These days several computers infected with Worm.Win32.VB.el virus.
By installing a good updated anti virus(Kasper sky,nod32,avg),we can remove the virus easily.but after removal we will face some problems in our computer such as cannot view hidden files and folders,cannot open partitions by double click....etc
Problem that will occur in hidden files and folders :-
when we want to view hidden and system files on the Windows XP SP2 and for this purpose normally we are going to Tools/Folder Options/View and removing tick from Hide Protected operating system files and checking Show hidden files and folders
option. But the windows doesn't show them anyway. if we are check once again view settings
and the system automatically checks the Hide hidden files and folders option.
Reason for the above problem:-
Scan system with Kaspersky Anti-Virus 6.0.1.411 and it will find several infected areas
with Worm.Win32.VB.el and several files like sal.xls.exe. it will remove the infected files when we are giving permission to delete .
To solve this problem Go to the following registry key:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
Folder\Hidden\SHOWALL
DELETE the value CheckedValue in the right window. (Its type should be REG_SZ and data should be 2.)
Now create a new DWORD value called CheckedValue (same as above, except that the type is REG_DWORD). Modify the value data to 1 (0x00000001).
This should let you change the "Hidden Files and Folders" option.
Aand also the virus creates a hidden file named autorun.inf in whole disks.this file containing things like this or similar :
[AutoRun]
open=sal.xls.exe
shellexecute=sal.xls.exe
shell\Auto\command=sal.xls.exe
shell=Auto
[VVflagRun]
aabb=kdkfjdkfk11
The problem will be solved if just deleted this file but we cannot view the hidden files.
So we can use one of the folowing ways to delete the hidden file.
1)use Total Commander to see the autorun.inf file and delete it.
2)Unhide files by going to Start->Run and type"regsvr32 /u occache.dll"and hit OK.
logoff and relogon ur pc ..
open your drive and delete "autorun.inf" file
after deleting the file re hide files - Start->Run and type in "regsvr32 occache.dll" and hit OK.
(make sure you have cleaned the virus before doing this steps)
3)Open nero and explore the files in the effected disk.Open the autorun.inf and remove the contents which written in the file and save it .{if you cant save the file the go to the properties of the file and uncheck read only (all tasks from nero)}
If you are getting the error message
C:\>attrib -S -H -R autorun.inf
"the c:\ application cannot be run in win32 mode"
or similar while opening a drive, use the following method .
go to Start >Run then type CMD
in command prompt type cd c:\ (or d:\,e:\ depending on your error message )
Type
delete the file by typing C:\>del autorun.inf or open your drive and delete the autorun.inf
Restart Your PC Thats all
Still not fixed ?? , contact me
jaizalmk@yahoo.com
jaisal@live.com
jaizal@gmail.com
Search
About Me
Popular Posts
-
These days several computers infected with Worm.Win32.VB.el virus. By installing a good updated anti virus(Kasper sky,nod32,avg),we can remo...
-
A virtual private network (VPN) is a secure connection between one LAN and another. Think of your router as the middle man between the ne...
-
The SW Load on the Pilot DVD assumes that the “ATA control mode” setting is “compatible”, which is default in the current pre-series BIOS...
Chat with me
fixdown SoftWare
9down.com
How to of the Day
WindowsNetworking.com
ISAserver.org
MSExchange.org
Digital Inspiration
- Cisco (2)
- DD-WRT (1)
- E1 (1)
- E1000 (1)
- E2000 (2)
- ISDN PRI (2)
- jeddah (2)
- Linksys (2)
- media gateway (2)
- Patton (1)
- R2 MFC (2)
- saudi arabia (2)
- Saudi Telecom (3)
- Secure VPN (2)
- SIP (2)
- sip to e1 (2)
- sip trunking (2)
- sip-to-e1 (2)
- siptrunk (1)
- Site-to-SIte (2)
- smartnode (1)
- STC (2)
- voice gateway (2)
- VPN (2)
Low-Cost Secure VPN Solutions Over DSL
Saudi Arabia Contact : 00966559344474 mail@jaizal.com
Subscribe to:
Post Comments (Atom)
13 comments:
thanx man..info was very helpful
the hidden folder problem is solved.
but i still cant open partitions with double click..
any solution
2)Unhide files by going to Start->Run and type"regsvr32 /u occache.dll"and hit OK.
logoff and relogon ur pc ..
open your drive and delete "autorun.inf" file
after deleting the file Rehide files - Start->Run and type in "regsvr32 occache.dll" and hit OK.
(make sure you have cleaned virus before doing this.)
Thanks mate. Fantastic post. I had that hidden files problem and now it's completely solved. Thanks again.
hei..thanks for the info...very helpful..but i to still have that partition problem..and..there are no autorun.inf :( do you know why ?
well i culd open drives wen i cleaned pc wit kaspersky anti virus......... but wat abt that autorun.inf file??? where is it? neways great work by u brother......... take a bow!!!!!!!!!!
@Dushyant
welcome my friend.happy to know that you fixed .
@ nociv
Hello nociv,use the following methord
Unhide files by going to Start->Run and type"regsvr32 /u occache.dll"and hit OK.
logoff and relogon ur pc (must)and make sure you enabled show hidden files from folder option..
open your drive and delete "autorun.inf" file
after deleting the file Rehide files - Start->Run and type in "regsvr32 occache.dll" and hit OK
@ punit
Thats good thing.if you can open your drives by double click,then u dont have the aoutorun.inf ...so dont mind it !!!
Hey guys, I've got it on a memory stick and it has changed it mode to read only. I can see the virus files (autorun.ini and this sys.vbs file, but cannot delete it and cannot change rights to read/write. Please could You give any solution?
@ stormrider
Just backup your files and format your memmory stick
Thanks for a prompt reply. I've tried this already but I can't. When I'm trying to format it says: disk is protected from writing. I tried on Linux as well, but I cannot mount read/write, because it checks the disk access rights and says no. I used ZoneAlarm and it found the virus, but of course cannot delete it as well.
try this http://drivers.softpedia.com/get/Other-DRIVERS-TOOLS/Others/Sony-EzRecover.shtml
and make sure you don't have a write protect switch on memory stick
it helped. thank you very much.
thnx jaz it was more helpful
but be sure i already found the file dword exist i just changed value from 0 to 1
any way you helped me to fix big problem
see you
mohamed mabrouk
I use a live Ubuntu or Linux cd to remote viruses like this, very easy just stick the disk in and boot it up. You get full read/write access to everything on the hard drives in that pc, regardless of any NTFS permissions set, and whats more all hidden and system files show automatically. Windows viruses do not affect Linux. This virus also tends to speard via USB memory sticks too, using the Autorun file. Just use linux to delete the infected files, very easy to do. If you use an uninfected Windows PC to clean the USB memory stick then make sure you hold down shift before inserting USB, and keep holding it down untill the new hardware is installed, this stops the autorun. Also make sure you have something like the NOD32 installed before inserting any USB memory sticks, as it cleans them automatically, but remeber to always hold down shift first.
Post a Comment