Skip to content

Remove Virus Shortcut from your computer system

May 28, 2013

Method : Manual – With the manual. 

  1. Turn off system Restore.
  2. Turn off the virus by using wscript.exe tool CProcess or CurrProcess (click on link). Run Crocess, search tab on the process name wscript.exe then right click on the name of the file and click kill procesess selected.
  3. Open Windows Explorer, click the tool menu option, folder option, view, click show hidden files and folders, click / uncheck the Hide extensions for known file types and Hide protected operating system files.Klik OK.
  4. Open my documents. Delete the file database.mdb.
  5. Click the Search button. Click All Files and Folders. In the All or part of the file name type: thumb.db, in the Look in a click. Delete all files that have been found. Repeat the steps above and delete all files that are found again.
  6. Click the Search button. Click All Files and Folders. In the All or part of the file name type: Autorun.inf, Look at the click in my computer. Delete all files that have been found. Repeat the steps above and delete all files that are found again.
  7. In step 6 virus is actually missing or no longer active but still have the rest of the shortcut duplicate folders created by malware earlier.
  8. If you also want removed, you must be careful once the shortcut is created by the virus with a shortcut to the default windows. The shortcut of the folder is created by the virus that is when we refer to the folder will appear in the link from the shortcut to the windows/system32. That we should be clear.
  9. How to find the folder shortcut: Click the Search button. Click All Files and Folders. In the All or part of the file name type: *. lnk, Look at the click in my computer. You must choose from based on the characteristics of a folder shortcut is created by the virus at the top of the line.
  10. You can delete the registry made by the virus earlier by using the tool HijackThis. (You can download HijackThis 2.0.2 here). Click Scan system and only looking at the HKCU \ … \ … database.mdb, HKLM \ … \ …. relating to the WindowsXP cd (I forget the name length, and for that sometimes there is also sometimes not), and HKCU \ … \ …. disableregedit = 1. click the button fixed.
  11. Now restart your computer.

In fact, if we do not delete the registry before (step 10) is not a problem, but at the restart windows will appear 2 text box that the first search for the file dialog database.mdb we remove earlier, the second prompted enter cd WindowsXP (this show is that there are also who does not). click Ok. Regedit and then it is likely we will didisable by the virus earlier. This also ga not problem if your brain is often especial registry windows.

Method to prevent the virus come again:

Virus this work if we click the folder shortcut new harry potter … lnk, microsoft. Once we click the folder shortcut its so activated wsript.exe will find a file that is located in the folder windows system32 folder. Wscript.exe actively with the virus will begin to spread. So the key is that the virus is active on the file wscript.exe. For that we must kill wscript.exe way change of the name.

Open Windows Explorer, click the tool menu option, folder option, view, click show hidden files and folders, click / uncheck the Hide extensions for known file types and Hide protected operating system files.Klik OK.

Open the folder C: \ Windows \ system32 \ dllcache. This folder is collection of files from the backup files in the system32 folder. Find the file and click the right wsript.exe rename a wscriptx.exe for example. And open the C: \ Windows \ system32, find the file and click the right wsript.exe rename wscriptx.exe also be, for example.

Advertisements
Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: