They blocked mozilla coz they couldnt read the edit fields in it through autohotkey, so forced the user to use ie or opera only.
If its not detected by the antivirusRun the task manager,in processes tab you'll see two processes svchost.exe running under your user name, end them. then go to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\policies\Explorer\Rundelete winlogon key
you better leave the status key, coz i made the virus first check this key, if present it'll not install then go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
here set the checked value to 1
AND IF you are not administrator, the virus couldnt access the registry, so they created startup shortcuts in startmenu. you'll see an invisible icon in the startup menu of start menu, delete it
DO ALL THIS AFTER YOU END THE TWO PROCESSES otherwise they'll be RESTORED every 10 seconds
After all this go to folder options uncheck hide protected filesyou'll see C:\heap41a folder, delete it and you'll see microsoftpowerpoint.exe in your pen drives along with autorun.inf , delete them
1 comment:
Hey budy This is much easier than i posted in My Blog earlier on the same concept but my suggetions are tecqnical and difficult.I hope your Tip to remove orkut virus will be the simplest one i have ever seen.()
Post a Comment