Showing posts with label Registry Edit. Show all posts
Showing posts with label Registry Edit. Show all posts

Sunday, August 7, 2011

Removing Autorun Newfoder.exe virus from your system



To remove this virus please follow the below steps:
  1. Search for autorun.inf file in your computer. If it's in read only mode, then change it by right clicking on it and then in properties uncheck the "Read Only" option.
  2. Now open it in notepad and delete all data in it and save it.
  3. Don't forget to change the status to "Read only" mode , so that virus can't modify it again.
  4. Click on Start -> Run -> gpedit.msc.
  5. User configuration -> Administrative template -> system -> Turn off autoplay -> Enable ( For all drives) refer to this link for more detail.
  6. Start-> Run->msconfig
  7. Startup tab & services -> search regsvr.exe and un-check all and click OK.
  8. select exit without restart.
  9. Control panel -> Scheduled tasks -> delete the Atl task, if listed there.
  10. Start -> run -> regedit
  11. Edit ->find -> search for regsvr.exe. Delete all regsvr.exe occurrences.
  12. Don't delete Explorer.exe if regsvr.exe appears with it. Delete only regsvr.exe.
  13. Goto [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] and modify value in Shell = Explorer.exe regsvr.exe and delete regsvr.exe from here.
  15. Now search for all occurrences of regsvr.exe in your system and delete them.
  16. Search for "svchost .exe" ( remember space between svchost & .exe) and delete all occurrences.
  17. Also search for "*.exe" and remove all virus affected files, don't remove any legitimate file( any installer file).
  18. Restart the system and enjoy..

For more detail on handling autorun.inf file, if you have option set for "don't show hidden files" and you are not able to see autorun.inf file then use following link for removing autorun.inf file.

Some more links you may be interested in:

Labels: , , , , , , , 0 comments

Disabling Autorun/Autoplay using Registry editor


To get rid off virus affecting your system because of autoplay of drives please use below steps:
1. Type regedit on run prompt.
2. Navigate to below location:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
3. you will find a key value as "NoDriveTypeAutoRun" , which is one byte value.
4. Please set the value of key as "95" Hex value to disable autorun on removable media and Network drives.
Regedit
5. Be very careful while modifying reg values. Below table will explain you to understand the meaning of bits to set for disabling any type of media.

Value              Meaning
0x1/0x80   Disables AutoRun on drives of unknown type
0x4            Disables AutoRun on removable drives
0x8            Disables AutoRun on fixed drives
0x10          Disables AutoRun on network drives
0x20          Disables AutoRun on CD-ROM drives
0x40          Disables AutoRun on RAM disks
0xFF         Disables AutoRun on all kinds of drives

 If any of the bit is set into this hex valye, that type of drive will be disabled for autorun.
Bit    Type of Drive
0/7    UNKNOWN
1       NO ROOT DIR
2       REMOVABLE
3       FIXED
4       REMOTE
5       CDROM
6       RAMDISK

For setting values you must always add 0x80 to the value of drive you want to set for.
A few examples for setting values:
for removable drives: 0x80 + 0x04 = 0x84 ( Hexadecimal addition)
for removable & fixed drives : 0x80 + 0x04 + 0x08 = 0x8C
for removable + fixed drives +CD ROM = 0x80 + 0x04 + 0x08 +0x20 = 0xAC(1010 1100)
For changing Autorun option using Group policy please refer to following links:

 Disabling autoplay option in Windows XP using Group Policy
turning-off-autoplay-on-all-drives

Labels: , , , , , , , , 0 comments

Tuesday, May 11, 2010

Enabling Task Managaer disabled by Virus

Method 1:
> Open Run window and type gpedit.msc and click ENTER.
> Now Goto location: User Configurations/Administrative Templates/System/Ctrl+Alt+Del Options

> Double click on Remove Task Manager on right side Pane. And select the value as "Not Configured" as follow.

Method 2:
> start "RUN" Window and type regedit and Enter
> GoTo this registry index: HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies\ System
> In the right pane, find and delete the value named as DisableTaskMgr 
> Close  Registry Editor
Labels: , , , , , , 0 comments

Monday, February 22, 2010

Using command prompt on windows mobile 6/6.5

Install windows mobile powertoys to your system then open "C:\Program Files\Windows Mobile Developer Power Toys\PPC_Command_Shell\arm"

Now copy the console.dll to the \windows folder of the device.  Copy cmd.exe and shell.exe to any other location on the device.
Also after doing all this, change the registry in device for "HKEY_LOCAL_MACHINE\Drivers\Console\OutputTo" to 0.

Now open file explorer and run cmd.exe, to close command prompt type "exit" command instead of pressing "X".
Labels: , , 0 comments

Tuesday, January 19, 2010

If new command missing in Context menu

When you click the File menu in Windows Explorer or When you right-click the desktop, the New command may be missing from the context menu, or it may not be showing proper items then do following. But be careful that you don't end up changing key value incorrectly.

To resolve this issue, use Registry Editor to verify that the registry key listed below has the value listed, and if needed, edit the value to match the value listed.

Registry key:
HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers\New\ (Default)
Value for (Default):
{D969A300-E7FF-11d0-A93B-00A0C90F2719} 
If registry entry doesn't appear then add the registry entry and (Default) value.
Labels: , , , , 0 comments

How to get "open command prompt" in context menu or right click

There are two ways to get open command prompt or open shell for any particular folder. When you click on a particular folder then you may want to get "open command prompt"  option in context menu for getting command prompt at that location to avoid doing C:\>cd <folder>.

First Method: (XP/VISTA/Windows 7)
  1. Click Start, and then click Run.
  2. In the Open box, type regedit, and then click OK
  3. Goto the key under "\HKEY_CLASSES_ROOT\Folder" and right click on "shell" say "new->key" and name it as "Command_prompt" and give name for default key value as "Open Command Prompt ".


   4. Right click on Command_prompt and say "new->key" with name "command".
   5. Double click on name "default" for command sub key and give value as     C:\WINDOWS\system32\cmd.exe "%1"



Now you can see Open Command Prompt when you right click on any folder.


Another method for windows XP is
1. open My Computer -> Tools -> Folder Options
2. Goto "File Types" Tab
3. Select "Folder" Type
4. Click "Advanced"
5. New -> Action : "Open Command Prompt", application used  to perform Action: Browse : C:\WINDOWS\system32\cmd.exe




Press OK and you are done.
Labels: , , , , , 0 comments
Subscribe to: Posts (Atom)