Urgent reply plz donot have time to serch on google plz
reply
the questions is how to remove newfolder.exe virus from my
windows 2003 server
i have all ready tried quick heal.spy hunter mcafee server .
plz reply



Urgent reply plz donot have time to serch on google plz reply the questions is how to remove new..

Answer / murthyrajuch

I want to tell you a story, two days back i got affected by
this virus very badly as it eat up all my empty hard disk
space of around 700 MB .

I was surprised that my most reliable friend Avast, for the
first time failed me in this war against viruses but then
again avg and bitdiffender also failed against it. This
virus is know popularly as regsvr.exe virus, or as new
folder.exe virus and most people identify this one by
seeing autorun.inf file on their pen drives, But trend
micro identified it as WORM_DELF.FKZ. It is spreading
mostly using pen drives as the medium.



Well, so here is the story of how i was able to kill the
monster and reclaim my hard disk space.

Manual Process of removal


I prefer manual process simply because it gives me option
to learn new things in the process.


So let’s start the process off reclaiming the turf that
virus took over from us.

Cut The Supply Line
Search for autorun.inf file. It is a read only file so you
will have to change it to normal by right clicking the
file , selecting the properties and un-check the read only
option
Open the file in notepad and delete everything and save the
file.
Now change the file status back to read only mode so that
the virus could not get access again.

Click start->run and type msconfig and click ok
Go to startup tab look for regsvr and uncheck the option
click OK.
Click on Exit without Restart, cause there are still few
things we need to do before we can restart the PC.
Now go to control panel -> scheduled tasks, and delete the
At1 task listed their.
Open The Gates Of Castle
Click on start -> run and type gpedit.msc and click Ok.

If you are Windows XP Home Edition user you might not have
gpedit.msc in that case download and install it from
Windows XP Home Edition: gpedit.msc and then follow these
steps.

Go to users configuration->Administrative templates->system
Find “prevent access to registry editing tools” and change
the option to disable.

Once you do this you have registry access back.
Launch The Attack At Heart Of Castle
Click on start->run and type regedit and click ok
Go to edit->find and start the search for regsvr.exe,

Delete all the occurrence of regsvr.exe; remember to take a
backup before deleting. KEEP IN MIND regsvr32.exe is not to
be deleted. Delete regsvr.exe occurrences only.
At one ore two places you will find it after explorer.exe
in theses cases only delete the regsvr.exe part and not the
whole part. E.g. Shell = “Explorer.exe regsvr.exe” the just
delete the regsvr.exe and leave the explorer.exe
Seek And Destroy the enemy soldiers, no one should be left
behind
Click on start->search->for files and folders.
Their click all files and folders
Type “*.exe” as filename to search for
Click on ‘when was it modified ‘ option and select the
specify date option
Type from date as 1/31/2003 and also type To date as
1/31/2003

Now hit search and wait for all the exe’s to show up.
Once search is over select all the exe files and
shift+delete the files, caution must be taken so that you
don’t delete the legitimate exe file that you have
installed on 28st January.
Also selecting lot of files together might make your
computer unresponsive so delete them in small bunches.
Also find and delete regsvr.exe, svchost .exe( notice an
extra space between the svchost and .exe)
Time For Celebrations
Now do a cold reboot (ie press the reboot button instead)
and you are done.
I hope this information helps you win your own battle
against this virus. Soon all antivirus programs will be
able to automatically detect and clean this virus. Also i
hope Avast finds a way to solve this issues.

As a side note i have found a little back dog( winpatrol )
that used to work perfectly on my old system. It was not
their in my new PC, I have installed it again , as I want
to stay ahead by forever closing the supply line of these
virus. You can download it form Winpatrol website.

UPDATE : Avast Boot Time Scheduling



Check out How to stop regedit, task manager and msconfig
from closing automatically if your regedit or msconfig
closes automatically.

Is This Answer Correct ?    0 Yes 0 No

Post New Answer

More CCNA Interview Questions

What are the different types of network in ccna?

0 Answers  


Which peer authentication method and which ipsec mode is used to connect to the branch locations?

0 Answers  


8. When is Frame Tagging used? A. When you install repeaters in your network B. When you install bridges in your network C. When you install routers in your network D. When you use Switches configured with multiple VLANS

5 Answers  


Which ISDN protocol prefix specifies switching and signalling? A.) I B.) E C.) Q D.) S

1 Answers  


Which protocol is used for booting diskless workstations? A.) IP B.) ARP C.) RARP D.) TCP E.) SNMP

2 Answers  






Identify the 2 characteristics regarding MAC addresses? A.) Contains a network portion and host portion B.) Always assigned by System Administrator C.) 48 bits long D.) Contains a vendor code and serial number

2 Answers  


In IOS boot sequence if the flash is erased, and there is no access to TFTP server, and we can't load the partial IOS from ROM. Is there any possiblity that we can still boot the router/switch from external PC in which the IOS is installed?

6 Answers  


In distance-vector routing, there is a problem known as the 'count to infinity' problem. What is the most direct solution to this? A.) Defining a Maximum. B.) You can not solve the 'count to infinity' problem with a distance vector protocol. C.) Poison Reverse. D.) Triggered Updates. E.) Split Horizon.

2 Answers  


What is the total bandwidth of all channels on a BRI circuit? A. 56 kps B. 64 kps C. 112 kps D. 128 kps E. 144. kps

5 Answers   Infosys,


What cable called v.35?

0 Answers  


If i connect two routers through ethernet cable and serial cable then which has high speed and which is better among two?

10 Answers   Compaq, Inspace, Wipro,


Which protocols are link states?

0 Answers  


Categories