1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Destroy virus from hard drive in 15 seconds

Discussion in 'Windows' started by neo_vi, Dec 11, 2008.

  1. neo_vi

    neo_vi Member

    Joined:
    Feb 1, 2008
    Messages:
    722
    Likes Received:
    15
    Trophy Points:
    18
    Occupation:
    Software engineer
    Location:
    Earth
    Home Page:

    Introduction



    If some viruses are attacked especially a variant of autorun. U'll see an "Open with..." dialog when u try to open a drive.

    Here are the steps to delete it from ur hard drive.

    Goto command prompt and goto the drive where u'll get the "Open with..." dialog.
    To do this
    Code:
    step 1 : start -> run
    step 2 : type cmd
    step 3 : enter the drive name followed by a colon
    
    type attrib

    It'll list out the attributes of all the files in the drive(only files, not folders and files inside that folders)

    U'll see some of the files with attributes s h r
    [​IMG]

    Type this code

    Code:
    attrib -s -h -r *.*
    
    The above line resets the attributes of all the files in the drive. Then delete the files which has s h r attributes set.(see picture) to delete the virus file

    Code:
    del <filename>.<extension>
    
    e.g 
    del w.cmd
    del autorun.inf
    
    After removing the virus file from each drive Logoff ur PC and Logon again. This is a must. In somecases It may be optional. To be safe perform it.

    NOTE: The files shown here are just an example. Original virus file may be of different name. The virus will affect any drive. I've just taken D: drive for illustration. THIS CODE SHOULD NOT BE USED IN "C:" DRIVE IF WINDOWS IS INSTALLED IN IT, AS THIS DRIVE CONTAINS SYSTEM FILES.
     
    pcmahes likes this.
  2. sun_kangane

    sun_kangane New Member

    Joined:
    Mar 20, 2007
    Messages:
    33
    Likes Received:
    0
    Trophy Points:
    0
    yaa this is nice ..................

    but what if the virus done the changes in registry to get "open with.." window. How to restore the original registry settings.
     
  3. dreams

    dreams New Member

    Joined:
    Dec 5, 2008
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    0
    Occupation:
    computer instructor
    Location:
    Kathmandu
    oh!
    This is a very useful information for all of us..
     
  4. Bhullarz

    Bhullarz New Member

    Joined:
    Nov 15, 2006
    Messages:
    253
    Likes Received:
    13
    Trophy Points:
    0
    Occupation:
    System Manager
    Home Page:
    for the first time, each autorun virus needs this file, once the virus code gets executed, it modifies the registry entries. So there would be autorun.inf on your drive. Just open the autorun.inf with notepad and search for .bat or .exe or .com filename. Now open registry edit from run by typing "regedit" and search for the same file name you found in autorun.inf. and delete it yourself or you can just use any registry cleaner after deleting the virus code from your system. B'coz such cleaners look for the orphan registry entries which are not associated with any file.
    For the safe deletion of virus code, use search feature of windows with the options selected to search in hidden files and system files. Usually such viruses copies itself into windows/system32 folder and one hidden system folder "system volume information". Just delete them. If any of the virus file is not getting deleted, then just check whether file is executing or not. You can check this using task manager / process monitor(recommended).
    Just end process and thentry to delete the file.

    I hope this info will help..
     
    Last edited: Dec 16, 2008
  5. sun_kangane

    sun_kangane New Member

    Joined:
    Mar 20, 2007
    Messages:
    33
    Likes Received:
    0
    Trophy Points:
    0
    nice information bro...............................thank............
     
  6. growingboy

    growingboy New Member

    Joined:
    Dec 1, 2008
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    0
    Its always best to have an antivirus. So that u don't need to worry about ur system much
     
  7. NDL

    NDL New Member

    Joined:
    Oct 20, 2008
    Messages:
    71
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    SL,colombo
    Home Page:
    tnx nice peace of info
     
  8. neo_vi

    neo_vi Member

    Joined:
    Feb 1, 2008
    Messages:
    722
    Likes Received:
    15
    Trophy Points:
    18
    Occupation:
    Software engineer
    Location:
    Earth
    Home Page:
    thank u all 4 ur comments
     
  9. growingboy

    growingboy New Member

    Joined:
    Dec 1, 2008
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    0
    nice info.. keep it up
     
  10. TriG0rZ

    TriG0rZ New Member

    Joined:
    Oct 2, 2008
    Messages:
    88
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    UK
    bloody awesome man, thanks :D!
     
  11. neo_vi

    neo_vi Member

    Joined:
    Feb 1, 2008
    Messages:
    722
    Likes Received:
    15
    Trophy Points:
    18
    Occupation:
    Software engineer
    Location:
    Earth
    Home Page:
    thanks 4 the comment man.
     
  12. shabbir

    shabbir Administrator Staff Member

    Joined:
    Jul 12, 2004
    Messages:
    15,292
    Likes Received:
    365
    Trophy Points:
    83
  13. reddyschintuo

    reddyschintuo New Member

    Joined:
    Nov 29, 2008
    Messages:
    18
    Likes Received:
    1
    Trophy Points:
    0
    easy and usefull trick
     
  14. skp819

    skp819 New Member

    Joined:
    Dec 8, 2008
    Messages:
    89
    Likes Received:
    3
    Trophy Points:
    0
    useful and nice information
     
  15. manuviju007

    manuviju007 New Member

    Joined:
    Mar 10, 2009
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    0
    Awesome DuDe!!!
    its amazing bcoz i always see this type of problem[:0] !!!
    [:)] !!!
     
  16. manuviju007

    manuviju007 New Member

    Joined:
    Mar 10, 2009
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    0
    thanks very much!!!:)
     
  17. raghav

    raghav New Member

    Joined:
    Jun 25, 2007
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    0
    Occupation:
    None
    Location:
    Australia, NSW, North Rocks, 2151
    Hi thanks for the tutorial, it's great work:happy:

    I am no expert at handeling these situations, but i am having hard time trying to delete or uninstall these problems. I like your tutorial here, but not too sure what to do with this: SMSS.EXE (since i know this is a system process im not gona delete it). I have researched on this process and seem to find false results of trojans, worms and spyware or ad-ware... The first thing im worried about is iv installed xp on my laptop, while using nlite - iv intergrated drivers etc... I also remmember mouse movements, changes of keys etc when i had vista, but when i burned the iso of xp and drivers to a READ WRITE cd, i am worried that somthing might of either binded itself to a file or might have goten tricked to do something. On xp i looked inside my xp disc, and found a SMSS.EXE file - like i said before, i found bad results on it. Another problem is, that sometimes when im doing my work, my laptop keeps shutting down without me putting a timer or doing ANYTHING AT ALL. I look at my programs and see programs such as power iso, ms office or even system files, being changed to a icon: such as the cmd, or (Please im being serious here)
    a icon with a bluish bunny, a nueclear sign, A white papper backround with a lip on it, faces, icons with "?" etc...
    - AND I DONT THINK THIS IS ANYTHING TO DO WITH WINDOWS OR IT'S COMPONETS.

    if anybody could please direct me to a good way of getting rid of this or reversing the trick, so that i could take back whatever that person has deleted or damaged of mine or pay him back by not doing anything nasty but do anything that would make him think he has done wrong. But PLEASE at least help me get rid of it.
    Thanks:worried::worried::worried::worried:
     
  18. nabster

    nabster New Member

    Joined:
    Mar 9, 2009
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    0
    this way maybe not useful alone, cuz these files will return again, so u should do the same way on the folder
    c:\windows\system32
    cuz it have the main virus who generates that hidden files on "c:\"
    after that u`ll never see it again

    i hope it was usefull 4 all
     
  19. regsvr.exe

    regsvr.exe New Member

    Joined:
    Apr 5, 2009
    Messages:
    7
    Likes Received:
    2
    Trophy Points:
    0
    It is not correct to all. If u goto c: drive, it contains system files are SHR type. So u couldnt remove that files. If u remove that files ur OS had been corrupt.

    C: SHR-->MSDOS.SYS
    NTDETECT.COM
    NTLDR
     
  20. nabster

    nabster New Member

    Joined:
    Mar 9, 2009
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    0
    del all file types like *.dll *.exe *.com *.inf with attrib SHR
    first in folder c:\windows\system32 then in c: drive
     

Share This Page