Urgent reply plz donot have time to serch on google plz
reply
the questions is how to remove newfolder.exe virus from my
windows 2003 server
i have all ready tried quick heal.spy hunter mcafee server .
plz reply
- 1 Answers
- 3775 Views
- I also Faced
- E-Mail Answers
Answer / murthyrajuch
I want to tell you a story, two days back i got affected by
this virus very badly as it eat up all my empty hard disk
space of around 700 MB .
I was surprised that my most reliable friend Avast, for the
first time failed me in this war against viruses but then
again avg and bitdiffender also failed against it. This
virus is know popularly as regsvr.exe virus, or as new
folder.exe virus and most people identify this one by
seeing autorun.inf file on their pen drives, But trend
micro identified it as WORM_DELF.FKZ. It is spreading
mostly using pen drives as the medium.
Well, so here is the story of how i was able to kill the
monster and reclaim my hard disk space.
Manual Process of removal
I prefer manual process simply because it gives me option
to learn new things in the process.
So let’s start the process off reclaiming the turf that
virus took over from us.
Cut The Supply Line
Search for autorun.inf file. It is a read only file so you
will have to change it to normal by right clicking the
file , selecting the properties and un-check the read only
option
Open the file in notepad and delete everything and save the
file.
Now change the file status back to read only mode so that
the virus could not get access again.
Click start->run and type msconfig and click ok
Go to startup tab look for regsvr and uncheck the option
click OK.
Click on Exit without Restart, cause there are still few
things we need to do before we can restart the PC.
Now go to control panel -> scheduled tasks, and delete the
At1 task listed their.
Open The Gates Of Castle
Click on start -> run and type gpedit.msc and click Ok.
If you are Windows XP Home Edition user you might not have
gpedit.msc in that case download and install it from
Windows XP Home Edition: gpedit.msc and then follow these
steps.
Go to users configuration->Administrative templates->system
Find “prevent access to registry editing tools” and change
the option to disable.
Once you do this you have registry access back.
Launch The Attack At Heart Of Castle
Click on start->run and type regedit and click ok
Go to edit->find and start the search for regsvr.exe,
Delete all the occurrence of regsvr.exe; remember to take a
backup before deleting. KEEP IN MIND regsvr32.exe is not to
be deleted. Delete regsvr.exe occurrences only.
At one ore two places you will find it after explorer.exe
in theses cases only delete the regsvr.exe part and not the
whole part. E.g. Shell = “Explorer.exe regsvr.exe” the just
delete the regsvr.exe and leave the explorer.exe
Seek And Destroy the enemy soldiers, no one should be left
behind
Click on start->search->for files and folders.
Their click all files and folders
Type “*.exe” as filename to search for
Click on ‘when was it modified ‘ option and select the
specify date option
Type from date as 1/31/2003 and also type To date as
1/31/2003
Now hit search and wait for all the exe’s to show up.
Once search is over select all the exe files and
shift+delete the files, caution must be taken so that you
don’t delete the legitimate exe file that you have
installed on 28st January.
Also selecting lot of files together might make your
computer unresponsive so delete them in small bunches.
Also find and delete regsvr.exe, svchost .exe( notice an
extra space between the svchost and .exe)
Time For Celebrations
Now do a cold reboot (ie press the reboot button instead)
and you are done.
I hope this information helps you win your own battle
against this virus. Soon all antivirus programs will be
able to automatically detect and clean this virus. Also i
hope Avast finds a way to solve this issues.
As a side note i have found a little back dog( winpatrol )
that used to work perfectly on my old system. It was not
their in my new PC, I have installed it again , as I want
to stay ahead by forever closing the supply line of these
virus. You can download it form Winpatrol website.
UPDATE : Avast Boot Time Scheduling
Check out How to stop regedit, task manager and msconfig
from closing automatically if your regedit or msconfig
closes automatically.
| Is This Answer Correct ? | 0 Yes | 0 No |
What are the disadvantages of symmetric algorithms?
Which of the following are Presentation Layer standards? A.) JPEG and PICT B.) MPEG and MIDI C.) ASCII and EBCDIC D.) NFS and SQL
What cable called v.35?
what is the difference between a ‘half-duplex’ and a ‘full-duplex’ system?
What is the maximum request timer?
Which statement about Ethernet switches is true? A. Symmetric switching allows connection between pods of unlike bandwidth and does not require memory buffering B. Memory Buffering is used to prevent a bottleneck when pods of different bandwidth are connected on a symmetric switch C. The latency can be reduced if the switch utilizes the store and forward method of switching store and forward is better for error detection D. The cut through method of switching is faster because the switch forwards the packet to the destination as soon as it reads the destination address
How much hold down time of eigrep protocol?
UDP works at which layer of the DOD model? A.) Internet B.) Host-to-Host C.) Transport D.) Data Link
Explain the difference between tracert and traceroute?
Which protocol is used for booting diskless workstations? A.) IP B.) ARP C.) RARP D.) TCP E.) SNMP
Identify the default serial encapsulation? A.) ISDN B.) HDLC C.) SDLC D.) Frame Relay E.) PPP
What is the difference between private ip and public ip?
CCNA 
