Urgent reply plz donot have time to serch on google plz
reply
the questions is how to remove newfolder.exe virus from my
windows 2003 server
i have all ready tried quick heal.spy hunter mcafee server .
plz reply
- 1 Answers
- 3497 Views
- I also Faced
- E-Mail Answers
Answer / murthyrajuch
I want to tell you a story, two days back i got affected by
this virus very badly as it eat up all my empty hard disk
space of around 700 MB .
I was surprised that my most reliable friend Avast, for the
first time failed me in this war against viruses but then
again avg and bitdiffender also failed against it. This
virus is know popularly as regsvr.exe virus, or as new
folder.exe virus and most people identify this one by
seeing autorun.inf file on their pen drives, But trend
micro identified it as WORM_DELF.FKZ. It is spreading
mostly using pen drives as the medium.
Well, so here is the story of how i was able to kill the
monster and reclaim my hard disk space.
Manual Process of removal
I prefer manual process simply because it gives me option
to learn new things in the process.
So let’s start the process off reclaiming the turf that
virus took over from us.
Cut The Supply Line
Search for autorun.inf file. It is a read only file so you
will have to change it to normal by right clicking the
file , selecting the properties and un-check the read only
option
Open the file in notepad and delete everything and save the
file.
Now change the file status back to read only mode so that
the virus could not get access again.
Click start->run and type msconfig and click ok
Go to startup tab look for regsvr and uncheck the option
click OK.
Click on Exit without Restart, cause there are still few
things we need to do before we can restart the PC.
Now go to control panel -> scheduled tasks, and delete the
At1 task listed their.
Open The Gates Of Castle
Click on start -> run and type gpedit.msc and click Ok.
If you are Windows XP Home Edition user you might not have
gpedit.msc in that case download and install it from
Windows XP Home Edition: gpedit.msc and then follow these
steps.
Go to users configuration->Administrative templates->system
Find “prevent access to registry editing tools” and change
the option to disable.
Once you do this you have registry access back.
Launch The Attack At Heart Of Castle
Click on start->run and type regedit and click ok
Go to edit->find and start the search for regsvr.exe,
Delete all the occurrence of regsvr.exe; remember to take a
backup before deleting. KEEP IN MIND regsvr32.exe is not to
be deleted. Delete regsvr.exe occurrences only.
At one ore two places you will find it after explorer.exe
in theses cases only delete the regsvr.exe part and not the
whole part. E.g. Shell = “Explorer.exe regsvr.exe” the just
delete the regsvr.exe and leave the explorer.exe
Seek And Destroy the enemy soldiers, no one should be left
behind
Click on start->search->for files and folders.
Their click all files and folders
Type “*.exe” as filename to search for
Click on ‘when was it modified ‘ option and select the
specify date option
Type from date as 1/31/2003 and also type To date as
1/31/2003
Now hit search and wait for all the exe’s to show up.
Once search is over select all the exe files and
shift+delete the files, caution must be taken so that you
don’t delete the legitimate exe file that you have
installed on 28st January.
Also selecting lot of files together might make your
computer unresponsive so delete them in small bunches.
Also find and delete regsvr.exe, svchost .exe( notice an
extra space between the svchost and .exe)
Time For Celebrations
Now do a cold reboot (ie press the reboot button instead)
and you are done.
I hope this information helps you win your own battle
against this virus. Soon all antivirus programs will be
able to automatically detect and clean this virus. Also i
hope Avast finds a way to solve this issues.
As a side note i have found a little back dog( winpatrol )
that used to work perfectly on my old system. It was not
their in my new PC, I have installed it again , as I want
to stay ahead by forever closing the supply line of these
virus. You can download it form Winpatrol website.
UPDATE : Avast Boot Time Scheduling
Check out How to stop regedit, task manager and msconfig
from closing automatically if your regedit or msconfig
closes automatically.
| Is This Answer Correct ? | 0 Yes | 0 No |
Explain the difference between half-duplex and full-duplex?
Identify the prompt displayed if in privileged exec mode? A.) Router(config)# B.) Router# C.) Router> D.) Router(priv)#
Dear Mr.Shahin thank you very much for your advise i realy thanks full to you. Best of luck
Which mode we can't skip when we come back from interface mode?
What does routing mean?
Mention what is the matric of eigrp protocol?
You are a network administrator and have been assigned the IP address of 201.222.5.0. You need to have 20 subnets with 5 hosts per subnet. What subnet mask will you use? A. 255.255.255.248 B. 255.255.255.128 C. 255.255.255.192 D. 255.255.255.240
Define the different kinds of casting
What is CSU/DSU & explain the function????
The "ipx delay number" command will allow an administrator to change the default settings. What are the default settings? A. For LAN interfaces, one tick; for WAN interfaces, six ticks B. For LAN interfaces, six ticks; for WAN interfaces, one tick C. For LAN interfaces, zero ticks; for WAN interfaces, five ticks D. For LAN interfaces, five ticks; for WAN interfaces, zero Ticks
The benefits to segmenting with Bridges are which of the following? A.) Scalability B.) Datagram filtering C.) Manageability D.) Reliability
Which three statements about Frame Relay configurations using subinterfaces is true? (Choose three) A. Each subinterface is conferred either multipoint or point to point B. Any network address must be removed from the physical interface C. The configuration of subinterfaces is done in router (config-if)# mode D. Frame Relay encapsulation must be conferred on each subinterface
CCNA 
