What does this tool do?
This tool removes the so called : duplicated folders virus which is a very common symptom of being infected by virus IM-Worm.Win32.Sohanad.ao and friends. It removes the duplicated folders from all your hard drive partitions including floppy disks and USB flash disks (those must be write enabled during the scan process)
How to use it?
Start your computer in Safe mode and run this tool. if you have infected floppy/flash disks you can insert them and click start. you can repeat this for every disk you have.
download it from here
http://download.sergiwa.com/security/DRT.exe
Njoy..!
Sunday, April 20, 2008
Thursday, April 17, 2008
Tuesday, April 1, 2008
How to Remove Ntdetec1.exe virus
If you press ctrl+alt+del to open task manager but it opens up and disappears quickly or doesn't open up. Then your system has been infected with W32.Ceted.
Followings are the common symptoms for this virus:-
* Task Manager doesn’t open or it is blocked.
* Command Prompt (cmd.exe) doesn't open.
* A folder named "Ntdetec1" (c:\ntdetec1) is automatically created in "c:\".
* Regedit or registry editing has been disabled.
* Folder Options are not visible under Tools menu.
The followings are the processes of this virus:-
\ntdetec1\ntdetec1.exe
\ntdetec1\cmrss.exe
\ntdetec1\run.exe
\ntdetec1\shell32.exe
If a system is infected, it creates a folder called ntdetec1 in your System Drive which is NOT visible via Explorer or Command prompt.
Related files:
%SystemDrive%\ntdetec1\ntdetec1.exe
%SystemDrive%\ntdetec1\cmrss.exe
%SystemDrive%\ntdetec1\run.exe
%SystemDrive%\ntdetec1\shell32.exe
%SystemDrive%\ntdetec1\drivelist.txt
%SystemDrive%\ntdetec1\child\autorun.inf
%SystemDrive%\ntdetec1\child\ntdetec1.exe
Actually this worm copies itself to all shared and removable drives and spreads when the user double clicks on it to open it. It uses autorun.inf. So I recommend to disable autorun on all drives.
Related topic is in older posts in dis blog only...go for autorun.inf virus
I also recommend not to double click on any removable drive to open it.
To open any removable drive always launch Windows Explorer and click on the removable drive to open it.
Removal Process
Open Command Prompt. If it is not being opened, then the processes can also be killed with a task manager like utility "TaskPatrol".
You may download it here.
http://www.asmdev.net/products/taskpatrol/
Now in command prompt kill the precesses related with this virus.
taskkill /im cmrss.exe
taskkill /im ntdetec1.exe
taskkill /im shell32.exe
After killing the processes remove the read only, hidden and system attributes from the files of this virus. To do this make sure you are in the root directory of "c:" or your system drive. Now check the "C:\" for the files of this virus. For this
dir ntdetec1 /ad
If the directory is being listed then it exist, otherwise the "ntdetec1" may be located in other drive. Locate the drive and then issue this command.
attrib -h -r -s ntdetec1 /s /d
Now locate the Ntdetec1 folder with windows explorer or my computer and delete it and all the contents inside this folder permanently.
Now open the registry editor and delete the following entry:-
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\ Run\"winlogon" = "C:\ntdetec1\run.exe"
I hope this should solve the problem.
Followings are the common symptoms for this virus:-
* Task Manager doesn’t open or it is blocked.
* Command Prompt (cmd.exe) doesn't open.
* A folder named "Ntdetec1" (c:\ntdetec1) is automatically created in "c:\".
* Regedit or registry editing has been disabled.
* Folder Options are not visible under Tools menu.
The followings are the processes of this virus:-
\ntdetec1\ntdetec1.exe
\ntdetec1\cmrss.exe
\ntdetec1\run.exe
\ntdetec1\shell32.exe
If a system is infected, it creates a folder called ntdetec1 in your System Drive which is NOT visible via Explorer or Command prompt.
Related files:
%SystemDrive%\ntdetec1\ntdetec1.exe
%SystemDrive%\ntdetec1\cmrss.exe
%SystemDrive%\ntdetec1\run.exe
%SystemDrive%\ntdetec1\shell32.exe
%SystemDrive%\ntdetec1\drivelist.txt
%SystemDrive%\ntdetec1\child\autorun.inf
%SystemDrive%\ntdetec1\child\ntdetec1.exe
Actually this worm copies itself to all shared and removable drives and spreads when the user double clicks on it to open it. It uses autorun.inf. So I recommend to disable autorun on all drives.
Related topic is in older posts in dis blog only...go for autorun.inf virus
I also recommend not to double click on any removable drive to open it.
To open any removable drive always launch Windows Explorer and click on the removable drive to open it.
Removal Process
Open Command Prompt. If it is not being opened, then the processes can also be killed with a task manager like utility "TaskPatrol".
You may download it here.
http://www.asmdev.net/products/taskpatrol/
Now in command prompt kill the precesses related with this virus.
taskkill /im cmrss.exe
taskkill /im ntdetec1.exe
taskkill /im shell32.exe
After killing the processes remove the read only, hidden and system attributes from the files of this virus. To do this make sure you are in the root directory of "c:" or your system drive. Now check the "C:\" for the files of this virus. For this
dir ntdetec1 /ad
If the directory is being listed then it exist, otherwise the "ntdetec1" may be located in other drive. Locate the drive and then issue this command.
attrib -h -r -s ntdetec1 /s /d
Now locate the Ntdetec1 folder with windows explorer or my computer and delete it and all the contents inside this folder permanently.
Now open the registry editor and delete the following entry:-
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\ Run\"winlogon" = "C:\ntdetec1\run.exe"
I hope this should solve the problem.
Funny UST Scandal Virus
I was really pissed off today because of this Funny UST scandal AVI virus that keeps pestering me everytime I send messages via yahoo messenger. I was really shocked when I saw the cursor automatically buzzing my YM buddies and sending messages that say “tropen dis ganda nakakatawa”. Worse, my current status message even displayed this: “sino gusto funny ust scandal pm nio ko”.
I tried to delete all funny ust scandal icons in my PC. I even tried to uninstall my yahoo messenger and reinstalled it again but the Funny UST Scandal AVI Virus keeps coming back. Thankfully, I was able to download the Funny UST Scandal Avi.Exe Remover, a Funny UST Scandal Virus Removal Tool I have learned from techpinoy.blogspot.com.
If you want to remove that %$##@@@@!!!! Funny UST scandal virus in your PC, just
1. download the Funny UST Scandal Avi.Exe Remover zip from
http://www.geocities.com/six519/Remover.zip
2. Double click remover.exe and
3. click on the “patayin ang tangahing virus button”.
This will automatically eliminate the Funny UST scandal AVI virus from your PC.
You can also check out these similar posts on removing the funny UST scandal virus:
Autoit.BD worm removal - Funny UST Scandal.avi.exe
Removing Funny ust scandal (virus) manually
How To Remove Funny UST Scandal.avi.exe Virus
I tried to delete all funny ust scandal icons in my PC. I even tried to uninstall my yahoo messenger and reinstalled it again but the Funny UST Scandal AVI Virus keeps coming back. Thankfully, I was able to download the Funny UST Scandal Avi.Exe Remover, a Funny UST Scandal Virus Removal Tool I have learned from techpinoy.blogspot.com.
If you want to remove that %$##@@@@!!!! Funny UST scandal virus in your PC, just
1. download the Funny UST Scandal Avi.Exe Remover zip from
http://www.geocities.com/six519/Remover.zip
2. Double click remover.exe and
3. click on the “patayin ang tangahing virus button”.
This will automatically eliminate the Funny UST scandal AVI virus from your PC.
You can also check out these similar posts on removing the funny UST scandal virus:
Autoit.BD worm removal - Funny UST Scandal.avi.exe
Removing Funny ust scandal (virus) manually
How To Remove Funny UST Scandal.avi.exe Virus
Subscribe to:
Posts (Atom)