Remove Virus Shortcut - Harry Potter.lnk, Microsoft.lnk

You fell ill a computer virus / malware folder shortcut harry potter.lnk, microsoft.lnk, new folder with file type is shortcut, file size is 1 Kb and many more indicator. The author use of Windows XP SP2 but this virus may attack on vista too.

According to my way of hypothetical virus / malware is as follows:
  • Virus / malware will put this file database.mdb, thumb.db, Autorun.inf, shortcut folder harry potter .... lnk, microsoft folder shortcuts, folders and shortcuts to folders on the new document.
  • Virus / malware will enable wscript.exe file that is located in the system32 folder on the Windows folder to run the file on my database.mdb document.
  • Shortcut folders will be related to the earlier file wscript.exe and thumb.db.
  • If you open a shortcut folders before they will activate the file wscript.exe and thumb.db and file will create a duplicate folder shortcut is on your computer, thumb.db file and the file autorun.inf in the drive C.
  • If your computer is exposed to the virus / malware then this whole drive C: you will have found duplicates on your computer, thumb.db file and the file autorun.inf. It also will scan a drive, CD ROM, flash and your network as the media spread of the virus / malware this.

There are 2 methods to remove this virus:



Method 1 - With the use of Antivirus update.


Antivirus which can identify the virus (You can download directly "here" ), namely:
  • AVG free: detect as VBS Worm.
AVG will delete all folders and shortcuts duplicate files main virus earlier.
  • Norton Antivirus 2009 (trial 15 days) : detect as VBSRunauto.
Norton will delete all files on the drive thumb.db C.
You can delete the Autorun.inf file and folder shortcuts all the duplicates manually.
  • Antivir Avira Premium (license 6 months free) : detect as VBS/Yuyun A or malware DR/Agent.JP.4.
Antivir will delete all thumb.db files on the drive C.
You can delete the Autorun.inf file and folder shortcuts all the duplicates manually.
  • or other antivirus that have newest update.


Method 2 - With the manual.
  1. Turn off system Restore.
  2. Turn off the virus by using wscript.exe tool CProcess or CurrProcess (you can download via google). Run Crocess, search tab on the process name wscript.exe then right click on the name of the file and click kill procesess selected.
  3. Open Windows Explorer, click the tool menu option, folder option, view, click show hidden files and folders, click / uncheck the Hide extensions for known file types and Hide protected operating system files.Klik OK.
  4. Open my documents. Delete the file database.mdb.
  5. Click the Search button. Click All Files and Folders. In the All or part of the file name type: thumb.db, in the Look in a click. Delete all files that have been found. Repeat the steps above and delete all files that are found again.
  6. Click the Search button. Click All Files and Folders. In the All or part of the file name type: Autorun.inf, Look at the click in my computer. Delete all files that have been found. Repeat the steps above and delete all files that are found again.
  7. In step 6 virus is actually missing or no longer active but still have the rest of the shortcut duplicate folders created by malware earlier.
  8. If you also want removed, you must be careful once the shortcut is created by the virus with a shortcut to the default windows. The shortcut of the folder is created by the virus that is when we refer to the folder will appear in the link from the shortcut to the windows/system32. That we should be clear.
  9. How to find the folder shortcut: Click the Search button. Click All Files and Folders. In the All or part of the file name type: *. lnk, Look at the click in my computer. You must choose from based on the characteristics of a folder shortcut is created by the virus at the top of the line.
  10. You can delete the registry made by the virus earlier by using the tool HijackThis. (You can download HijackThis 2.0.2 here). Click Scan system and only looking at the HKCU \ ... \ ... database.mdb, HKLM \ ... \ .... relating to the WindowsXP cd (I forget the name length, and for that sometimes there is also sometimes not), and HKCU \ ... \ .... disableregedit = 1. click the button fixed.
  11. Now restart your computer.


In fact, if we do not delete the registry before (step 10) is not a problem, but at the restart windows will appear 2 text box that the first search for the file dialog database.mdb we remove earlier, the second prompted enter cd WindowsXP (this show is that there are also who does not). click Ok. Regedit and then it is likely we will didisable by the virus earlier. This also ga not problem if your brain is often especial registry windows.




Method to prevent the virus come again:


Virus this work if we click the folder shortcut new harry potter ... lnk, microsoft. Once we click the folder shortcut its so activated wsript.exe will find a file that is located in the folder windows system32 folder. Wscript.exe actively with the virus will begin to spread. So the key is that the virus is active on the file wscript.exe. For that we must kill wscript.exe way change of the name.


Open Windows Explorer, click the tool menu option, folder option, view, click show hidden files and folders, click / uncheck the Hide extensions for known file types and Hide protected operating system files.Klik OK.


Open the folder C: \ Windows \ system32 \ dllcache. This folder is collection of files from the backup files in the system32 folder. Find the file and click the right wsript.exe rename a wscriptx.exe for example. And open the C: \ Windows \ system32, find the file and click the right wsript.exe rename wscriptx.exe also be, for example.


Now you can start trying and Good Luck!

Source: http://worldlightinformation.blogspot.com

18 comments:

Emilia SP said...

thank's for your post about removal virus, it's verry important.to me..

Emilia SP said...

thank' for your tips about antivirus, it's verry importan to me...

Johnmansda said...

You're welcome..!

Anonymous said...

Antispyware solution from Search-and-destroy.
I have tried so many different types of scans to help keep my PC running at its best and one thing that I discovered is that they all tend to find the same types of bugs. The main difference between them all is the price that you pay. Recently I discovered Search-and-destroy Antispyware at http://www.Search-and-destroy.com and I really like it a lot. Antispyware solution from Search-and-destroy is one of the best scans I have ever used and I’m sure that you will be very happy with it as well. Go ahead and give it a try, you will be glad you did!

Wahyu Bhaskoro said...

My teacher's computer is attacked by this kind of virus, thanks for the information

Anonymous said...

i will trying...

Anonymous said...

i just want to ask..is the permanent virus is exist?i just keep wonderring that i had alot of time to format my laptop but when i discover it,i found that the virus is still there and there is no changes...so can u give me tips or solution how to destroy the virus in my laptop?

Anonymous said...

thanx for the info!

santoso said...

I just want to ask how to recover files converted to shortcut because of this virus?

Raghuveer said...

hello sir.. the original data is hidden so i wanted to take back those data.. but its not permitting to uncheck the hidden option in the properties dialog box.. so please let me know how to do that

Dean_amx said...

I had used the method 2.2 and it had worked successfully with the help of Avast Anti-Virus. Thanks a lot! Many people is facing this problems on now on..

Anonymous said...

I used avira(free version) but could not get rid of this virus. Super antispyware is also good but could not clean this particular virus.Then i used avast. it cleaned thoroughly.

Antivirus Download said...

Hi
Glad to read this post on viruses and malware files,to enhance Internet security and to remove these files use these antiviruses to protect your system.

Anonymous said...

Just For share..
Tiny Shortcut remover

http://www.321infos.co.cc/search/label/antivirus

FaiK Fauzi MuLaCheLLa said...

Use this: http://www.faikshare.com/2011/03/cara-hapus-virus-copy-of-shortcut-to-1.html


Very very Best Trik....

Anonymous said...

if you have access to a computer with linux os you can see all lnk files and autorun.inf and one folder driverguides.info by deleting these files you can clean your flash drive

virus protection for mac said...

Hello, thanks for posting this information, I was trying to find information on this topic –this was very helpful.

arumugam said...

Heya¡­my very first comment on your site. ,I have been reading your blog for a while and thought I would completely pop in and drop a friendly note. . It is great stuff indeed. I also wanted to ask..is there a way to subscribe to your site via email?











Microsoft Virus Removal

Post a Comment

Please, give your comment about this antivirus here!