Skip to main content

Remove REGVER.EXE And newfolder.exe viruses permanently


When ever your start your system it takes too much time to start  and you are just waiting waiting  and waiting when this system will resume to normal


1st of all you need to stop unwanted startup programs for that just  open Run .
then type msconfig  and hit enter now select startup  and uncheck everything  except a few microsoft and intel  files 

Plug a pendrive into a public computer and you will be pesked by the continuously replicating “New Folder.exe” virus or the “regsvr.exe” virus. Hear  my story, while I transferred my notes last night (around 600 folders) and I was surprised to  see that around 450 MB of space was eaten by these self replicating space eaters ! I was runningLinux so these were not a concern for me, but when I plugged my pendrive into my virtual machine (windows xp sp3), it caused multiple problems of explorer corruption and disabling registrytools.

Step 1 - Some Startup Repairs
First of all, boot into safe mode.After you get to your desktop,press F3 or Ctrl + F and search for “autorun.inf” file in your computer and delete all the subsequent files. I case you are no able to delete them, select all the files and uncheck the”Read Only” option. If you are still not able to delete them , you might want to try out Unlocker tool to delete the files.
Now go to
start – > run –> type ”msconfig
and press enter
Go to startup tab and uncheck “regsvr”, click ok and then click on “Exit without restart”.
Now go to
control panel –> scheduled tasks and delete “At1” task listed there.
Once done, close all windows.

Step 2 - Changing Configurations
Your registry might be disabled,and you need to activate it back to undo all the malicious changes done by worm.In order to do that, you need to go to
start – > run –> type ”gpedit.msc
and press enter
then navigate to
users configuration –> Administrative templates –> systems
Find “prevent access to registry editing tools” , double click it and change the option todisable.

Once done, your Regedit will be enabled. In case your task manager is disabled, you need to enable it.

Step 3 - Registry Edits
Now we have to perform some registry edits to enable our explorer and to remove all instances of worm from the registry. Go to
start – > run –> type ”regedit
and press enter
Click on Edit –> Find and search for regsvr.exe . Find and delete all the occurrences ofregsvr.exe virus (don't delete  regsvr32.exe as its not a virus).
then navigate to entry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
and modify the entry
Shell = “Explorer.exe regsvr.exe”

to delete the regsvr.exe from it,so that it becomes
Shell = “Explorer.exe
Once done, close all windows and get ready to delete all virus files.

Comments

Post a Comment

Further If You Want Us To Write About a Topic Which You Are Finding Difficult You can leave a Comment Here

Popular posts from this blog

How To multiple instances of yahoo messanger

One of our visitor friend asked us to write a tutorial on how to run multiple instances  yahoo messanger . So here we are with the Artical on How To Run multiple instances of yahoo messanger  It is possible to run multiple Yahoo Messenger simultaneously right after installing the official version of Yahoo Messenger. You will need to apply a simple  windows registry patch  to enable this feature. Follow these simple steps : 1 . Open the notepad 2 . Copy the following code REGEDIT4 [HKEY_CURRENT_USER\Software\yahoo\pager\Test] "Plural"=dword:00000001 3 . Save the above code as multi.reg 4 . Either double click on this file or right click on it and select merge option. (aim is to merge this settings into windows registry) 5. And thats you are Done . If  You have any Problem in above procedure just post that problem in the comment section . we will be replying you soon . Further If You Want Us To Write About a Topic Which You Are Finding Difficult You can leave a Comment 
6 comments
Read more

Do You Know We Can Chat With Command Prompt On Same Network

Chat With Command Prompt  On Same Network Talk with other computers on your network with command prompt only no messenger needed. If you want a private chat with a friend or client on you Network, you don't need to download any fancy program! All you need is your friends IP address and Command Prompt. Firstly, open Notepad and enter: @echo off :A Cls echo MESSENGER set /p n=User: set /p m=Message: net send %n% %m% Pause Goto A Now save this as "chat.bat". Open the command prompt by going to Start -> Run ->cmd  ->Enter  now drag this chat.bat file to the cmd window and press enter . now u will see something like . MESSENGER User: After "User" type the IP address of the computer you want to contact. After this, you should see this: Message: Now type in the message you wish to send. Before you press "Enter" it should look like this: MESSENGER User: 56.108.104.107  ( your friends ip address here like example shown here  ) Mess
4 comments
Read more

How to hack Rapid share and Mega upload

Hack Rapid share and Mega upload Clock Countdown Hi all, This is for those who have to wait for about an hour after downloading certain amount of stuff from rapid share , megaUploads  etc Main problem is they are tracing your ip address so you can only download a file after some clock time  . To overcome this time constraint follow these steps: mega upload Links, Download, Rapid share Links, rapid share movies, rapid share free, hack rapid share, hack mega upload. RAPID SHARE mega upload Links, Download, Rapid share Links, rapid share movies, rapid share free, hack rapid share, hack mega upload. Method 1 1.open your rapid share link 2.then click on free. 3.As soon as timer start type this in address bar and click enter javascript:alert(c=0) 4.a pop up message will come click ok your counter is zero just download the stu mega upload Links, Download, Rapid share Links, rapid share movies, rapid share free, hack rapid share, hack mega upload. Method 2 1.Delete the coo
3 comments
Read more