Detailed steps to remove Ahsan's virus :
1. start windows in safe mode with command prompt(user:admin,
preferably a user other than having attacked)
2. use RRT Tool to enable run " if disabled".
3. Enable regediting if disabled with following reg key.
REG add
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v
DisableRegistryTools /t REG_DWORD /d 0 /f
4. Open regedit, search and delete all entries with name "Ahsan" ,
site 110mb.com and Bush.
5. If your folder option is disabled enable it with following reg
key "
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current
Version\Policies\Explorer
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current
Version\Policies\Explorer
Check if a DWORD value named NoFolderOptions exists in the pane on
the right hand side of the screen
Delete it
6. If you are still unable to view the hidden files, which is
disabled by virus, enable it with following proc and key.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\A
dvanced. Find the value "Hidden" . Rightclick it and modify it to 1.
If Key value hidden is not present create it
7. Check the following registery values and set the values given
below in each registery key.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
\Advanced\Folder\Hidden\NOHIDDEN]
"CheckedValue"=dword:02
"ValueName"="Hidden"
"DefaultValue"=dword: 02
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=dword: 01
"ValueName"="Hidden"
"DefaultValue"=dword:02
8. Now enable "show all hidden files / Hidden system files and
folders", and search for following files and delete them all.
system.exe
csrss.exe
Home video.avi.exe
autorun
Note: these files will be in parent drives (D:, C:) and in windows
folder.
9.Now you are done !
How to remove Ahsan's virus (Removal Instruction)
Filed under:
Malware Removel Tool and Tips
by:
Network World
Subscribe to:
Post Comments (Atom)
0 comments: