If you press ctrl+alt+del to open task manager but it opens up and disappears quickly or doesn't open up. Then your system has been infected with W32.Ceted.
Followings are the common symptoms for this virus:-
* Task Manager doesn’t open or it is blocked.
* Command Prompt (cmd.exe) doesn't open.
* A folder named "Ntdetec1" (c:\ntdetec1) is automatically created in "c:\".
* Regedit or registry editing has been disabled.
* Folder Options are not visible under Tools menu.
The followings are the processes of this virus:-
\ntdetec1\ntdetec1.exe
\ntdetec1\cmrss.exe
\ntdetec1\run.exe
\ntdetec1\shell32.exe
If a system is infected, it creates a folder called ntdetec1 in your System Drive which is NOT visible via Explorer or Command prompt.
Related files:
%SystemDrive%\ntdetec1\ntdetec1.exe
%SystemDrive%\ntdetec1\cmrss.exe
%SystemDrive%\ntdetec1\run.exe
%SystemDrive%\ntdetec1\shell32.exe
%SystemDrive%\ntdetec1\drivelist.txt
%SystemDrive%\ntdetec1\child\autorun.inf
%SystemDrive%\ntdetec1\child\ntdetec1.exe
Actually this worm copies itself to all shared and removable drives and spreads when the user double clicks on it to open it. It uses autorun.inf. So I recommend to disable autorun on all drives.
Related topic is in older posts in dis blog only...go for autorun.inf virus
I also recommend not to double click on any removable drive to open it.
To open any removable drive always launch Windows Explorer and click on the removable drive to open it.
Removal Process
Open Command Prompt. If it is not being opened, then the processes can also be killed with a task manager like utility "TaskPatrol".
You may download it here.
http://www.asmdev.net/products/taskpatrol/
Now in command prompt kill the precesses related with this virus.
taskkill /im cmrss.exe
taskkill /im ntdetec1.exe
taskkill /im shell32.exe
After killing the processes remove the read only, hidden and system attributes from the files of this virus. To do this make sure you are in the root directory of "c:" or your system drive. Now check the "C:\" for the files of this virus. For this
dir ntdetec1 /ad
If the directory is being listed then it exist, otherwise the "ntdetec1" may be located in other drive. Locate the drive and then issue this command.
attrib -h -r -s ntdetec1 /s /d
Now locate the Ntdetec1 folder with windows explorer or my computer and delete it and all the contents inside this folder permanently.
Now open the registry editor and delete the following entry:-
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\ Run\"winlogon" = "C:\ntdetec1\run.exe"
I hope this should solve the problem.
Subscribe to:
Post Comments (Atom)
1 comment:
hi dude...thnx 4 dis post...it helped me a lot..!!...keep posting
Post a Comment