Monday, September 12, 2011

Permanent solution for NEW FOLDER virus

Some times in our System  we find New folder virus or Newfolder.exe  . This newfolder.exe is an executable file that starts a malicious process which launches certain parasite components or runs a destructive payload. Even if the newfolder.exe file does nothing suspicious, its presence indicates that your computer is infected with a particular threat.
The original name of the virus isIddono. If this virus enters into your computer, it will run into several system processes making several copies of it, occupies space from both RAM and Hard disk and thereby increase the system load. This virus is indeed very difficult to eliminate manually, but here is a solution for removal of the deadly virus.
Follow The Steps:
--->Step 1.
1. Search for the autorun file (autorun.inf). It is a read only file so you will have to change it to normal by right clicking the file, selecting the properties and un-check the read only option.
2. Open the said file in notepad and delete everything inside it and save the file.
3. Now change the file status back to read only mode so that the virus could not get access again.
4. Now go to msconfig from RUN menu by pressing (Windows + R) and typing msconfig.
5. Go to startup tab and look for regsvr. Then uncheck the option and click OK.
6. Click on Exit without Restart, because there are still few things we need to do before we can restart the PC.
7. Now go to control panel –> scheduled tasks, and delete the At1 task listed there.
--->Step 2.
1. First Click on start -> RUN and type gpedit.msc and click Ok to open the local group policy editor.
2. If you are Windows XP Home Edition user ,then you might not have gpedit.msc. In that case download and install it from Windows XP Home Edition: gpedit.msc and then follow all these steps.
3. Then Go to the desired location:
user Configuration-> Administrative Templates-> System
4. Find “prevent access to registry editing tools” and change the option to disable.
5. Once you do this you have registry access back.
--->Step 3.
1. First Click on Start->Run and type regedit and click ok.
2. Go to Edit-> Find and start the search for regsvr.exe.
3. Launch the attack in the heart of castle: registry search
4. Delete all the occurrence of regsvr.exe; Do Remember to take a backup before deleting. KEEP IN MIND that regsvr32.exe is not to be deletedDelete regsvr.exe occurrences only.
--->Step 4
1. Click on Start-> Search-> For files and folders.
2. Type “*.exe” as file name to search for.
3. Click on ‘when was it modified ‘option and select the specify date option.
4. Type from date as 1/31/2008 and also type To date as 1/31/2008
5. Now hit search and wait for all the exe’s to show up.
6. Once search is over select all the .exe files and shift+delete the files. Caution must be taken so that you don’t delete the legitimate .exe file that you have installed on 31st January (delete only newfolder.exe).
7. Also selecting lot of files together might make your computer unresponsive; so delete them in small bunches.
8. Also find and delete regsvr.exesvchost .exe( notice an extra space between the svchost and .exe).
After these prolonged steps, the New folder virus will be completely removed from your computer.


Click to Add a New Comment

Post a Comment

Related Posts Plugin for WordPress, Blogger...