Run the task manager,in processes tab you'll see two processes svchost.exe running under your user name, end them.
then go to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\Explorer\Run
delete winlogon key
then go to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
here set the checked value to 1
AND IF you are not administrator, the virus couldnt access the registry, so you'll see an invisible icon in the startup menu of start menu, delete it
DO ALL THIS AFTER YOU END THE TWO PROCESSES otherwise they'll be RESTORED every 10 seconds
After all this go to folder options uncheck hide protected files
you'll see C:\heap41a folder, delete it and you'll see microsoftpowerpoint.exe in your pen drives along with autorun.inf , delete them
2 comments:
Nice find dude.........
But something to add fro my side...that is...Before doing all the steps which u suggested
First step is to TURN OFF the SYSTEM RESTORE..then it will work
yes you are right.. thanks a lot
Post a Comment