Tuesday, February 19, 2008

How to remove "New Folder" Virus Safely?

Mahsa / New Folder virus


Many of us are suffering with this "New Folder" virus, of course some solutions given here and there couldn't solve the problem completely but the solution given here can surely make your PC free from this nasty virus because I tried many and found this one working So follow the instructions and make your PC free from "Mahsa" even though you have some AV this nasty can attack your PC.

Virus File
————
File Name: New Folder.exe (inside all folders)
File Name: Top Pictures.exe (shared documents)
File Name: Windows Explorer.exe (c:\windows\)

Icon: Looks like a Folder
Type: Application
Size: 104KB/112KB
File Version: 1.0.0.0
Internal Name: Mahsa
Original Filename: Mahsa.exe
Product Version: 1.00

Recognized by antivirus
—————————-
Trojan.Win32.VB.aol
Worm.P2P.Generic

Symptoms
————-
You will find New Folder.exe inside every folders.
You cannot open system utilities like Task Manager, Regedit, Msconfig; it opens and suddenly closes.
You cannot open folders with names like antivirus, .exe, etc. it opens and suddenly closes.

Behind the Screen
———————
Creates a file: C:\windows\Windows Explorer.exe
Creates a file: C:\Documents and Settings\All Users\Documents\Top Pictures.exe
Creates New Folder.exe in every folder you open

ModifyRegValue: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Explorer
ModifyRegValue: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState\FullPath
ModifyRegValue: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt

Adds to the startup item
Path: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Explorer
Value: C:\WINDOWS\Windows Explorer.exe

Solution
———-
Thank god it doesn’t disables the command prompt ;)

END TASK::
1. Start>Run
taskkill /f /t /im “New Folder.exe”
2. Start>Run
taskkill /f /t /im “Windows Explorer.exe”
3. Start>Run
taskkill /f /t /im “Top Pictures.exe”
(if you get some error like windows cannot find taskkill,.. blah blah…, copy the file taskkill to your X:\windows\system32\ directory)

REGISTRIES::
1. Start>Run
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v Explorer
2. Start>Run
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v HideFileExt /t REG_DWORD /d 0

DELETE FILES::
1. Start>Run>cmd
del /a /f C:\windows\Windows Explorer.exe
2. Start>Run>cmd
del /a /f C:\Documents and Settings\All Users\Documents\Top Pictures.exe

DELETE New Folder.exe: (updated on 28Jan,2008)

del “C:\New Folder.exe” /a /s /f /p


by
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)