Home | Article | Portfolio | Service | Contact
 
Gallery   Article   Download   Help
             
 
Virus Removal Techniques

Special Case: Remove Folder Virus

Initial Symptoms:
  • Computer slow downs.
  • Each folder contains an exe file with the same name as of parent folder and with the folder icon
  • FolderOptions of Windows Explorer is disabled TaskManager, Regedit are disabled
CURE:
  • Disable the system restore on all the drives
  • Use the tool process explorer to kill the processes that shows with the folder icons
  • Then use the tool autoruns in the tabs logon, scheduled tasks to see the locations of the virus with the folder icons
  • Remove the files (use free commander to delete them easily) %System%\system32\SCVVHSOT.exe %System%\system32\scvhosts.exe %System%\system32\blastclnnn.exe %System%\system32\At1.job
  • Update the antivirus program
  • Run the full scan
Alternatively

  • You can run these scripts from the command line
  • Make sure your system is Windows XP, otherwise these scripts will force you not to login the system once you run them and logout (esp. in Windows 2000 and 98)
cd\
del/s SCVVHSOT.exe /a/f
del/s scvhosts.exe /a/f
del/s blastclnnn.exe/a/f
del/s At1.job /a/f
del/s autorun.inf /a/f
reg delete
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Yahoo Messengger" /f
reg delete
"hkcu\Software\Microsoft\Windows\ShellNoRoam\MUICache" /v C:\WINDOWS\system32\SCVVHSOT.exe /f
reg delete
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion \Winlogon" /v shell /f
reg delete
"HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam \MUICache" /t REG_SZ /s C:\WINDOWS\system32\SCVVHSOT.exe /f
reg add
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion \Policies\System" /t REG_DWORD /v DisableRegistryTools /d 0 /F
reg add
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion \Policies\System" /t REG_DWORD /v DisableTaskMgr /d 0 /F
reg add
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion \Policies\System" /t REG_DWORD /v NofolderOptions /d 0 /F
reg add
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion \Policies\Explorer" /t REG_DWORD /v NofolderOptions /d 0 /F
  • Run notepad and copy-paste above scripts and save as folder-virus-remover.bat
  • Run the batch file by double clicking. If it doesn't every instance of the folder virus on the memory should be deleted first. Delete those instance from memory from task manager or process explorer (recommended).
Home   |    Gallery    |    Portfolio   |   Article    |    Service   |     Download    |    Help    |    Contact
Copyright © 2008, www.yoges.com.np. All rights reserved.  Powered by dipesm
Free Web Hosting