Wednesday, September 1, 2010

Another manual way of removing the new folder.exe virus

1) From this moment and until the problem is solved do not open any folders or drives (even My Computer folder) with double-click. Open them with right mous click and "Open" context menu item instead. This will prevent Newfolder.exe virus from duplicating itself faster than you remove it.

2) Fill the following processes and delete the appropriate files connected with Newfolder.exe virus (mostly situated in system directories):

* libedit.dll
* newfolder.exe
* shelliddono.dll
* srv0104.ids
* srvidd20.exe

If these files can't be deleted during normal Windows work or recreate themselves, reboot into Safe Mode and repeat deletion. If you do not see all of these files, then they are hiding themselves via core Newfolder.exe virus process. You need special software to kill those hidden files.

You may also need to remove all Newfolder.exe autostart registry entires which the files listed above used to run themselves at Windows startup.

3) Delete the following malicious registry entries and\or values:

%u2022 Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Run for nwiz.exe

Value: @

%u2022 Key: software\microsoft\windows\currentversion\run\alchem

Value: @

%u2022 Key: software\microsoft\windows\currentversion\run\zzb

Value: @

4) Locate and remove the entire registry section called "MountPoints2" using Regedit utility. This is one of the two main methods how Newfolder.exe virus replicates itself.

5) Starting from the root of your drives and moving recursively one level deeper in each iteration (resulting in moving down to 3-4 levels overall, this will be enough as a rule) delete all files called "autorun" with various extensions including "vbs", "bat", "log", "exe", "sys", "dat" and so on. This is a second main source of Newfolder.exe virus infection.

I.e. you should recursively remove the following files associated with Newfolder.exe virus:

* autorun.inf
* autorun.bat
* autorun.exe
* autorun.dat
* autorun.reg
* autorun.sys
* autorun.drv
* autorun.log
* autorun.vbs

and so on...

Don't forget repeating the same steps for your thumb or flash drives including even the onces in your photo and video camera and portable flash player. These devices can transfer Newfolder.exe virus from your friends and collegues or will become source of new infection after you already cleaned your main computer.

And don't forget about your notebook!

6) After completing everything described above you should perform non-graceful reboot. In other words, simple press Reset on your computer case. This will ensure that Newfolder.exe virus will not replicate itself during normal Windows finalization procedures. Actually, you will win some time.

7) You may need to repeat everything written above two or three times in a row before all manifestations of Newfolder.exe virus are gone.

No comments:

Intel Edison arduino MicroSD card 128 GB flashing from exFat to Fat32 format

I bought a 128GB microSD card from samsung, in order to extend my storage space in Intel Edison arduino.  But, there is a missing informati...