step 4 - Deleting Virus Files
    The final step is to delete all the virus files in your computer. To do this, Press F3 or Ctrl + F and search for regsvr.exe (make sure to search in hidden folders ) and delete all “regsvr.exe” “svchost .exe” files (notice the gap between ‘svchost’ and ‘.exe’, keep in mind you don't delete the legitimate file.).
    Clean your recycle bin and restart your PC (perform a cold boot).
    Volia..you have cleaned your computer from regsvr..just make sure to scan your pendrive the next time you plug in Smile


    mr.erorr

    Posts : 1
    Join date : 2011-11-10

    Re: Remove REGSVR.EXE and New Folder.exe viruses completely

    Post  mr.erorr on Sun Nov 13, 2011 8:22 pm

    botnet wrote:Remove REGSVR.EXE and New Folder.exe viruses completely
    Friday, May 14, 2010 Posted by X.E.R.O
    Categories: How to, Microsoft, tips n tricks, Tutorials, Windows 7, Windows tricks, Windows Tricks - WINDOWS VISTA
    Plug a pendrive into a public computer and you will be pesked by the continuously replicating “New Folder.exe” virus or the “regsvr.exe” virus. Hear my story, while I transferred my notes last night (around 600 folders) and I was surprised to see that around 450 MB of space was eaten by these self replicating space eaters ! I was running Linux so these were not a concern for me, but when I plugged my pendrive into my virtual machine (windows xp sp3), it caused multiple problems of explorer corruption and disabling registry tools.
    Time for some virus busting I guess..here is how you can remove “regsvr.exe” and “new folder.exe” from your computer.

    Step 1 - Some Startup Repairs
    First of all, boot into safe mode.After you get to your desktop,press F3 or Ctrl + F and search for “autorun.inf” file in your computer and delete all the subsequent files. I case you are no able to delete them, select all the files and uncheck the”Read Only” option. If you are still not able to delete them , you might want to try out Unlocker tool to delete the files.
    Now go to
    start – > run –> type ”msconfig”
    and press enter
    Go to startup tab and uncheck “regsvr”, click ok and then click on “Exit without restart”.
    Now go to
    control panel –> scheduled tasks and delete “At1” task listed there.
    Once done, close all windows.

    Step 2 - Changing Configurations
    Your registry might be disabled,and you need to activate it back to undo all the malicious changes done by worm.In order to do that, you need to go to
    start – > run –> type ”gpedit.msc”
    and press enter
    then navigate to
    users configuration –> Administrative templates –> systems
    Find “prevent access to registry editing tools” , double click it and change the option to disable.

    Once done, your Regedit will be enabled. In case your task manager is disabled, you need to enable it.

    Step 3 - Registry Edits
    Now we have to perform some registry edits to enable our explorer and to remove all instances of worm from the registry. Go to
    start – > run –> type ”regedit”
    and press enter
    Click on Edit –> Find and search for regsvr.exe . Find and delete all the occurrences of regsvr.exe virus (don't delete regsvr32.exe as its not a virus).
    then navigate to entry
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    and modify the entry
    Shell = “Explorer.exe regsvr.exe”

    to delete the regsvr.exe from it,so that it becomes
    Shell = “Explorer.exe”
    Once done, close all windows and get ready to delete all virus files.

    Step 4 - Deleting Virus Files
    The final step is to delete all the virus files in your computer. To do this, Press F3 or Ctrl + F and search for regsvr.exe (make sure to search in hidden folders ) and delete all “regsvr.exe” “svchost .exe” files (notice the gap between ‘svchost’ and ‘.exe’, keep in mind you don't delete the legitimate file.).
    Clean your recycle bin and restart your PC (perform a cold boot).
    Volia..you have cleaned your computer from regsvr..just make sure to scan your pendrive the next time you plug in Smile


    ni virus Evil or Very Mad gerenti xmasuk ke?? Wink

      Current date/time is Wed Sep 20, 2017 11:57 am