Online Test Result

oDesk Certified Windows XP Expert oDesk Certified Firewall Concepts Expert oDesk Certified MS Word 2003 Expert

How to Remove Virus from PC including Autorun.inf

Sunday 6 May 2012 0

Many people who use the PC mostly did not know about the viruses.  Many peoples get infected by such viruses daily who are using XP, Vista, Window 7 etc. They always in tension if any virus infected their PC then how would be they able to remove it. They Always think that if virus infected his PC then they should install New window and it is again a time wasting process. Therefore I especially write this post for them and all of you. Don’t be afraid from any type of virus. Just see the logic of virus how and where they settle into your PC.

First of all you should see this video which is given below. I made a virus and run it into my PCand it is working fine.




See I run it on my own PC. Now go to the next step how to remove it so that you will not need to
install window again. First I want to tell you one thing I made another video in which I created a virus named svchost.exe then I make video again with a new virus with different name because many people did not know about the svchost.exe file. It is a system file if you see this tutorial and delete system file by mistake then your window will be corrupt. So I used second time a different name. But my PC still have two viruses in it. Like most viruses, when it infects your system, it will first create an autorun file (autorun.inf) into C drive which points to sal.xls.exe. When you boot up the system next time. Sal.xls.exe will be executed.


Autorun.inf file looks like this:

It will also disable the hidden files when you viewing them. Almost all viruses will be setup in system like a hidden file and you don’t see it again once it run. It also run into your system hiddenly and infected your system software as well as hardware, especially the hard disk.
Now take some steps to remove the virus from your system as in my case I am going to remove virus named eagle.exe/eagle.bat. I made simple virus as much as possible for tutorial so that it also create batch file with .bat extension. 



1)           First thing you have to do is to terminate the process of eagle.exe using “Task Manager”.  
            You may also use the “Process Explorer”. This is very important, otherwise the process of   
            eagle.exe will cause interruption. See the Image below how I terminate it.



As I said you before that I made virus with svchost.exe first time so I delete its running process. But in your case it is not necessary that your virus name is svchost.exe. svchost.exe also a system file.
Take note that Widows Defender doesn’t help in this case, one of the reason is that Windows Defender couldn’t scan for hidden files (because the damage done to corrupt feature to view the hidden file.)


2)             Second go to Start Button >> Run >> type ‘msconfig’ then Enter go to the Start-up tab  
                >> it shows the list off all the applications which is executed when Window start.  
                Uncheck the virus files, also see their locations and note down their address on a 
                notepad file just like the Picture shown below:



3)             Second fix your viewing hidden files problem. This has to be done via regedit.
    Click on Start button >> go to Run >> type regedit and Enter.


regedit show in the above Picture now Navigate to the following registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL

Now right click on, and delete the value “CheckedValue” in the right hand window. 
Now create a new “DWORD Value” called exactly “CheckedValue” in the right hand window.
Double click on “CheckedValue”.
In the opening ‘Edit DWORD Value’ box, set the ‘value data:’ to 1
Press OK, exit regedit, and restart your PC.

4)         After Restart your PC Again do step 1 if viruses running then terminate them again.
           Now open my computer go to ‘Tools’ Menu >> select ‘Folder Options’ >> goto view then ‘enable viewing of hidden files’ and also ‘enable viewing protected operating system files’ and ok or apply the setting:


 5)     Now open the notepad file where you save the file location address >> open 
       my computer  >> Go to the address and delete the viruses. 


            Delete the files:
            eagle.bat
            svchost.bat

6)              Then fix the startup settings. You can either get it done with regedit or msconfig or both.
Regedit:
Look-under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run &
HKEY_CURRENT_USER\Software Microsoft\Windows\CurrentVersion\Run and delet way the entries for both eagle.exe and svchost.exe or (eagle.bat and svchost.bat)

msconfig:
Disable the entries under msconfig/startup

7)         Done, restart your PC now your system is clean.

This tutorial is so long but I thing you have gain some extra and useful knowledge. I also spend large amount of time to make it. I hope you will enjoy it.

Special Thanks: All Credit goes to my friend Ajai Singh(hrde) who have a big community hackrade in IT field who tell me the way to write this Article. Especially  I also learnt registry key settings from him.



Newer Post Older Post

Leave a Reply

Related Posts Plugin for WordPress, Blogger...

Comments

Eagle Eye Productions. Powered by Blogger.

Engine: Blogger Design:Ugesi Converted by LiteThemes.com