Sysnet: ANTI-VIRUS SOLUTION

Thursday, October 25, 2007

ANTI-VIRUS SOLUTION

For Virus related Issues

20 Comments:

At October 25, 2007 at 10:18 AM , Anonymous said...: IF u are facing any type of virus and network related problem of Microsoft Windows OS
Than Pl go through this link

http://www.microsoft.com/downloads/details.aspx?familyid=ad724ae0-e72d-4f54-9ab3-75b8eb148356&displaylang=en

Brief Description
This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month
At October 25, 2007 at 10:42 AM , Dhiru Chaudhary said...: Some Importent Tools and Utility...

1.
http://vil.nai.com/vil/stinger/

Brief Description
Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system. Stinger utilizes next generation scan engine technology, including process scanning, digitally signed DAT files, and scan performance optimizations.

2.
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis

Brief Description
HijackThis™ is a free utility which quickly scans your Windows computer to find settings that may have been changed by spyware, malware or other unwanted programs. HijackThis creates a report, or log file, with the results of the scan.

IMPORTANT: HijackThis does not determine what is good or bad. Do not make any changes to your computer settings unless you are an expert computer user.

Advanced users

3.
https://europe.f-secure.com/download-purchase/tools.shtml

Free Virus Removal Tools

4.
http://us.mcafee.com/virusInfo/default.asp?id=vrt
McAfee Security provides you with a powerful set of virus removal tools, designed to automatically detect and remove viruses that infected your system. These applications are also valuable because of their size, making them easily downloadable even with a slow Internet connection. If you suspect your system to be infected with one of the following viruses, these invaluable FREE tools will allow you to repair any damages to your computer.

5.
http://www.trendmicro.com/download/sysclean.asp
Sysclean is a self-extracting archive stand-alone fix package that incorporates the Damage Cleanup Engine and Template. It replaces the traditional fix tool by addressing a wide variety of system infections rather than a specific malware infection

6.
http://free.grisoft.com/
Free basic protection from AVG
At December 8, 2007 at 12:00 PM , Anonymous said...: This comment has been removed by a blog administrator.
At January 29, 2008 at 1:57 PM , Anonymous said...: Dear Sir,
It is the case of CBI where 40gb IDE HDD installed having 2 partion (File system is FAT32 for both partition.User is not able to open second partion(D:).D : is only excessable through explore.Whenever they clik on D drive the error come: "The D:\application cannot be run in Win32 mode."
Please give me solution to prob this problem.
Regards,
Vijay
At January 30, 2008 at 10:18 AM , kanwal said...: Hello Pankaj,

To correct and solve this error, follow this steps:

1. Run Task Manager (Ctrl-Alt-Del or right click on Taskbar)
2. Stop wscript.exe process if available by highlighting the process name and clicking End Process.
3. Then terminate explorer.exe process.
4. In Task Manager, click on File -> New Task (Run…).
5. Type “cmd” (without quotes) into the Open text box and click OK.
6. Type the following command one by one followed by hitting Enter key:

del c:\autorun.* /f /s /q /a
del d:\autorun.* /f /s /q /a
del e:\autorun.* /f /s /q /a

c, d, e each represents drive letters on Windows system. If there are more drives or partitions available, continue to command by altering to other drive letter. Note that you must also clean the autorun files from USB flash drive or portable hard disk as the external drive may also be infected.
7. In Task Manager, click on File -> New Task (Run…).
8. Type “regedit” (without quotes) into the Open text box and click OK.
9. Navigate to the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
10. Check if the value name and value data for the key is correct (the value data of userint.exe include the path which may be different than C drive, which is also valid, note also the comma which is also needed):

“Userinit”=”C:\WINDOWS\system32\userinit.exe,”

If the value is incorrent, modify it to the valid value data.

Thanks
Kanwal
At January 30, 2008 at 10:20 AM , kanwal said...: Hi Vijay,

To correct and solve this error, follow this steps:

1. Run Task Manager (Ctrl-Alt-Del or right click on Taskbar)
2. Stop wscript.exe process if available by highlighting the process name and clicking End Process.
3. Then terminate explorer.exe process.
4. In Task Manager, click on File -> New Task (Run…).
5. Type “cmd” (without quotes) into the Open text box and click OK.
6. Type the following command one by one followed by hitting Enter key:

del c:\autorun.* /f /s /q /a
del d:\autorun.* /f /s /q /a
del e:\autorun.* /f /s /q /a

c, d, e each represents drive letters on Windows system. If there are more drives or partitions available, continue to command by altering to other drive letter. Note that you must also clean the autorun files from USB flash drive or portable hard disk as the external drive may also be infected.
7. In Task Manager, click on File -> New Task (Run…).
8. Type “regedit” (without quotes) into the Open text box and click OK.
9. Navigate to the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
10. Check if the value name and value data for the key is correct (the value data of userint.exe include the path which may be different than C drive, which is also valid, note also the comma which is also needed):

“Userinit”=”C:\WINDOWS\system32\userinit.exe,”

If the value is incorrent, modify it to the valid value data.

Thanks
Kanwal
At January 30, 2008 at 10:48 AM , kanwal said...: Hi Vijay,

You can do these steps also

Go to Start/Run and type :

reg.exe add "HKCR\Drive\shell" /ve /d "none" /f

then type:

regsvr32 shell32.dll

Press Enter

Then go here, and download SuperAntispyware. Get the free version,

http://www.superantispyware.com/

Install it, update it and run it. Delete or fix anything it finds

Thanks
Kanwal
At March 3, 2008 at 3:11 PM , Shyam_TSG said...: Newfolder.exe virus/W32 Sohanad Worm
It works
Disabling Task Manager
Disabling Registry Editor
Creates a startup entry to start upon system start and Creates its own exe files in Shared Documents folder which appear like ordinary folders.Disables Folder OptionsUses your 50% or more processor
You can see that the folders in Shared Documents have an exe extension If you have unchecked Hide extensions for known file types in Folder Options

Downloaded Tool for This Virus/worm

http://technize.com/content/downloads/Smart_AV.exe

That can easily remove 11 different viruses

It is able to detect and clean virus only by running it. It can also remove virus from flash drives and scan single folders for viruses. By the time, I will add support for removing other viruses also. here is a screenshot
At March 19, 2008 at 10:35 AM , Shyam_TSG said...: w32.blaster worm Removal Tool

The welcha worm virus you got there, if your SVCHOST is using all your processing power.
the worm creates its own files named svchost.exe and dllhost.exe in the windows\system32\wins\ directory
Download the patch and there is also a symantec fix for it too which will remove it.
Download both the patch and fix files, disconnect from internet, run the fix then patch.

Find the fix here http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.removal.tool.html
and patch here: http://www.rcub.bg.ac.yu/Antivirus/Q815021_WXP_SP2_x86_ENU.exe
At June 11, 2008 at 5:19 PM , Shyam_TSG said...: SAFELY REMOVE VIRUS FROM YOUR PEN DRIVE / HEAL PEN DRIVE

1.How to safe remove virus from pendrive?

2.How to disinfect a pendrive from virus without formatting nad losing any data?

3.How to fix error in pen drives (files & folders name show boxes characters) ?

4.What to do when ’safely remove removable drive’ doesn’t work?

Download

http://piyushlabs.googlepages.com/healpendrive_1.0.exe

its less than 350KB

Procedure

Again lists out ALL the exe files and asks for deletion, TAKE CARE THAT YOU DONT DELETE UR

PLEASE NOTE
If ur pen drive has many softwares (.exe’s), then dont perform the fifth step.

“Report all exe files”

You may accidentally delete some important file.

Thanks

Shyam
At June 11, 2008 at 5:27 PM , Shyam_TSG said...: Funny UST Scandal.avi.exe Virus
AutoIt v3 Script 3,2,8,1 / SMSS.exe / LSASS.exe / KILLER.exe / Funny UST Scandal.avi.exe
===================================

VIRUS FILES
Name :Funny UST Scandal.avi.exe
Name :SMSS.exe

Icon :Video file (GOM Player)
Type of File :Application
Size :224KB/240KB
Modified :November 20, 2007
Attibutes :Hidden, System (varies)
File Version :3.2.8.1
Description :
Copyright :
CompiledScript :AutoIt v3 Script : 3, 2, 8, 1

BEHIND THE SCREEN
ModifyRegValue \REGISTRY\USER\S-1-5-21-436374069-1390067357-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c4da22a-f800-11db-8de6-806d6172696f}\BaseClass
CreateDir C:\log\
CreateFile C:\WINDOWS\autorun.inf
CreateFile C:\WINDOWS\smss.exe
CreateFile C:\WINDOWS\killer.exe
CreateFile C:\WINDOWS\Funny UST Scandal.exe
CreateFile C:\Documents and Settings\All Users\Start Menu\Programs\Startup\lsass.exe
ModifyRegValue \REGISTRY\USER\S-1-5-21-436374069-1390067357-839522115-1003_CLASSES\.vbs
CreateRegValue \REGISTRY\USER\S-1-5-21-436374069-1390067357-839522115-1003_CLASSES\.reg
CreateRegValue \REGISTRY\USER\S-1-5-21-436374069-1390067357-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\Runonce
ModifyRegValue \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
ModifyRegValue \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue
CreateFile X:\autorun.inf
CreateFile X:\smss.exe
CreateFile X:\Funny UST Scandal.avi.exe

**X=all the drives

IDENTIFIED BY ANTIVIRUS (KAV)
“Worm.P2P.generic”
“Trojan.generic”

*during installation of virus, not during scanning, i dont have latest update

SOLUTION
1. Enable Regedit, CMD, TaskManager.

2. Restart the comp in “Safe Mode with Command Prompt”

3. Type:
reg delete HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v Runonce
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL /v CheckedValue /t REG_DWORD /d 1
reg add “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon” /v Shell /t REG_SZ /d Explorer.exe

4. Type:
del “%windir%\autorun.inf” /f /a
del “%windir%\smss.exe” /f /a
del “%windir%\killer.exe” /f /a
del “%windir%\Funny UST Scandal.exe” /f /a
del “C:\log” /f /a
del “C:\Documents and Settings\All Users\Start Menu\Programs\Startup\lsass.exe” /f /a

del “D:\autorun.inf” /f /a
del “D:\smss.exe” /f /a
del “D:\Funny UST Scandal.avi.exe” /f /a

*like this for all drives…

5. Type:
TASKMGR
If not working type:
reg delete **********

6. Type:
EXPLORER
If not working type:
reg delete **********

DOWNLOAD

download these file.

run the file 1.bat in normal mode. (simply run)

run the file 2.bat in safe mode with command prompt.

DETAILS: given in 1.bat, when u run it.

thanks to my friend Murtuza Zhabuawala for creating such an easy to use batch file.

http://piyushlabs.googlepages.com/1.bat

http://piyushlabs.googlepages.com/2.bat

Thanks
Shyam
At June 11, 2008 at 5:40 PM , Shyam_TSG said...: SSVICHOSST virus
Virus File Name:

ssvichosst.exe (having a folder icon)

filename (a file inside a folder having the same name as the folder, having folder icon)

Symptoms:

You are unable to open TaskManager, Regedit, CMD, Msconfig, etc.

Some windows open for fractions of seconds and suddenly gets closed. Like TaskManager, Regedit, etc.

No command works in ’command’ window, except ‘exit’.

The Tools>FolderOptions is gone in the Windows Explorer.

You cannot see your hidden files.

Your system has become too slow. As the virus process takes up almost half of the resources.

Behind the screen:

The virus copies the virus file “SSVICHOST.EXE” to C:\Windows\ and to C:\Windows\System32\ .

It runs its process SSVICHOSST.EXE as the background process under User.

Processes with the other file name may also be running with the WindowTitle ‘AutoIt v3′.

It adds a startup program in HKCU\Software\MicroSoft\Windows\CurrentVersion\Run as ‘Yahoo Massangger***’

Adds a value in registry, HKLM\System\ControlSet001\Services\Schedule ‘AtTaskMaxHours’=0.

Complete detail

SOLUTION:

Download and run my HEAL FOR SSVICHOSST

or follow this long procedure . . .

End Task*
———-
1. On desktop> right-click> new> shortcut
2. Enter
taskkill.exe /F /FI “IMAGENAME eq ssvichosst.exe”
3. Next> finish
4. Double click the shortcut file just created

*In some case, if this “taskkill.exe” file is not available in the windows\system32 directory (esp. in laptops), then try to get it from someone’s comp.

Enable Task Manager
——————-
1. Start> run

reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f

2. Start> run

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f

Enable CMD
———-
1. Start> run

reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableCmd /t REG_DWORD /d 0 /f

2. Start> run

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableCmd /t REG_DWORD /d 0 /f

Enable Regedit
————–
1. Start> run

reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f

2. Start> run

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f

Folder Option & Hidden Files
—————————-
1. Start> run

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoFolderOptions /t REG_DWORD /d 0 /f

2. Start> run

reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoFolderOptions /t REG_DWORD /d 0 /f

3. Start> run

reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v Hidden /t REG_DWORD /d 1 /f

4. Start>run

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL /v CheckedValue /t REG_DWORD /d 1 /f

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL /v DefaultValue /t REG_DWORD /d 2 /f

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN /v CheckedValue /t REG_DWORD /d 2 /f

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN /v DefaultValue /t REG_DWORD /d 2 /f

Delete Virus Files**
——————–
1. Start> run> CMD
del %windir%\ssvichosst.exe /a /f /q
del %windir%\system32\ssvichosst.exe /a /f /q

**Do not double click these files, otherwise you have to start from the begining

Delete Startup Launch of Virus***
———————————–

1. Start> run
reg delete HKCU\Microsoft\Windows\CurrentVersion\Run /v Yahoo Messengger

Fix for ” Windows cannot find ssvichosst
—————————————–

1. START> RUN > type CMD > now paste the following
reg add “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon” /v Shell /t REG_SZ /d Explorer.exe

this procedure is to remove the error that comes whenever you restart windows
something like “could not find SSVICHOSST” or “error loading SSVICHOSST” or “windows cannot find ssvichost”

DOWNLOAD

Heal for SSVICHOSST

Download Page for other heals

PRECAUTION:

Never double click on removable devices in MyComputer.

Always right-click and Explore

if you have any other problem or any doubt about the step then plz do contact me. i’m always there to help you.

Thanks
Shyam
At June 11, 2008 at 5:42 PM , Shyam_TSG said...: MicrosoftPowerPoint.exe / Monitor Virus
MicrosoftPowerPoint.exe/H icon logo taskbar/ monitor/~DF450D.tmp.exe

The Kaspersky Latest Update do not detect this virus yet on 8 Nov, 2007. And i did it b4 as i promised . . .

This is the new version of the old “orkut virus” if u remember … Mu hu ha ha ha ….. but it doesnt do anything like that now… : )

And i have got the website of the programmer who developed this virus… It’s http://sapn4.tripod.com/

But PLZ i request, do not go to that site, or else ur comp may be seriously affected. The virus automatically starts d’loading.

There’s nothing on the site but a few google ads.

Its quite old virus now. But still Kaspersky doesn’t detect it. Probably no one reported.. he he

VIRUS FILES

File Name: MicrosoftPowerPoint.exe
Icon: Folder with a small “my comp” icon within it
Type: Applicaion
Description: MicrosoftPowerPoint
Size: 261 KB (268,082 bytes)
Size on disk: 272 KB (278,528 bytes)
Modified: Tuesday, June 26, 2007, 1:06:24 PM
Attributes: Read-only, Hidden+System, Archive

File Name: Winlogons.exe
Icon: Folder
Type: Winlogons
Description: MicrosoftPowerPoint
Size: 261 KB (268,082 bytes)
Size on disk: 272 KB (278,528 bytes)
Modified: Wednesday, October 31, 2007, 10:20:00 PM
Attributes: Read-only, Hidden+System, Archive

File Name: MsUpdate.exe
Icon: ‘H’ in green color
Type: Application
Description: AutoHotKey
Size: 230 KB (235,520 bytes)
Modified: Wednesday, June 20, 2007, 10:38:52 PM
Attributes: Archive
File version: 1.0.46.17
Internal Name: AutoHotKey
PARTIALLY DETECTED BY KASPERSKY

Trojan-Downloader.Win32.AutoIt.t -> monitor 2.6 KB

SYMPTOMS

These two hidden system files automatically copies to ur removable drives:
MicrosoftPowerPoint.exe
autorun.inf
Double Clicking of the removable drives doesn’t work
Tools>Folder Options is disabled
YOu are unable to see your hidden files

BEHIND THE SCREEN

DeleteDir C:\DOCUME~1\PIYUSH~1\LOCALS~1\Temp\IXP000.TMP\
CreateFile C:\DOCUME~1\PIYUSH~1\LOCALS~1\Temp\IXP000.TMP\TMP4351$.TMP
CreateFile C:\DOCUME~1\PIYUSH~1\LOCALS~1\Temp\IXP000.TMP\MsUpdate~1
CreateFile C:\DOCUME~1\PIYUSH~1\LOCALS~1\Temp\IXP000.TMP\MsUpdate.exe
CreateFile C:\DOCUME~1\PIYUSH~1\LOCALS~1\Temp\IXP000.TMP\monitor
CreateRegValue \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0

runs the file
C:\Documents and Settings\Piyush Chandra\Local Settings\Temp\IXP000.TMP\MsUpdate.exe

CreateRegValue \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run\Explorer

Creates a value:
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run
Value: Explorer
New data(Unicode null-terminated string):Winlogons

Deletes the value:
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Value: wextract_cleanup0
Data(Unicode null-terminated string):
rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 “C:\DOCUME~1\PIYUSH~1\LOCALS~1\Temp\IXP000.TMP\”

THE VIRUS PROGRAM

The script is of type Trojan-Downloader.Win32.AutoIt.t

The virus has been written in AutoHotKey 1.0.46.17

xxxxxx Deleted by PiyushLabs for security reasons xxxxxx

SOLUTION

End Task
Open Run and paste the following codes one by one.

TASKKILL /f /t /fi “IMAGENAME eq svchost.exe” /fi “USERNAME ne NT AUTHORITY\*”
TASKKILL /f /t /fi “IMAGENAME eq MsUpdate.exe”
TASKKILL /f /t /fi “IMAGENAME eq Winlogons.exe”

Enable CMD
Open Run and paste the following codes.reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableCmd /t REG_DWORD /d 0 /f
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableCmd /t REG_DWORD /d 0 /f

Delete Open Run>CMD and paste the following codes one by one.

del “%userprofile%\LOCAL SETTINGS\TEMP\MSDATA\” /f /a
del “%userprofile%\Local Settings\Temp\IXP000.TMP\” /f /a
del “%temp%\~DF450D.tmp.exe” /f /a
del “%windir%\system32\Winlogons.exe” /f /a

Delete the virus from the pen drives if u use any. (**** replace K with ur the drive name.. )

del K:\autorun.inf /a /f
del K:\MicrosoftPowerPoint.exe /a /f

Registry
Open Run>CMD and paste the following codes one by one.

reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce /va

reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run

reg add “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon” /v Shell /t REG_SZ /d Explorer.exe

PRECAUTIONS

Never double click your pen-drives. It spreads through removable drives. Always use folder view for navigation. And enable the view to see system files n hidden files. And delete the files in the pendrives.

Thanks
Shyam
At August 21, 2008 at 3:29 PM , Anonymous said...: reset123
At September 3, 2008 at 4:27 PM , Shyam_TSG said...: Ahsan's virus

This virus re-names my computer ,my documents , recycle bin , re directs ie to a webpage that claims to be able to remove the virus
It writes three files to / the root dir of each and every drive inc flash disks (csrss.exe ,home video.avi and and a third file of some kind)
It disables any antivirus install .exe or anything else you try to run ( cmd , taskmanager , regedit , IE , any stand alone removal tools)
This virus does not allow any installs or .exe files to run it simply shuts down whatever you are trying to install or run
ie, controll pannell,regedit,cmd,(ANYTHING)even in safe mode with admin privilages
i cannot run anything to get a log or diagnose the problem
it kills any install instantly
i cannot stop any tasks in task manager (it closes too)the only thing i can think to do is maby a removal tool on removable media but the files it writes to each and every local drive cannot even be deleted from a linux machine or through booting to dos because of the attributes it assigns them
Detailed steps to remove Ahsan's virus :
1. start windows in safe mode with command prompt(user:admin, preferably a user other than having attacked)

2. use RRT Tool to enable run " if disabled". (You can download RRT tools from this sites: http://www.softpedia.com/progDownload/RRT-Remove-Ristrictions-Tool-Download-68926.html )

3. Enable regediting if disabled with following reg key.

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f

4. Open regedit, search and delete all entries with name "Ahsan" , site 110mb.com and Bush.

5. If your folder option is disabled enable it with following reg key "

HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Explorer
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version\Policies\Explorer

Check if a DWORD value named NoFolderOptions exists in the pane on the right hand side of the screen
Delete it
6. If you are still unable to view the hidden files, which is disabled by virus, enable it with following proc and key.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced. Find the value "Hidden" . Rightclick it and modify it to 1. If Key value hidden is not present create it

7. Check the following registery values and set the values given below in each registery key.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN]
"CheckedValue"=dword:02
"ValueName"="Hidden"
"DefaultValue"=dword: 02

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=dword: 01
"ValueName"="Hidden"
"DefaultValue"=dword:02
8. Now enable "show all hidden files / Hidden system files and folders", and search for following files and delete them all.

system.exe
csrss.exe
Home video.avi.exe
autorun

Note: these files will be in parent drives (D:, C:) and in windows folder.

9.Now you are done !

Shyam
09312366779
At November 19, 2008 at 3:25 PM , Ashok Patel said...: lssas.exe error & shutdown with in 60 seconds

This is the sasser worm, please see:

http://vil.nai.com/vil/content/v_125007.htm
http://www.trendmicro.com/vinfo/vi [...] M_SASSER.A

To stop the shutdown, click start/run, type "shutdown -a" (without the quotes) and click ok.

Details on the patch needed to prevent it:

http://www.microsoft.com/technet/s [...] 4-011.mspx

Thanks
Ashok
At June 23, 2009 at 7:12 PM , Anonymous said...: Dear Dhiru ji- i m devendra from IFFCO aonla bareilly up in xp win. there is an message popups that GENRIC VOLUME W32 WIN IS NOT RESPONDING what can i do in this situation
At June 24, 2009 at 9:55 AM , Shyam_TSG said...: Dear Devendra,
Can you say what type of problem you are facing.

Shyam
09312366779
At August 13, 2010 at 1:39 PM , Engineer said...: If you really wanna need a perfect anivirus solution then just go through ESET NOD32.

Its a awesome antivirus solution which have a very high presion virus ,malware &Spyware tool.

http://www.esetindia.com/download/free_trial_download.php

Just use its trial version.then if you like it then take username and password from the following blog site and use its freely just like a Paid customer.
http://techno-nutshell.blogspot.com/p/software-cracksserials.html
At January 31, 2011 at 11:43 AM , Anonymous said...: Dear Team

I am no able to go in task manager .. The error show like : Task manager has been disbale by your administrator.

Regards

Vijay

Sysnet

Thursday, October 25, 2007

ANTI-VIRUS SOLUTION

20 Comments:

Contributors

Previous Posts