Monday, May 11, 2009

New Folder.exe Virus Removal

Method 1:

New Folder.exe Virus Removal Tool Download Smart Virus Remover to remove New Folder.exe virus

Method 2:

Virus also known as- IT University Sohanad W32.HLLW.Ssdx newfolder.exe

If this virus infected in you computer, It will Disable the following …

Task Manager, Registry Editor, Folder Options, Run in start menu

And it will create exes like the icon of folders. If this virus is running it will use more than 50 % of your processor

Download following tools to remove new folder.exe virus

Download Tool 1 | Download Tool 2 ( run tools In safe mode )


Manually remove it (new folder.exe Fix)

Delete File named svichossst.exe

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
“@”=[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Yahoo Messengger”=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
“Shell”=”Explorer.exe “

Method 3:

New Folder.exe virus is a more severe virus with some unusual effects. New Folder.exe virus disables the task manager, folder options, registry editors and creates .exe’s and folders throughout the file system. If you have the New Folder.exe infection, try this fix to remove it from your computer!

1. Download SDFix to your computer, run the .exe after its fully downloaded. It will extract the files to a %systemdrive%- usually C:/SDFix (Save it to your Desktop after)

2. After this has been completed, boot up into safe mode (Hit F8 during your computer start up and in the options, chose Safe Mode)

3. Rightclick on the SDFix.zip folder and choose Extract All. Open the extracted folder - C:\ SDFix and doubleclick on RunThis.bat to start the script.

4. Type in Y and it will run the script. It will automatically remove some registry keys that are/have been infected. Once that has been complete, it will ask you to press any key to reboot– it’s ok to reboot at this moment.

5. Your computer will be slower on reboot but that is normal for this process. Once your machine boots into the operating system, the utility will complete the removal process. When it is done, press any key and your desktop will load like normal!

Method 4:

  1. Cut The Supply Line
    1. Search for autorun.inf file. It is a read only file so you will have to change it to normal by right clicking the file , selecting the properties and un-check the read only option
    2. Open the file in notepad and delete everything and save the file.
    3. Now change the file status back to read only mode so that the virus could not get access again.
    4. Autorun
    5. Click start->run and type msconfig and click ok
    6. Go to startup tab look for regsvr and uncheck the option click OK.
    7. Click on Exit without Restart, cause there are still few things we need to do before we can restart the PC.
    8. Now go to control panel -> scheduled tasks, and delete the At1 task listed their.
  2. Open The Gates Of Castle
    1. Click on start -> run and type gpedit.msc and click Ok.
    2. If you are Windows XP Home Edition user you might not have gpedit.msc in that case download and install it from Windows XP Home Edition: gpedit.msc and then follow these steps.
    3. Go to users configuration->Administrative templates->system
    4. Find “prevent access to registry editing tools” and change the option to disable.
    5. Opening the gate of castle: Group Edit Policies
    6. Once you do this you have registry access back.
  3. Launch The Attack At Heart Of Castle
    1. Click on start->run and type regedit and click ok
    2. Go to edit->find and start the search for regsvr.exe,
    3. Launch the attack in the heart of castle: registry search
    4. Delete all the occurrence of regsvr.exe; remember to take a backup before deleting. KEEP IN MIND regsvr32.exe is not to be deleted. Delete regsvr.exe occurrences only.
    5. At one ore two places you will find it after explorer.exe in theses cases only delete the regsvr.exe part and not the whole part. E.g. Shell = “Explorer.exe regsvr.exe” the just delete the regsvr.exe and leave the explorer.exe
  4. Seek And Destroy the enemy soldiers, no one should be left behind
    1. Click on start->search->for files and folders.
    2. Their click all files and folders
    3. Type “*.exe” as filename to search for
    4. Click on ‘when was it modified ‘ option and select the specify date option
    5. Type from date as 1/31/2008 and also type To date as 1/31/2008
    6. Seek and destory enemy soldiers: the search option
    7. Now hit search and wait for all the exe’s to show up.
    8. Once search is over select all the exe files and shift+delete the files, caution must be taken so that you don’t delete the legitimate exe file that you have installed on 31st January.
    9. Also selecting lot of files together might make your computer unresponsive so delete them in small bunches.
    10. Also find and delete regsvr.exe, svchost .exe( notice an extra space between the svchost and .exe)
  5. Time For Celebrations
    1. Now do a cold reboot (ie press the reboot button instead) and you are done.

I hope this information helps you win your own battle against this virus. Soon all antivirus programs will be able to automatically detect and clean this virus. Also i hope Avast finds a way to solve this issues.

As a side note i have found a little back dog( winpatrol ) that used to work perfectly on my old system. It was not their in my new PC, I have installed it again , as I want to stay ahead by forever closing the supply line of these virus. You can download it form Winpatrol website.

UPDATE : Avast Boot Time Scheduling

Avast Boot Time Scan

No comments:

Post a Comment