To remove this virus please follow the below steps:
- Search for autorun.inf file in your computer. If it's in read only mode, then change it by right clicking on it and then in properties uncheck the "Read Only" option.
- Now open it in notepad and delete all data in it and save it.
- Don't forget to change the status to "Read only" mode , so that virus can't modify it again.
- Click on Start -> Run -> gpedit.msc.
- User configuration -> Administrative template -> system -> Turn off autoplay -> Enable ( For all drives) refer to this link for more detail.
- Start-> Run->msconfig
- Startup tab & services -> search regsvr.exe and un-check all and click OK.
- select exit without restart.
- Control panel -> Scheduled tasks -> delete the Atl task, if listed there.
- Start -> run -> regedit
- Edit ->find -> search for regsvr.exe. Delete all regsvr.exe occurrences.
- Don't delete Explorer.exe if regsvr.exe appears with it. Delete only regsvr.exe.
- Goto [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] and modify value in Shell = Explorer.exe regsvr.exe and delete regsvr.exe from here.
- Now search for all occurrences of regsvr.exe in your system and delete them.
- Search for "svchost .exe" ( remember space between svchost & .exe) and delete all occurrences.
- Also search for "*.exe" and remove all virus affected files, don't remove any legitimate file( any installer file).
- Restart the system and enjoy..
For more detail on handling autorun.inf file, if you have option set for "don't show hidden files" and you are not able to see autorun.inf file then use following link for removing autorun.inf file.
Some more links you may be interested in:
No comments:
Post a Comment