5/3/09

How to remove Virus eyt.exe (NK Virus)

This virus is not detected in any virus grad yet. So far most computers were infected with this virus and only way to get rid of it is formatting your pc. But you like to try some thing there is a way to do it. So try it if you can't make it format your computer

First of all these are the sine of infection
Your hidden files are gone if you try to get it back by tools>folder options>view> show hidden files and folders
Or
Un checking hide protected operating system files (recommended)
It doesn't make any change
If your computer shows these behaviors .there is a virus from a one test you can find what the virus is
Go to Start>run type "cmd" and hit enter
After you get the Command Prompt
Type "cd\" and hit enter
You will put to your root and it will be C:\>
Type "dir /ahs" hit enter
After type this if you get a this lines in your result
* autorun.inf
* eyt.exe (this file name will be change in case )
* Lister.txt
Ok you have the virus
Let's get rid of it
To get rid of it first of all you have to stop loading virus on startup
Go to Start>run type"msconfig" and hit enter
If you doesn't get the system configuration window it's a another matter you have to fix it latter but normally this virus doesn't block the system configuration
In system configuration window General tab select "diagnostic startup" and press ok you will ask to reboot your computer and do so
After rebooting computer you get a message press ok the system configuration window will popup close it and don't restart your computer
Go to Start>run type "cmd" and hit enter
After you get the Command Prompt
Type" cd\ "and hit enter
Type "cd windows" and hit enter
Type "cd system32" and hit enter
Type "dir /ahs" hit enter
After type this if you get a this lines in your result
* olhrwef.exe (this file name will be change in case. I use this name replace with your name )

Type "attrib olhrwef.exe -s -h -r" and hit enter
Type "del olhrwef.exe" and hit enter
Type "exit" and hit enter
Now it's half gone
Go to Start>run type "cmd" and hit enter
Type "cd\ "and hit enter
Type" attrib autorun.inf -s -h -r" and hit enter
Type "del autorun.inf" and hit enter
Do last two this on your all roots (C:\,D:\,E:\,F:\, ....)
Now you are safe but there is some things to do
Go to Start>run type "regedit" and hit enter
Expand SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden
In NOHIDDEN folder
Double click "CheckedValue" key and set "Valuedata" to "0" and set "Base" to "Decimal" press ok
Double click "DefaultValue" key and set "Valuedata" to "1" and set "Base" to "Decimal" press ok
In SHOWALL folder
Double click "CheckedValue" key and set "Valuedata" to "1" and set "Base" to "Decimal" press ok
Double click "DefaultValue" key and set "Valuedata" to "1" and set "Base" to "Decimal" press ok
Close all windows and
Go to Start>run type"msconfig" and hit enter
In system configuration window General tab select "normal startup" and press ok you will ask to reboot your computer and do so
Ok you are finished your work

0 comments:

Post a Comment