Destroy virus from hard drive in 15 seconds

neo_vi's Avatar author of Destroy virus from hard drive in 15 seconds
Contributed by
This is an article on Destroy virus from hard drive in 15 seconds in Windows.

Introduction



If some viruses are attacked especially a variant of autorun. U'll see an "Open with..." dialog when u try to open a drive.

Here are the steps to delete it from ur hard drive.

Goto command prompt and goto the drive where u'll get the "Open with..." dialog.
To do this
Code:
step 1 : start -> run
step 2 : type cmd
step 3 : enter the drive name followed by a colon
type attrib

It'll list out the attributes of all the files in the drive(only files, not folders and files inside that folders)

U'll see some of the files with attributes s h r


Type this code

Code:
attrib -s -h -r *.*
The above line resets the attributes of all the files in the drive. Then delete the files which has s h r attributes set.(see picture) to delete the virus file

Code:
del <filename>.<extension>

e.g 
del w.cmd
del autorun.inf
After removing the virus file from each drive Logoff ur PC and Logon again. This is a must. In somecases It may be optional. To be safe perform it.

NOTE: The files shown here are just an example. Original virus file may be of different name. The virus will affect any drive. I've just taken D: drive for illustration. THIS CODE SHOULD NOT BE USED IN "C:" DRIVE IF WINDOWS IS INSTALLED IN IT, AS THIS DRIVE CONTAINS SYSTEM FILES.
pcmahes like this
Go4Expert Member
12Dec2008,02:20   #2
sun_kangane's Avatar
yaa this is nice ..................

but what if the virus done the changes in registry to get "open with.." window. How to restore the original registry settings.
Light Poster
12Dec2008,22:01   #3
dreams's Avatar
oh!
This is a very useful information for all of us..
Skilled contributor
16Dec2008,18:57   #4
Bhullarz's Avatar
Quote:
Originally Posted by sun_kangane View Post
yaa this is nice ..................

but what if the virus done the changes in registry to get "open with.." window. How to restore the original registry settings.
for the first time, each autorun virus needs this file, once the virus code gets executed, it modifies the registry entries. So there would be autorun.inf on your drive. Just open the autorun.inf with notepad and search for .bat or .exe or .com filename. Now open registry edit from run by typing "regedit" and search for the same file name you found in autorun.inf. and delete it yourself or you can just use any registry cleaner after deleting the virus code from your system. B'coz such cleaners look for the orphan registry entries which are not associated with any file.
For the safe deletion of virus code, use search feature of windows with the options selected to search in hidden files and system files. Usually such viruses copies itself into windows/system32 folder and one hidden system folder "system volume information". Just delete them. If any of the virus file is not getting deleted, then just check whether file is executing or not. You can check this using task manager / process monitor(recommended).
Just end process and thentry to delete the file.

I hope this info will help..
Last edited by Bhullarz; 16Dec2008 at 19:01..
Go4Expert Member
16Dec2008,19:40   #5
sun_kangane's Avatar
nice information bro...............................thank........... .
Go4Expert Member
21Dec2008,13:50   #6
growingboy's Avatar
Its always best to have an antivirus. So that u don't need to worry about ur system much
NDL
Contributor
21Dec2008,15:31   #7
NDL's Avatar
tnx nice peace of info
Invasive contributor
27Dec2008,14:42   #8
neo_vi's Avatar
thank u all 4 ur comments
Go4Expert Member
27Dec2008,20:47   #9
growingboy's Avatar
nice info.. keep it up
Contributor
30Dec2008,22:10   #10
TriG0rZ's Avatar
bloody awesome man, thanks !
Page 1 of 3
1
2
3