Hello friends,
Well i am in a mood to wirte somthing about detecting a virus and to delete it without antivirus.
Well its not anything new, may be you guys already know all these, and if so MOD can remove this topic.
I am gonna tell you about basic virus come through external drive or some virus already executed in your system.
Sometimes its really annoying when you want to scan your pen drive and your antivirus tell you 3 hours left or one day left. so you can apply some basic tricks first then scan with your antivirus.
First of all always disable autorun, you can do it from group policy option or from registry or some hady registry files are there to do it with ease ( "Kulverstukas" have posted it before.)
or if you don't want to do so then you can
hold shift on your keybord while you are connecting your external drive to your system. By holding shift your external drive will not be automatically executed.
Now second most important thing to remeber is to remove tick from
"hide extension of file" in folder option" means you should always know that what is the extension of file that you are accessing.
then select check box "show hidden files" and remove tick mark from "hide system files". now a days most of the virus have attribute of hidden and system, so you better check that option
in XP (tools-->folder option-->view)
in newer (organize-->folder option-->view)
thus you will be able to see hidden files.
and if system files are getting annoying for you then just do it when you connect your drive, otherwise undo it.
This will help you if virus is not executed in your system. if your system is already affected then may be that option won't work, i mean it will be reset everytime automatically. (we will talk about it later)
First we will see when your system is still safe. - so if your pen drive is affected then probably there is a autorun.inf file with hidden and system attribute. try to delete it normaly if its get deleted then it will be easy, and if not then go to its properties and uncheck hidden and read only,
- then open it in notpad and remove everything and save it, or just delete file. if still not working or error occured that access denied or read only file.
(
note: don't yell if you know all this.. just skip ahed, because you are not the only one here
)
- then close file and start CMD
- now go to your drive (suppose its m then)
- c:\user\xxx> m:
- m:\>
now change the attribute of autorun.inf file by typing
- m:\>attrib -h -s -r "autorun.inf" (h for hidden, s for system and, r for read only)
- m:\>del "autorun.inf"
or just open your drive and delete it. it will get deleted (in 99% case).
- now delete all the suspicious file in drive like folder with .exe extention or any suspicious file like 67kb or 128kb or 2kb... any file which you found suspicious can be deleted after you delete autorun.inf file.
Many points are missing, i am not getting it now,so if question arise then just ask it
Now what you can do if your system is Alreay Effected. Well there is many thing you can do to make it good from worst.
So there are many kind of
effection, like
- cmd (not able to start)
- task manager (not able to start
- folder option (get reset everytime)
- registry (not able to start)
- msconfig (not able to start)
- antivirus (not detecting virus--> probably out of date or installed after virus system affected, or virus is not in antivirus database entry or virus activity is diffrent then antivirus activity rule)
Now what to do to make those work..
So here are some steps that you can try
1) start system in safe mode. (work in most cases)
2) if safe mode isn't working then try to use safe mode with cmd prompt.
3) create a new user and check in that new user account if cmd can be open or not.
4) always keep some software (like tune up) from which you can check date of any
service created
use one of them and start cmd any how, if its not working then tell me situation ill help you.
now, after you are able to start them.
- first start task manager and end all suspicious services.
- then end explorer.exe also
- now from new task start msconfig.
- now in msconfig go to service tab and uncheck any suspicious or unwanted service.you can guess by manufacture or by thinking that did you have installed something releted to that service or not.
- now go to startup tab.check for service which look unknown or cross check with tune up ( on which date service is created) or any service that you can say its virus.
- now check location of that service from where it is started, you can find location within startup tab under COMMAND.. it will show you the path of the file
- now again open cmd..
- go to that location..
- change attribute of the file..( as i shown above)
- then DELETE it
do it for every file that look like virus to you.
Be care full, you will need some experiance, because if you delete some important file then it can cause problem in releted application.
Lets talk about diffrent problem some times a problem arise, that you can't open anything. everything get opened in media player or notpad or office, or something else.
even in safe mode you can't open any exe file.
what will you do then?
don't worry, mostly this type of virus only attack specific user. you can repair this by creating a new user.
control panel and user account won't work in this case.
- just go to manage (my computer--> right click--> manage)
- now local use and group--> user--> right click in blanck space and select create user
- put user in administrator group.
- now logoff and login to new user.
- WOW its repaired
THAT's all right now.. if i remember missing things then ill update here, and if you get any point or question then just ask here
