This post is about a Virus or Trojan, who knows... anyway, at first I noticed my Yahoo! Messenger didn't work properly. Then it stopped working completely! When I was copying a file (about 100MB) to my USB pen drive I noticed some files were getting copied which I didn't want and they disappeared very quickly. I knew this was a doing of a Virus/Trojan. Then I checked the files on the drive with the command prompt & found the files. If you want to get rid of it permanently, you got to do some work. Here are the steps...
01) Open Task Manager (Press Ctrl+Alt+Del or Right click Windows Task bar & select "Task Manager").
02) In File menu select "New Task(Run)" & type "cmd". A command prompt will open. Type in the following commands:
taskkill /F /IM "wscript.exe"
taskkill /F /IM "explorer.exe"
03) Run the command bellow for each drive you have on your system (including removable storage like USB drives) Just change the drive letter as you want & run for all drives.
del c:\autorun.inf /f /a /q
04) Go to your system drive (default drive c) then go in to "Windows\System32" folder( cd c:\Windows\System32)
05) Run the command bellow
attrib -r -s -h avpo.exe
attrib -r -s -h avp0.exe
attrib -r -s -h avp0.dll
then delete all three files
del avpo.exe /f /a /q
del avp0.exe /f /a /q
del avp0.dll /f /a /q
if the del command doesn't work you can use "erase" command (erase avpo.exe /f /a /q)
06) Run the command bellow for each drive you have on your system.
del c:\ntde1ect.com /f /a /q
After that close the command prompt & go back to the Task manager.
07) In File menu select "New Task(Run)" & type "regedit" and go to he registry key HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run. If there is any entries for "avpo.exe", delete them. (Surly take a backup of your registry before you change it)
08) Press "Ctrl+F" and search for "ntde1ect.com" and delete them. Press "F3" to get the next result. Delete all entries.
09) Restart your machine. That's it ;)
Hope this helps!!!
01) Open Task Manager (Press Ctrl+Alt+Del or Right click Windows Task bar & select "Task Manager").
02) In File menu select "New Task(Run)" & type "cmd". A command prompt will open. Type in the following commands:
taskkill /F /IM "wscript.exe"
taskkill /F /IM "explorer.exe"
03) Run the command bellow for each drive you have on your system (including removable storage like USB drives) Just change the drive letter as you want & run for all drives.
del c:\autorun.inf /f /a /q
04) Go to your system drive (default drive c) then go in to "Windows\System32" folder( cd c:\Windows\System32)
05) Run the command bellow
attrib -r -s -h avpo.exe
attrib -r -s -h avp0.exe
attrib -r -s -h avp0.dll
then delete all three files
del avpo.exe /f /a /q
del avp0.exe /f /a /q
del avp0.dll /f /a /q
if the del command doesn't work you can use "erase" command (erase avpo.exe /f /a /q)
06) Run the command bellow for each drive you have on your system.
del c:\ntde1ect.com /f /a /q
After that close the command prompt & go back to the Task manager.
07) In File menu select "New Task(Run)" & type "regedit" and go to he registry key HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run. If there is any entries for "avpo.exe", delete them. (Surly take a backup of your registry before you change it)
08) Press "Ctrl+F" and search for "ntde1ect.com" and delete them. Press "F3" to get the next result. Delete all entries.
09) Restart your machine. That's it ;)
Hope this helps!!!
No comments:
Post a Comment