You fell ill a computer virus / malware folder shortcut harry potter.lnk, microsoft.lnk, new folder with file type is shortcut, file size is 1 Kb and many more indicator. The author use of Windows XP SP2 but this virus may attack on vista too.
According to my way of hypothetical virus / malware is as follows:
There are 2 methods to remove this virus:
According to my way of hypothetical virus / malware is as follows:
- Virus / malware will put this file database.mdb, thumb.db, Autorun.inf, shortcut folder harry potter .... lnk, microsoft folder shortcuts, folders and shortcuts to folders on the new document.
- Virus / malware will enable wscript.exe file that is located in the system32 folder on the Windows folder to run the file on my database.mdb document.
- Shortcut folders will be related to the earlier file wscript.exe and thumb.db.
- If you open a shortcut folders before they will activate the file wscript.exe and thumb.db and file will create a duplicate folder shortcut is on your computer, thumb.db file and the file autorun.inf in the drive C.
- If your computer is exposed to the virus / malware then this whole drive C: you will have found duplicates on your computer, thumb.db file and the file autorun.inf. It also will scan a drive, CD ROM, flash and your network as the media spread of the virus / malware this.
There are 2 methods to remove this virus:
Method 1 - With the use of Antivirus update.
Antivirus which can identify the virus (You can download directly "here" ), namely:
You can delete the Autorun.inf file and folder shortcuts all the duplicates manually.
You can delete the Autorun.inf file and folder shortcuts all the duplicates manually.
Method 2 - With the manual.
In fact, if we do not delete the registry before (step 10) is not a problem, but at the restart windows will appear 2 text box that the first search for the file dialog database.mdb we remove earlier, the second prompted enter cd WindowsXP (this show is that there are also who does not). click Ok. Regedit and then it is likely we will didisable by the virus earlier. This also ga not problem if your brain is often especial registry windows.
Method to prevent the virus come again:
Virus this work if we click the folder shortcut new harry potter ... lnk, microsoft. Once we click the folder shortcut its so activated wsript.exe will find a file that is located in the folder windows system32 folder. Wscript.exe actively with the virus will begin to spread. So the key is that the virus is active on the file wscript.exe. For that we must kill wscript.exe way change of the name.
Open Windows Explorer, click the tool menu option, folder option, view, click show hidden files and folders, click / uncheck the Hide extensions for known file types and Hide protected operating system files.Klik OK.
Open the folder C: \ Windows \ system32 \ dllcache. This folder is collection of files from the backup files in the system32 folder. Find the file and click the right wsript.exe rename a wscriptx.exe for example. And open the C: \ Windows \ system32, find the file and click the right wsript.exe rename wscriptx.exe also be, for example.
Now you can start trying and Good Luck!
Source: http://worldlightinformation.blogspot.com
Antivirus which can identify the virus (You can download directly "here" ), namely:
- AVG free: detect as VBS Worm.
- Norton Antivirus 2009 (trial 15 days) : detect as VBSRunauto.
You can delete the Autorun.inf file and folder shortcuts all the duplicates manually.
- Antivir Avira Premium (license 6 months free) : detect as VBS/Yuyun A or malware DR/Agent.JP.4.
You can delete the Autorun.inf file and folder shortcuts all the duplicates manually.
- or other antivirus that have newest update.
Method 2 - With the manual.
- Turn off system Restore.
- Turn off the virus by using wscript.exe tool CProcess or CurrProcess (you can download via google). Run Crocess, search tab on the process name wscript.exe then right click on the name of the file and click kill procesess selected.
- Open Windows Explorer, click the tool menu option, folder option, view, click show hidden files and folders, click / uncheck the Hide extensions for known file types and Hide protected operating system files.Klik OK.
- Open my documents. Delete the file database.mdb.
- Click the Search button. Click All Files and Folders. In the All or part of the file name type: thumb.db, in the Look in a click. Delete all files that have been found. Repeat the steps above and delete all files that are found again.
- Click the Search button. Click All Files and Folders. In the All or part of the file name type: Autorun.inf, Look at the click in my computer. Delete all files that have been found. Repeat the steps above and delete all files that are found again.
- In step 6 virus is actually missing or no longer active but still have the rest of the shortcut duplicate folders created by malware earlier.
- If you also want removed, you must be careful once the shortcut is created by the virus with a shortcut to the default windows. The shortcut of the folder is created by the virus that is when we refer to the folder will appear in the link from the shortcut to the windows/system32. That we should be clear.
- How to find the folder shortcut: Click the Search button. Click All Files and Folders. In the All or part of the file name type: *. lnk, Look at the click in my computer. You must choose from based on the characteristics of a folder shortcut is created by the virus at the top of the line.
- You can delete the registry made by the virus earlier by using the tool HijackThis. (You can download HijackThis 2.0.2 here). Click Scan system and only looking at the HKCU \ ... \ ... database.mdb, HKLM \ ... \ .... relating to the WindowsXP cd (I forget the name length, and for that sometimes there is also sometimes not), and HKCU \ ... \ .... disableregedit = 1. click the button fixed.
- Now restart your computer.
In fact, if we do not delete the registry before (step 10) is not a problem, but at the restart windows will appear 2 text box that the first search for the file dialog database.mdb we remove earlier, the second prompted enter cd WindowsXP (this show is that there are also who does not). click Ok. Regedit and then it is likely we will didisable by the virus earlier. This also ga not problem if your brain is often especial registry windows.
Method to prevent the virus come again:
Virus this work if we click the folder shortcut new harry potter ... lnk, microsoft. Once we click the folder shortcut its so activated wsript.exe will find a file that is located in the folder windows system32 folder. Wscript.exe actively with the virus will begin to spread. So the key is that the virus is active on the file wscript.exe. For that we must kill wscript.exe way change of the name.
Open Windows Explorer, click the tool menu option, folder option, view, click show hidden files and folders, click / uncheck the Hide extensions for known file types and Hide protected operating system files.Klik OK.
Open the folder C: \ Windows \ system32 \ dllcache. This folder is collection of files from the backup files in the system32 folder. Find the file and click the right wsript.exe rename a wscriptx.exe for example. And open the C: \ Windows \ system32, find the file and click the right wsript.exe rename wscriptx.exe also be, for example.
Now you can start trying and Good Luck!
Source: http://worldlightinformation.blogspot.com
17 comments:
thank's for your post about removal virus, it's verry important.to me..
thank' for your tips about antivirus, it's verry importan to me...
You're welcome..!
My teacher's computer is attacked by this kind of virus, thanks for the information
i will trying...
i just want to ask..is the permanent virus is exist?i just keep wonderring that i had alot of time to format my laptop but when i discover it,i found that the virus is still there and there is no changes...so can u give me tips or solution how to destroy the virus in my laptop?
thanx for the info!
I just want to ask how to recover files converted to shortcut because of this virus?
hello sir.. the original data is hidden so i wanted to take back those data.. but its not permitting to uncheck the hidden option in the properties dialog box.. so please let me know how to do that
I had used the method 2.2 and it had worked successfully with the help of Avast Anti-Virus. Thanks a lot! Many people is facing this problems on now on..
I used avira(free version) but could not get rid of this virus. Super antispyware is also good but could not clean this particular virus.Then i used avast. it cleaned thoroughly.
Hi
Glad to read this post on viruses and malware files,to enhance Internet security and to remove these files use these antiviruses to protect your system.
Just For share..
Tiny Shortcut remover
http://www.321infos.co.cc/search/label/antivirus
Use this: http://www.faikshare.com/2011/03/cara-hapus-virus-copy-of-shortcut-to-1.html
Very very Best Trik....
if you have access to a computer with linux os you can see all lnk files and autorun.inf and one folder driverguides.info by deleting these files you can clean your flash drive
Hello, thanks for posting this information, I was trying to find information on this topic –this was very helpful.
Heya¡my very first comment on your site. ,I have been reading your blog for a while and thought I would completely pop in and drop a friendly note. . It is great stuff indeed. I also wanted to ask..is there a way to subscribe to your site via email?
Microsoft Virus Removal
Post a Comment
Please, give your comment about this antivirus here!