In some antivirus they are detected as W32/YahLover.Worm.gen from McAfee Antivirus and Win32/Autorun.R.worm from NOD32Solution:
Restart your PC and press F8 and select the option Safe Mode Command Prompt Only
And after you log-in the command prompt you must log-in as Administrator.
Type cd C:\windows\system32
Type dir /ah, to display all hidden files on this directory folder. You will see the following files which is used by the virus to spread itself: AUTORUN.INI, BLASTCLNNN.EXE, and SCVHOST.EXE
Type ATTRIB -H -R -S SCVHOST.EXE
Type ATTRIB -H -R -S BLASTCLNNN.EXE
Type ATTRIB -H -R -S AUTORUN.INI
Type DEL SCVHOST.EXE
Type DEL BLASTCLNNNN.EXE
Type DEL AUTORUN.INI
Type CD\
Type ATTRIB -H -R -S AUTORUN.INF
Type DEL AUTORUN.INF
You are almost done, reboot your PC.
Go Start Menu and click the Run and type the REGEDIT command. Take note guys before make any changes into your Registry Editor you must make a full back-up to your registry to avoid system errors. :)
Look the location entry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, if you see an entry Yahoo! Messengger (it’s spelled like this) with a value c:\windows\system32\scvhost.exe, Delete this entry.
Look the location entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, in the entry named: SHELL, a value = Explorer.exe,SCVHOST.EXE. Edit this value, delete the SCVHOST.EXE only and the value must be Explorer.exe. Once you delete all this value, your computer will not login anymore.
We are now done. Please Restart your PC now
Add this code
No comments:
Post a Comment