............ Have a nice day............
USER MENU ID IS UNDEFINED IN FINACLE MIS SERVER   Date of Implementation of "VERY GOOD" Bench Mark for MACPs effect from 25.07.2016   Expected DA from Jan 2017 – 3% or 2% ?    One minute talk time for each Rupee in Airtel Payments Bank   AICPIN for October 2016 : Chances for 5% DA from January 2017   Central Government employees retiring from January 2017 to submit online application   Pre-Budget Views of Govt. Employees for inclusion in the Budget for the Year 2017-18: Confederation i.e. Scrap NPS, Minimum Wage Rs. 26,000 & Fitment Formula etc   On Salary Week, Banks Unlikely to Meet Demand for Extra 1 Lakh Cr   82 per cent ATMs dry because government used that money to pay its own employees   National Anthem Before Movie, Rules Supreme Court. Citizens 'Duty-Bound' To Show Respect    undefined

Friday, 5 April 2013

Deleting resgr.exe n new folder. exe Virus


Plug a pendrive into a public computer and you will be pecked by the continuously replicating “New Folder.exe” virus or the “regsvr.exe” virus. 
Here is how you can remove “regsvr.exe” and “new folder.exe” from your computer.

Step 1:- Some Startup Repairs
First of all, boot into safe mode.After you get to your desktop,press F3 or Ctrl + F and search for “autorun.inf” file in your computer and delete all the subsequent files. I case you are no able to delete them, select all the files and uncheck the”Read Only” option. If you are still not able to delete them , you might want to try out Unlocker tool to delete the files.

Now go to:-
start – > run –> type ”msconfig”
and press enter
Go to startup tab and uncheck “regsvr”, click ok and then click on “Exit without restart”.
Now go to
control panel –> scheduled tasks and delete “At1” task listed there.
Once done, close all windows.



Step 2:- Changing Configurations

Your registry might be disabled,and you need to activate it back to undo all the malicious changes done by worm.In order to do that, you need to go to
start – > run –> type ”gpedit.msc”
and press enter
then navigate to
users configuration –> Administrative templates –> systems
Find “prevent access to registry editing tools” , double click it and change the option to disable.


Once done, your Regedit will be enabled. In case your task manager is disabled, you need to enable it.

Step 3:- Registry Edits

Now we have to perform some registry edits to enable our explorer and to remove all instances of worm from the registry. Go to
start – > run –> type ”regedit”
and press enter
Click on Edit –> Find and search for regsvr.exe . Find and delete all the occurrences of regsvr.exe virus (don't delete regsvr32.exe as its not a virus).
then navigate to entry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
and modify the entry
Shell = “Explorer.exe regsvr.exe”





to delete the regsvr.exe from it, so that it becomes
Shell = “Explorer.exe”
Once done, close all windows and get ready to delete all virus files.


Step 4:- Deleting Virus Files

The final step is to delete all the virus files in your computer. To do this, Press F3 or Ctrl + F and search for regsvr.exe (make sure to search in hidden folders ) and delete all “regsvr.exe” “svchost .exe” files (notice the gap between ‘svchost’ and ‘.exe’, keep in mind you don't delete the legitimate file.).
Clean your recycle bin and restart your PC (perform a cold boot).
Volia..you have cleaned your computer from regsvr..just make sure to scan your pendrive the next time you plug in :)

No comments:

Post a Comment