OK, now i have a virus -_-|||
Step 1: Press "Ctrl + Alt + Delete" to call up Task Manager, "End Process" suspicious program under "Processes". To know whether it is suspicious, you have to frequently look at your process.
If you not sure whether it is window process or not, Eg:"inetinfo.exe" if you don't know what it is, just google it and you will know!
So "inetinfo.exe" is NOT a virus :)
Step 2: Press "Window key + R" to call "Run" Command, and type "msconfig" to call up System Configuration Utility. Disabled the virus at "Startup". In case you don't know what your virus name is, just DISABLE ALL, choose "EXIT WITHOUT RESTART".
So, i have a virus name "Kavo" and it's extension is ".exe" in location "C:\WINDOWS\system32\kavo.exe", and registry under "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run".
Step 3: Type in "regedit" in the RUN command box.
::In case some virus disabled your "MSCONFIG" go into registry then :)
Make sure the virus is gone :) The "MSCONFIG" just ignore it, later startup just tick the box and close it will do. MSCONFIG in registry is not a virus.
Step 4: "Show hidden files and folders", untick "Hide extension for known types", and "Hide protected operating system files" under "Folder Option" of "Control Panel"
Since "Kavo.exe" is freezing some of your options in the "Folder Option" thus this step is not applicable for "Kavo.exe".
::Unhide operating system file make virus file visible to you.
Step 5: Create "Autorun.ini" and "Autorun.inf" on your DESKTOP by using NOTEPAD.
::To create "Autorun.inf", just "right-click">New>Text Document, on your desktop and rename it will do. Same for the "Autorun.ini". The file size should be 0 byte.
Then replace it in every Drive C, D, E ... by shortcut key "Ctrl+C" for Copy, "Ctrl+V" for Paste just in case if your features disabled.
DO NOT DOUBLE CLICK to go in your drives. RIGHT CLICK, if the top is written "AUTORUN" in BOLD color, the virus is there. If "Explore" is there, mean Autorun is disabled already.
Notice that you are now replacing a new "Autorun.inf" with an empty "Autorun.inf" so that the virus won't auto-run anymore.
This is the Autorun code that run a virus:
Since normally the virus make "Autorun.inf" and the virus file itself in "Protected system file" type, so you won't able to see it even you unhide your files and folders in the Folder Option, but you can REPLACE it ^^
Step 6: Basically your pc now is safe, since you have freeze the virus from running. If you insist to clear it >"<, here we go, replace an empty file with the virus name with the correct extension and delete it for all the drives. In this example is "kavo.exe" and "ipy.cmd".
Extention is after ' . ', mean .txt is extension for textpad, .doc is Msword, .jpg .gif .png .bmp for image types, .rmvb .avi .wmv for video, et cetera.
Step 7: Restart your pc ^^ Tick the check box at Window Startup, and click OK.
Press "Window key + E" for Window Explorer. Notice that right click, the first BOLD color is "Explore" that's mean the Autorun is disactivated, and you are now virus FREE :)
Step 8: Last step, don't forget you're Folder Option is still Jam, double click the two registry files type to restore back the data and now the features in your Folder Option is now enable again.
You can go to Folder Option from Window Explorer under Tools > Folder Options > View.
Download folder option and control panel recovery.rar from Uploading.com
Unzip it with winrar or winzip, you can get the application from www.download.com.
Contact me if you want ipy.cmd virus, thanks.
File type:
Credit by Frank
Mailto:joo1125@gmail.com