1. We have moved from vBulletin to XenForo and you are viewing the site in the middle of the move. Though the functional aspect of everything is working fine, we are still working on other changes including the new design on Xenforo.
    Dismiss Notice

Destroy virus from hard drive in 15 seconds

Discussion in 'Windows' started by neo_vi, Dec 11, 2008.

  1. neo_vi

    neo_vi New Member


    If some viruses are attacked especially a variant of autorun. U'll see an "Open with..." dialog when u try to open a drive.

    Here are the steps to delete it from ur hard drive.

    Goto command prompt and goto the drive where u'll get the "Open with..." dialog.
    To do this
    step 1 : start -> run
    step 2 : type cmd
    step 3 : enter the drive name followed by a colon
    type attrib

    It'll list out the attributes of all the files in the drive(only files, not folders and files inside that folders)

    U'll see some of the files with attributes s h r

    Type this code

    attrib -s -h -r *.*
    The above line resets the attributes of all the files in the drive. Then delete the files which has s h r attributes set.(see picture) to delete the virus file

    del <filename>.<extension>
    del w.cmd
    del autorun.inf
    After removing the virus file from each drive Logoff ur PC and Logon again. This is a must. In somecases It may be optional. To be safe perform it.

    NOTE: The files shown here are just an example. Original virus file may be of different name. The virus will affect any drive. I've just taken D: drive for illustration. THIS CODE SHOULD NOT BE USED IN "C:" DRIVE IF WINDOWS IS INSTALLED IN IT, AS THIS DRIVE CONTAINS SYSTEM FILES.
    pcmahes likes this.
  2. sun_kangane

    sun_kangane New Member

    yaa this is nice ..................

    but what if the virus done the changes in registry to get "open with.." window. How to restore the original registry settings.
  3. dreams

    dreams New Member

    This is a very useful information for all of us..
  4. Bhullarz

    Bhullarz New Member

    for the first time, each autorun virus needs this file, once the virus code gets executed, it modifies the registry entries. So there would be autorun.inf on your drive. Just open the autorun.inf with notepad and search for .bat or .exe or .com filename. Now open registry edit from run by typing "regedit" and search for the same file name you found in autorun.inf. and delete it yourself or you can just use any registry cleaner after deleting the virus code from your system. B'coz such cleaners look for the orphan registry entries which are not associated with any file.
    For the safe deletion of virus code, use search feature of windows with the options selected to search in hidden files and system files. Usually such viruses copies itself into windows/system32 folder and one hidden system folder "system volume information". Just delete them. If any of the virus file is not getting deleted, then just check whether file is executing or not. You can check this using task manager / process monitor(recommended).
    Just end process and thentry to delete the file.

    I hope this info will help..
    Last edited: Dec 16, 2008
  5. sun_kangane

    sun_kangane New Member

    nice information bro...............................thank............
  6. growingboy

    growingboy New Member

    Its always best to have an antivirus. So that u don't need to worry about ur system much
  7. NDL

    NDL New Member

    tnx nice peace of info
  8. neo_vi

    neo_vi New Member

    thank u all 4 ur comments
  9. growingboy

    growingboy New Member

    nice info.. keep it up
  10. TriG0rZ

    TriG0rZ New Member

    bloody awesome man, thanks :D!
  11. neo_vi

    neo_vi New Member

    thanks 4 the comment man.
  12. shabbir

    shabbir Administrator Staff Member

  13. reddyschintuo

    reddyschintuo New Member

    easy and usefull trick
  14. skp819

    skp819 New Member

    useful and nice information
  15. manuviju007

    manuviju007 New Member

    Awesome DuDe!!!
    its amazing bcoz i always see this type of problem[:0] !!!
    [:)] !!!
  16. manuviju007

    manuviju007 New Member

    thanks very much!!!:)
  17. raghav

    raghav New Member

    Hi thanks for the tutorial, it's great work:happy:

    I am no expert at handeling these situations, but i am having hard time trying to delete or uninstall these problems. I like your tutorial here, but not too sure what to do with this: SMSS.EXE (since i know this is a system process im not gona delete it). I have researched on this process and seem to find false results of trojans, worms and spyware or ad-ware... The first thing im worried about is iv installed xp on my laptop, while using nlite - iv intergrated drivers etc... I also remmember mouse movements, changes of keys etc when i had vista, but when i burned the iso of xp and drivers to a READ WRITE cd, i am worried that somthing might of either binded itself to a file or might have goten tricked to do something. On xp i looked inside my xp disc, and found a SMSS.EXE file - like i said before, i found bad results on it. Another problem is, that sometimes when im doing my work, my laptop keeps shutting down without me putting a timer or doing ANYTHING AT ALL. I look at my programs and see programs such as power iso, ms office or even system files, being changed to a icon: such as the cmd, or (Please im being serious here)
    a icon with a bluish bunny, a nueclear sign, A white papper backround with a lip on it, faces, icons with "?" etc...

    if anybody could please direct me to a good way of getting rid of this or reversing the trick, so that i could take back whatever that person has deleted or damaged of mine or pay him back by not doing anything nasty but do anything that would make him think he has done wrong. But PLEASE at least help me get rid of it.
  18. nabster

    nabster New Member

    this way maybe not useful alone, cuz these files will return again, so u should do the same way on the folder
    cuz it have the main virus who generates that hidden files on "c:\"
    after that u`ll never see it again

    i hope it was usefull 4 all
  19. regsvr.exe

    regsvr.exe New Member

    It is not correct to all. If u goto c: drive, it contains system files are SHR type. So u couldnt remove that files. If u remove that files ur OS had been corrupt.

  20. nabster

    nabster New Member

    del all file types like *.dll *.exe *.com *.inf with attrib SHR
    first in folder c:\windows\system32 then in c: drive

Share This Page