Removing those sticky pendrive viruses
@capt_jsparrow (22)
India
May 12, 2008 4:37pm CST
FOR BRONTOK VIRUS
restart the computer in safe mode with command prompt(by pressing F8 key number of times when the computer is about to start). once started in safe mode select your own username and enter and follow these steps
1. type in the command prompt the following command :-
reg delete hkcu\software\microsoft\windows\currentversion\policies\system /v "DisableRegistryTools"
(this particular command is for brontok virus, once that registry value is deleted then type 'explorer' in cmd prompt)
2. open registry editor tool from RUN command by typing in 'regedit' then expand the following path
HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionRun on the right hand side delete all the values containing word TOK
(this is to disable the brontok virus from executing itself again when you restart your PC)
3. After restarting again open you registry editor and follow the path
expand HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexploreron the right hand side delete the entry 'NoFolderOption'.
Now goto :-HKLMsoftwaremicrosoftwindowscurrentversionexploreradvancedfolderhiddenshowallon the right hand side make sure that the checked value is 1, if not then make it 1.
then open task manager and in processes tab end the process 'explorer.exe' and then go to application tab (in task manager itself) and click on new application , type there 'explorer' and enter.
now when again the explorer starts your folder option is available in tools menu. so just enable the viewing of hidden files in view tab under folder option.Notice that just under 'Show all hidden files' there is a box saying 'Hide Protected Operating System Files", make sure it is unchecked(because all viruses act as system files). Now remember to open each drive by drop down address bar, search for any hidden 'autorun.inf' file(in root drives of all partitions i.e. not inside any folder) and delete it.make a search with wildcard entry *.exe in each drive and whatever .exe extensions you find with folder like icon go on deleting.lastly restart ur computer.
so all this was exclusively for virus brontok.......feeling sleepy so next time would deal with rest of the viruses like q.com, y82td3td.com, amvo.exe, svchost.exe etc
WORD OF CAUTION
always open any pen-drive from drop down menu of explorer's address bar.....this will not let the virus execute itself even if it is there resting inside rendrive or any memory card etc
No responses