Skip to main content

Remove REGVER.EXE And newfolder.exe viruses permanently


When ever your start your system it takes too much time to start  and you are just waiting waiting  and waiting when this system will resume to normal


1st of all you need to stop unwanted startup programs for that just  open Run .
then type msconfig  and hit enter now select startup  and uncheck everything  except a few microsoft and intel  files 

Plug a pendrive into a public computer and you will be pesked by the continuously replicating “New Folder.exe” virus or the “regsvr.exe” virus. Hear  my story, while I transferred my notes last night (around 600 folders) and I was surprised to  see that around 450 MB of space was eaten by these self replicating space eaters ! I was runningLinux so these were not a concern for me, but when I plugged my pendrive into my virtual machine (windows xp sp3), it caused multiple problems of explorer corruption and disabling registrytools.

Step 1 - Some Startup Repairs
First of all, boot into safe mode.After you get to your desktop,press F3 or Ctrl + F and search for “autorun.inf” file in your computer and delete all the subsequent files. I case you are no able to delete them, select all the files and uncheck the”Read Only” option. If you are still not able to delete them , you might want to try out Unlocker tool to delete the files.
Now go to
start – > run –> type ”msconfig
and press enter
Go to startup tab and uncheck “regsvr”, click ok and then click on “Exit without restart”.
Now go to
control panel –> scheduled tasks and delete “At1” task listed there.
Once done, close all windows.

Step 2 - Changing Configurations
Your registry might be disabled,and you need to activate it back to undo all the malicious changes done by worm.In order to do that, you need to go to
start – > run –> type ”gpedit.msc
and press enter
then navigate to
users configuration –> Administrative templates –> systems
Find “prevent access to registry editing tools” , double click it and change the option todisable.

Once done, your Regedit will be enabled. In case your task manager is disabled, you need to enable it.

Step 3 - Registry Edits
Now we have to perform some registry edits to enable our explorer and to remove all instances of worm from the registry. Go to
start – > run –> type ”regedit
and press enter
Click on Edit –> Find and search for regsvr.exe . Find and delete all the occurrences ofregsvr.exe virus (don't delete  regsvr32.exe as its not a virus).
then navigate to entry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
and modify the entry
Shell = “Explorer.exe regsvr.exe”

to delete the regsvr.exe from it,so that it becomes
Shell = “Explorer.exe
Once done, close all windows and get ready to delete all virus files.

Comments

Post a Comment

Further If You Want Us To Write About a Topic Which You Are Finding Difficult You can leave a Comment Here

Popular posts from this blog

Do You Know We Can Chat With Command Prompt On Same Network

Chat With Command Prompt  On Same Network Talk with other computers on your network with command prompt only no messenger needed. If you want a private chat with a friend or client on you Network, you don't need to download any fancy program! All you need is your friends IP address and Command Prompt. Firstly, open Notepad and enter: @echo off :A Cls echo MESSENGER set /p n=User: set /p m=Message: net send %n% %m% Pause Goto A Now save this as "chat.bat". Open the command prompt by going to Start -> Run ->cmd  ->Enter  now drag this chat.bat file to the cmd window and press enter . now u will see something like . MESSENGER User: After "User" type the IP address of the computer you want to contact. After this, you should see this: Message: Now type in the message you wish to send. Before you press "Enter" it should look like this: MESSENGER User: 56.108.104.107  ( your friends ip address here like example shown here  ) Mess...
4 comments
Read more

How To multiple instances of yahoo messanger

One of our visitor friend asked us to write a tutorial on how to run multiple instances  yahoo messanger . So here we are with the Artical on How To Run multiple instances of yahoo messanger  It is possible to run multiple Yahoo Messenger simultaneously right after installing the official version of Yahoo Messenger. You will need to apply a simple  windows registry patch  to enable this feature. Follow these simple steps : 1 . Open the notepad 2 . Copy the following code REGEDIT4 [HKEY_CURRENT_USER\Software\yahoo\pager\Test] "Plural"=dword:00000001 3 . Save the above code as multi.reg 4 . Either double click on this file or right click on it and select merge option. (aim is to merge this settings into windows registry) 5. And thats you are Done . If  You have any Problem in above procedure just post that problem in the comment section . we will be replying you soon . Further If You Want Us To Write About a Topic Which You Are Finding Difficult You can le...
6 comments
Read more

How To Login To gtalk With Multiple Accounts

Its very simle and easy one  Follow me.... If you have several google talk accounts, you may want to run multiple instances of google talk at once. Here’s how to do it. Many users, including myself, like to have several different personalities on  IM–Work, play, etc. By default google talk with only allow you to run instance of the program at a time. Here’s how to get around that Run google talk with the following switch: /nomutex If you installed google talk to the default location, you can easily create a shortcut to this setting. 1. Right-click on the desktop 2. Select New   3. Select Shortcut   4.Paste this into the text boxif you have 32 bit windows      "c:\program files\google\google talk\googletalk.exe" /nomutex else it will show an error path not found . then you will have to find the path to the googletalk.exe in  C: drive  then paste the complete path and then To find the path just click on start button ...
5 comments
Read more