Uninstall Virus - Remove .exe from my folders - Asked By Austine on 21-May-12 10:45 AM

Hi, 
        Please am a victim of .exe file.
    
       I tried to open my external hard drive and i cannot because is saying to me that treat has been detected.

       I tried to open it in older PC and i can see my folders with an extension of .exe.

      Please how do i remove this virus without deleting my files.

Thank you in advance.
pete rainbow replied to Austine on 21-May-12 08:10 PM
i would install a trial version of an anti virus product

try kaspersky it's pretty good at cleaning up...
Somesh Yadav replied to Austine on 22-May-12 12:35 AM
I know this son of bit** type of viruses because it infected my computer and it can infect any executable file and hence the newly infected one doesn't run and when you try to open it it infect other one and etc
Better method to scan your computer using a potent Antivirus and disable autorun on all drives because this is the main mode of transmission especially via USB memory sticks
or
Sounds like you're infected with an autorun worm. This usually means it's more than just those types of folders involved.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/new-instructions-read-this-before-posting-for-malware-removal-help-305963.html

Jitendra Faye replied to Austine on 22-May-12 12:53 AM
This is because of Virus attack. For this you have to install any antivirus, and scan your system first.

Virus can't be uninstall but it can be removed using antivirus.

so scan your system with updated antivirus.


Mark Ongolo replied to Austine on 23-May-12 12:29 AM
Sometime directly running Antivirus also doesn't help you.
Two Month back i got affected by this virus very badly as it eat up all my empty hard disk space of around 700 MB :( .

I was surprised that my most reliable friend http://avast.com/, for the first time failed me in this war against viruses but then again avg and bitdiffender also failed against it. This virus is know popularly as regsvr.exe virus, or as new folder.exe virus and most people identify this one by seeing autorun.inf file on their pen drives, But trend micro identified it as http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FDELF%2EFKZ&VSect=Sn. It is spreading mostly using pen drives as the medium.
Plz first  follow Manual process and then run the updated Antivirus.

Manual Process of removal:-

  1. Cut The Supply Line
  2. Search for autorun.inf file. It is a read only file so you will have to change it to normal by right clicking the file , selecting the properties and un-check the read only option
  3. Open the file in notepad and delete everything and save the file.
  4. Now change the file status back to read only mode so that the virus could not get access again.
  5. http://amiworks.co.in/talk/how-to-remove-new-folderexe-or-regsvrexr-or-autoruninf-virus/autorun1/
  6. Click start->run and type msconfig and click ok
  7. Go to startup tab look for regsvr and uncheck the option click OK.
  8. Click on Exit without Restart, cause there are still few things we need to do before we can restart the PC.
  9. Now go to control panel -> scheduled tasks, and delete the At1 task listed their.
  1. Open The Gates Of Castle
  2. Click on start -> run and type gpedit.msc and click Ok.
  3. http://amiworks.co.in/talk/how-to-remove-new-folderexe-or-regsvrexr-or-autoruninf-virus/run1/
  4. If you are Windows XP Home Edition user you might not have gpedit.msc in that case download and install it from http://bogdan.org.ua/2007/11/15/windows-xp-he-home-edition-gpedit-msc-group-policy-editing-via-registry.html and then follow these steps.http://bogdan.org.ua/2007/11/15/windows-xp-he-home-edition-gpedit-msc-group-policy-editing-via-registry.html
  5. Go to users configuration->Administrative templates->system
  6. Find “prevent access to registry editing tools” and change the option to disable.
  7. http://amiworks.co.in/talk/how-to-remove-new-folderexe-or-regsvrexr-or-autoruninf-virus/gpedit1/
  8. Once you do this you have registry access back.
  9. Launch The Attack At Heart Of Castle
  10. Click on start->run and type regedit and click ok
  11. Go to edit->find and start the search for regsvr.exe,
  12. http://amiworks.co.in/talk/how-to-remove-new-folderexe-or-regsvrexr-or-autoruninf-virus/gate1/
  13. Delete all the occurrence of regsvr.exe; remember to take a backup before deleting. KEEP IN MIND regsvr32.exe is not to be deleted. Delete regsvr.exe occurrences only.
  14. At one ore two places you will find it after explorer.exe in theses cases only delete the regsvr.exe part and not the whole part. E.g. Shell = “Explorer.exe regsvr.exe” the just delete the regsvr.exe and leave the explorer.exe
  15. Seek And Destroy the enemy soldiers, no one should be left behind
  16. Click on start->search->for files and folders.
  17. Their click all files and folders
  18. Type “*.exe” as filename to search for
  19. Click on ‘when was it modified ‘ option and select the specify date option
  20. Type from date as 1/31/2008 and also type To date as 1/31/2008
  21. http://amiworks.co.in/talk/how-to-remove-new-folderexe-or-regsvrexr-or-autoruninf-virus/search2/
  22. Now hit search and wait for all the exe’s to show up.
  23. Once search is over select all the exe files and shift+delete the files, caution must be taken so that you don’t delete the legitimate exe file that you have installed on 31st January.
  24. Also selecting lot of files together might make your computer unresponsive so delete them in small bunches.
  25. Also find and delete regsvr.exe, svchost .exe( notice an extra space between the svchost and .exe)
  26. Time For Celebrations

    1. Now do a cold reboot (ie press the reboot button instead) and you are done.

I hope this information helps you win your own battle against this virus. Soon all antivirus programs will be able to automatically detect and clean this virus. Also i hope Avast finds a way to solve this issues.


[)ia6l0 iii replied to Austine on 27-May-12 09:58 PM
As always, I would recommend two solutions. 

a) Run the Online HouseCall from Trend Micro - This is free as well.  This has solved issues most of the time for me. Please download the initiator from http://housecall.trendmicro.com/. 

b) Microsoft Security Essentials - This is free. Download the right version from http://windows.microsoft.com/en-US/windows/products/security-essentials. 

Keep your antivirus suite up-to date to keep viruses, trojans, malware at bay.

Hope this helps.