Professional Documents
Culture Documents
I want to tell you a story, two days back i got affected by this virus very badly as it eat up
all my empty hard disk space of around 700 MB .
I was surprised that my most reliable friend Avast, for the first time failed me in this war
against viruses but then again avg and bitdiffender also failed against it. This virus is
know popularly as regsvr.exe virus, or as new folder.exe virus and most people identify
this one by seeing autorun.inf file on their pen drives, But trend micro identified it as
WORM_DELF.FKZ. It is spreading mostly using pen drives as the medium.
Well, so here is the story of how i was able to kill the monster and reclaim my hard disk
space.
I prefer manual process simply because it gives me option to learn new things in the
process.
So let’s start the process off reclaiming the turf that virus took over from us.
a. Search for autorun.inf file. It is a read only file so you will have to change it to normal
by right clicking the file , selecting the properties and un-check the read only option
b. Open the file in notepad and delete everything and save the file.
c. Now change the file status back to read only mode so that the virus could not get
access again.
d.
e. Click start->run and type msconfig and click ok
f. Go to startup tab look for regsvr and uncheck the option click OK.
g. Click on Exit without Restart, cause there are still few things we need to do before we
can restart the PC.
h. Now go to control panel -> scheduled tasks, and delete the At1 task listed their.
4. Seek And Destroy the enemy soldiers, no one should be left behind
a. Click on start->search->for files and folders.
b. Their click all files and folders
c. Type “*.exe” as filename to search for
d. Click on ‘when was it modified ‘ option and select the specify date option
e. Type from date as 1/31/2008 and also type To date as 1/31/2008
f.
g. Now hit search and wait for all the exe’s to show up.
h. Once search is over select all the exe files and shift+delete the files, caution must be
taken so that you don’t delete the legitimate exe file that you have installed on 31st
January.
i. Also selecting lot of files together might make your computer unresponsive so delete
them in small bunches.
j. Also find and delete regsvr.exe, svchost .exe( notice an extra space between the svchost
and .exe)