The question first: how do i stop this virus infecting my computer? (I mean other than installing an anti-virus program. I'm looking for a solution that involves setting registry keys, applying patches, etc).
The details:
We all know about those common autorun.inf viruses. You plug in the USB thumbdrive, autorun.inf executes, launches the virus, and infects the PC. All without the user having to double click on the virus to "install it". The solution is also clear, apply the patches, turn off autorun and autoplay.
I've recently encountered another virus. You insert the USB thumbdrive, the computer gets infected. Even when the patches has been applied, and autorun and autoplay has been turned off. The weirdest thing of all is, there is in fact no autorun.inf on the root of the infected USB drive. Instead, they contain these files
__d__.lnk
__e__.lnk
__f__.lnk
__g__.lnk
__h__.lnk
__i__.lnk
__j__.lnk
fanny.bmp
The last one has the System and Hidden attribute (+S +H) turned on, but not the others. Once the computer is infected, windows explorer don't see this files anymore. But they're still there, just use attrib or dir from the cmd.exe command prompt.
Put in the usb drive, start up windows explorer, look at the directory listing, and a minute later, your computer is infected. It's easy to tell which computer is infected. Just look for mscorwin.dll in c:\windows\system32 (it's +s +h). If anyone wants to try it, the virus is attached, just unzip and copy to the root of your usb drive. It goes without saying, be careful. (I have not explored how to remove the virus. I just restore a backup copy of drive c:).
How is this virus launching and infecting the computer? Via the plug and play service? What's the significance of all those *.lnk files?
attrib -h -r -s c:\awda2.exe
attrib -h -r -s c:\ravmon.exe
attrib -h -r -s c:\autorun.inf
attrib -h -r -s c:\ntde1ect.com
attrib -h -r -s c:\svichossst.exe
attrib -h -r -s c:\svichosst.exe
attrib -h -r -s c:\windows\svchost.exe
attrib -h -r -s c:\windows\svichosst.exe
attrib -h -r -s c:\windows\system32\svichossst.exe
attrib -h -r -s c:\windows\system32\svichosst.exe
attrib -h -r -s c:\windows\system32\avpo.exe
attrib -h -r -s c:\windows\Rvhost.exe
attrib -h -r -s c:\windows\system32\Rvhost.exe
attrib -h -r -s c:\windows\svichossst.exe
attrib -h -r -s c:\xo8wr9.exe
attrib -h -r -s c:\1dg.exe
attrib -h -r -s c:\v.exe
attrib -h -r -s c:\tel.exe
attrib -h -r -s c:\__d__.lnk
attrib -h -r -s c:\__e__.lnk
attrib -h -r -s c:\__f__.lnk
attrib -h -r -s c:\__g__.lnk
attrib -h -r -s c:\__h__.lnk
attrib -h -r -s c:\__i__.lnk
attrib -h -r -s c:\__j__.lnk
attrib -h -r -s c:\__k__.lnk
attrib -h -r -s c:\Windows\System32\__d__.lnk
attrib -h -r -s c:\Windows\System32\__e__.lnk
attrib -h -r -s c:\Windows\System32\__f__.lnk
attrib -h -r -s c:\Windows\System32\__g__.lnk
attrib -h -r -s c:\Windows\System32\__h__.lnk
attrib -h -r -s c:\Windows\System32\__i__.lnk
attrib -h -r -s c:\Windows\System32\__j__.lnk
attrib -h -r -s c:\Windows\System32\__k__.lnk
attrib -h -r -s c:\fanny.bmp
attrib -h -r -s d:\svichosst.exe
attrib -h -r -s d:\xo8wr9.exe
attrib -h -r -s d:\awda2.exe
attrib -h -r -s d:\ravmon.exe
attrib -h -r -s d:\autorun.inf
attrib -h -r -s d:\ntde1ect.com
attrib -h -r -s d:\svchost.exe
attrib -h -r -s d:\svichossst.exe
attrib -h -r -s d:\1dg.exe
attrib -h -r -s d:\v.exe
attrib -h -r -s d:\tel.exe
attrib -h -r -s d:\__d__.lnk
attrib -h -r -s d:\__e__.lnk
attrib -h -r -s d:\__f__.lnk
attrib -h -r -s d:\__g__.lnk
attrib -h -r -s d:\__h__.lnk
attrib -h -r -s d:\__i__.lnk
attrib -h -r -s d:\__j__.lnk
attrib -h -r -s d:\__k__.lnk
attrib -h -r -s d:\fanny.bmp
attrib -h -r -s e:\svichosst.exe
attrib -h -r -s e:\xo8wr9.exe
attrib -h -r -s e:\awda2.exe
attrib -h -r -s e:\ravmon.exe
attrib -h -r -s e:\autorun.inf
attrib -h -r -s e:\ntde1ect.com
attrib -h -r -s e:\svichossst.exe
attrib -h -r -s e:\1dg.exe
attrib -h -r -s e:\v.exe
attrib -h -r -s e:\tel.exe
attrib -h -r -s e:\__d__.lnk
attrib -h -r -s e:\__e__.lnk
attrib -h -r -s e:\__f__.lnk
attrib -h -r -s e:\__g__.lnk
attrib -h -r -s e:\__h__.lnk
attrib -h -r -s e:\__i__.lnk
attrib -h -r -s e:\__j__.lnk
attrib -h -r -s e:\__k__.lnk
attrib -h -r -s e:\fanny.bmp
attrib -h -r -s f:\svichosst.exe
attrib -h -r -s f:\xo8wr9.exe
attrib -h -r -s f:\awda2.exe
attrib -h -r -s f:\ravmon.exe
attrib -h -r -s f:\autorun.inf
attrib -h -r -s f:\ntde1ect.com
attrib -h -r -s f:\svichossst.exe
attrib -h -r -s f:\1dg.exe
attrib -h -r -s f:\v.exe
attrib -h -r -s f:\tel.exe
attrib -h -r -s f:\__d__.lnk
attrib -h -r -s f:\__e__.lnk
attrib -h -r -s f:\__f__.lnk
attrib -h -r -s f:\__g__.lnk
attrib -h -r -s f:\__h__.lnk
attrib -h -r -s f:\__i__.lnk
attrib -h -r -s f:\__j__.lnk
attrib -h -r -s f:\__k__.lnk
attrib -h -r -s f:\fanny.bmp
attrib -h -r -s g:\svichosst.exe
attrib -h -r -s g:\xo8wr9.exe
attrib -h -r -s g:\awda2.exe
attrib -h -r -s g:\ravmon.exe
attrib -h -r -s g:\autorun.inf
attrib -h -r -s g:\ntde1ect.com
attrib -h -r -s g:\svichossst.exe
attrib -h -r -s g:\1dg.exe
attrib -h -r -s g:\v.exe
attrib -h -r -s g:\tel.exe
attrib -h -r -s f:\__d__.lnk
attrib -h -r -s g:\__e__.lnk
attrib -h -r -s g:\__f__.lnk
attrib -h -r -s g:\__g__.lnk
attrib -h -r -s g:\__h__.lnk
attrib -h -r -s g:\__i__.lnk
attrib -h -r -s g:\__j__.lnk
attrib -h -r -s g:\__k__.lnk
attrib -h -r -s g:\fanny.bmp
attrib -h -r -s h:\svichosst.exe
attrib -h -r -s h:\xo8wr9.exe
attrib -h -r -s h:\awda2.exe
attrib -h -r -s h:\svichossst.exe
attrib -h -r -s h:\ravmon.exe
attrib -h -r -s h:\autorun.inf
attrib -h -r -s h:\ntde1ect.com
attrib -h -r -s h:\1dg.exe
attrib -h -r -s h:\v.exe
attrib -h -r -s h:\tel.exe
attrib -h -r -s f:\__d__.lnk
attrib -h -r -s h:\__e__.lnk
attrib -h -r -s h:\__f__.lnk
attrib -h -r -s h:\__g__.lnk
attrib -h -r -s h:\__h__.lnk
attrib -h -r -s h:\__i__.lnk
attrib -h -r -s h:\__j__.lnk
attrib -h -r -s h:\__k__.lnk
attrib -h -r -s h:\fanny.bmp
attrib -h -r -s i:\svichosst.exe
attrib -h -r -s i:\xo8wr9.exe
attrib -h -r -s i:\awda2.exe
attrib -h -r -s i:\ravmon.exe
attrib -h -r -s i:\autorun.inf
attrib -h -r -s i:\ntde1ect.com
attrib -h -r -s i:\svichossst.exe
attrib -h -r -s i:\1dg.exe
attrib -h -r -s i:\v.exe
attrib -h -r -s i:\tel.exe
attrib -h -r -s i:\__d__.lnk
attrib -h -r -s i:\__e__.lnk
attrib -h -r -s i:\__f__.lnk
attrib -h -r -s i:\__g__.lnk
attrib -h -r -s i:\__h__.lnk
attrib -h -r -s i:\__i__.lnk
attrib -h -r -s i:\__j__.lnk
attrib -h -r -s i:\__k__.lnk
attrib -h -r -s i:\fanny.bmp
attrib -h -r -s j:\svichosst.exe
attrib -h -r -s j:\xo8wr9.exe
attrib -h -r -s j:\awda2.exe
attrib -h -r -s j:\ravmon.exe
attrib -h -r -s j:\autorun.inf
attrib -h -r -s j:\ntde1ect.com
attrib -h -r -s j:\svichossst.exe
attrib -h -r -s j:\1dg.exe
attrib -h -r -s j:\v.exe
attrib -h -r -s j:\tel.exe
attrib -h -r -s j:\__d__.lnk
attrib -h -r -s j:\__e__.lnk
attrib -h -r -s j:\__f__.lnk
attrib -h -r -s j:\__g__.lnk
attrib -h -r -s j:\__h__.lnk
attrib -h -r -s j:\__i__.lnk
attrib -h -r -s j:\__j__.lnk
attrib -h -r -s j:\__k__.lnk
attrib -h -r -s j:\fanny.bmp
attrib -h -r -s k:\svichosst.exe
attrib -h -r -s k:\xo8wr9.exe
attrib -h -r -s k:\awda2.exe
attrib -h -r -s k:\ravmon.exe
attrib -h -r -s k:\autorun.inf
attrib -h -r -s k:\ntde1ect.com
attrib -h -r -s k:\svichossst.exe
attrib -h -r -s k:\1dg.exe
attrib -h -r -s k:\v.exe
attrib -h -r -s k:\tel.exe
attrib -h -r -s k:\__d__.lnk
attrib -h -r -s k:\__e__.lnk
attrib -h -r -s k:\__f__.lnk
attrib -h -r -s k:\__g__.lnk
attrib -h -r -s k:\__h__.lnk
attrib -h -r -s k:\__i__.lnk
attrib -h -r -s k:\__j__.lnk
attrib -h -r -s k:\__k__.lnk
attrib -h -r -s k:\fanny.bmp
del c:\xo8wr9.exe
del c:\awda2.exe
del c:\ravmon.exe
del c:\windows\mdm.exe
del c:\autorun.inf
del c:\ntde1ect.com
del c:\svichossst.exe
del c:\windows\Rvhost.exe
del c:\windows\system32\Rvhost.exe
del c:\windows\svichosst.exe
del c:\windows\svichossst.exe
del c:\windows\system32\svichosst.exe
del c:\windows\system32\svichossst.exe
del c:\windows\system32\avpo.exe
del c:\windows\svchost.exe
del c:\windows\system32\svchost.exe
del c:\1dg.exe
del c:\v.exe
del c:\tel.exe
del c:\__d__.lnk
del c:\__e__.lnk
del c:\__f__.lnk
del c:\__g__.lnk
del c:\__h__.lnk
del c:\__i__.lnk
del c:\__j__.lnk
del c:\__k__.lnk
del c:\fanny.bmp
del c:\tel.exe
del c:\Windows\System32\__d__.lnk
del c:\Windows\System32\__e__.lnk
del c:\Windows\System32\__f__.lnk
del c:\Windows\System32\__g__.lnk
del c:\Windows\System32\__h__.lnk
del c:\Windows\System32\__i__.lnk
del c:\Windows\System32\__j__.lnk
del c:\Windows\System32\__k__.lnk
del d:\xo8wr9.exe
del d:\awda2.exe
del d:\windows\mdm.exe
del d:\windows\svchost.exe
del d:\ravmon.exe
del d:\autorun.inf
del d:\ntde1ect.com
del d:\svichossst.exe
del d:\svichosst.exe
del d:\1dg.exe
del d:\v.exe
del d:\tel.exe
del d:\__d__.lnk
del d:\__e__.lnk
del d:\__f__.lnk
del d:\__g__.lnk
del d:\__h__.lnk
del d:\__i__.lnk
del d:\__j__.lnk
del d:\__k__.lnk
del d:\fanny.bmp
del e:\svichosst.exe
del e:\xo8wr9.exe
del e:\awda2.exe
del e:\ravmon.exe
del e:\autorun.inf
del e:\ntde1ect.com
del e:\svichossst.exe
del e:\1dg.exe
del e:\v.exe
del e:\tel.exe
del e:\__d__.lnk
del e:\__e__.lnk
del e:\__f__.lnk
del e:\__g__.lnk
del e:\__h__.lnk
del e:\__i__.lnk
del e:\__j__.lnk
del e:\__k__.lnk
del e:\fanny.bmp
del f:\svichosst.exe
del f:\xo8wr9.exe
del f:\awda2.exe
del f:\ravmon.exe
del f:\autorun.inf
del f:\ntde1ect.com
del f:\svichossst.exe
del f:\1dg.exe
del f:\v.exe
del f:\tel.exe
del f:\__d__.lnk
del f:\__e__.lnk
del f:\__f__.lnk
del f:\__g__.lnk
del f:\__h__.lnk
del f:\__i__.lnk
del f:\__j__.lnk
del f:\__k__.lnk
del f:\fanny.bmp
del g:\svichosst.exe
del g:\xo8wr9.exe
del g:\awda2.exe
del g:\ravmon.exe
del g:\autorun.inf
del g:\ntde1ect.com
del g:\svichossst.exe
del g:\1dg.exe
del g:\v.exe
del g:\tel.exe
del g:\__d__.lnk
del g:\__e__.lnk
del g:\__f__.lnk
del g:\__g__.lnk
del g:\__h__.lnk
del g:\__i__.lnk
del g:\__j__.lnk
del g:\__k__.lnk
del g:\fanny.bmp
del h:\svichosst.exe
del h:\xo8wr9.exe
del h:\awda2.exe
del h:\ravmon.exe
del h:\autorun.inf
del h:\ntde1ect.com
del h:\svichossst.exe
del h:\1dg.exe
del h:\v.exe
del h:\tel.exe
del h:\__d__.lnk
del h:\__e__.lnk
del h:\__f__.lnk
del h:\__g__.lnk
del h:\__h__.lnk
del h:\__i__.lnk
del h:\__j__.lnk
del h:\__k__.lnk
del h:\fanny.bmp
del i:\svichosst.exe
del i:\xo8wr9.exe
del i:\awda2.exe
del i:\ravmon.exe
del i:\autorun.inf
del i:\ntde1ect.com
del i:\svichossst.exe
del i:\1dg.exe
del i:\v.exe
del i:\tel.exe
del i:\__d__.lnk
del i:\__e__.lnk
del i:\__f__.lnk
del i:\__g__.lnk
del i:\__h__.lnk
del i:\__i__.lnk
del i:\__j__.lnk
del i:\__k__.lnk
del i:\fanny.bmp
del j:\svichosst.exe
del j:\xo8wr9.exe
del j:\awda2.exe
del j:\ravmon.exe
del j:\autorun.inf
del j:\ntde1ect.com
del j:\svichossst.exe
del j:\1dg.exe
del j:\v.exe
del j:\tel.exe
del j:\__d__.lnk
del j:\__e__.lnk
del j:\__f__.lnk
del j:\__g__.lnk
del j:\__h__.lnk
del j:\__i__.lnk
del j:\__j__.lnk
del j:\__k__.lnk
del j:\fanny.bmp
del k:\svichosst.exe
del k:\xo8wr9.exe
del k:\awda2.exe
del k:\ravmon.exe
del k:\autorun.inf
del k:\ntde1ect.com
del k:\svichossst.exe
del k:\1dg.exe
del k:\v.exe
del k:\tel.exe
del k:\__d__.lnk
del k:\__e__.lnk
del k:\__f__.lnk
del k:\__g__.lnk
del k:\__h__.lnk
del k:\__i__.lnk
del k:\__j__.lnk
del k:\__k__.lnk
del k:\fanny.bmp
If you understand then its okay otherwise comment me i will tell you
The details:
We all know about those common autorun.inf viruses. You plug in the USB thumbdrive, autorun.inf executes, launches the virus, and infects the PC. All without the user having to double click on the virus to "install it". The solution is also clear, apply the patches, turn off autorun and autoplay.
I've recently encountered another virus. You insert the USB thumbdrive, the computer gets infected. Even when the patches has been applied, and autorun and autoplay has been turned off. The weirdest thing of all is, there is in fact no autorun.inf on the root of the infected USB drive. Instead, they contain these files
__d__.lnk
__e__.lnk
__f__.lnk
__g__.lnk
__h__.lnk
__i__.lnk
__j__.lnk
fanny.bmp
The last one has the System and Hidden attribute (+S +H) turned on, but not the others. Once the computer is infected, windows explorer don't see this files anymore. But they're still there, just use attrib or dir from the cmd.exe command prompt.
Put in the usb drive, start up windows explorer, look at the directory listing, and a minute later, your computer is infected. It's easy to tell which computer is infected. Just look for mscorwin.dll in c:\windows\system32 (it's +s +h). If anyone wants to try it, the virus is attached, just unzip and copy to the root of your usb drive. It goes without saying, be careful. (I have not explored how to remove the virus. I just restore a backup copy of drive c:).
How is this virus launching and infecting the computer? Via the plug and play service? What's the significance of all those *.lnk files?
attrib -h -r -s c:\awda2.exe
attrib -h -r -s c:\ravmon.exe
attrib -h -r -s c:\autorun.inf
attrib -h -r -s c:\ntde1ect.com
attrib -h -r -s c:\svichossst.exe
attrib -h -r -s c:\svichosst.exe
attrib -h -r -s c:\windows\svchost.exe
attrib -h -r -s c:\windows\svichosst.exe
attrib -h -r -s c:\windows\system32\svichossst.exe
attrib -h -r -s c:\windows\system32\svichosst.exe
attrib -h -r -s c:\windows\system32\avpo.exe
attrib -h -r -s c:\windows\Rvhost.exe
attrib -h -r -s c:\windows\system32\Rvhost.exe
attrib -h -r -s c:\windows\svichossst.exe
attrib -h -r -s c:\xo8wr9.exe
attrib -h -r -s c:\1dg.exe
attrib -h -r -s c:\v.exe
attrib -h -r -s c:\tel.exe
attrib -h -r -s c:\__d__.lnk
attrib -h -r -s c:\__e__.lnk
attrib -h -r -s c:\__f__.lnk
attrib -h -r -s c:\__g__.lnk
attrib -h -r -s c:\__h__.lnk
attrib -h -r -s c:\__i__.lnk
attrib -h -r -s c:\__j__.lnk
attrib -h -r -s c:\__k__.lnk
attrib -h -r -s c:\Windows\System32\__d__.lnk
attrib -h -r -s c:\Windows\System32\__e__.lnk
attrib -h -r -s c:\Windows\System32\__f__.lnk
attrib -h -r -s c:\Windows\System32\__g__.lnk
attrib -h -r -s c:\Windows\System32\__h__.lnk
attrib -h -r -s c:\Windows\System32\__i__.lnk
attrib -h -r -s c:\Windows\System32\__j__.lnk
attrib -h -r -s c:\Windows\System32\__k__.lnk
attrib -h -r -s c:\fanny.bmp
attrib -h -r -s d:\svichosst.exe
attrib -h -r -s d:\xo8wr9.exe
attrib -h -r -s d:\awda2.exe
attrib -h -r -s d:\ravmon.exe
attrib -h -r -s d:\autorun.inf
attrib -h -r -s d:\ntde1ect.com
attrib -h -r -s d:\svchost.exe
attrib -h -r -s d:\svichossst.exe
attrib -h -r -s d:\1dg.exe
attrib -h -r -s d:\v.exe
attrib -h -r -s d:\tel.exe
attrib -h -r -s d:\__d__.lnk
attrib -h -r -s d:\__e__.lnk
attrib -h -r -s d:\__f__.lnk
attrib -h -r -s d:\__g__.lnk
attrib -h -r -s d:\__h__.lnk
attrib -h -r -s d:\__i__.lnk
attrib -h -r -s d:\__j__.lnk
attrib -h -r -s d:\__k__.lnk
attrib -h -r -s d:\fanny.bmp
attrib -h -r -s e:\svichosst.exe
attrib -h -r -s e:\xo8wr9.exe
attrib -h -r -s e:\awda2.exe
attrib -h -r -s e:\ravmon.exe
attrib -h -r -s e:\autorun.inf
attrib -h -r -s e:\ntde1ect.com
attrib -h -r -s e:\svichossst.exe
attrib -h -r -s e:\1dg.exe
attrib -h -r -s e:\v.exe
attrib -h -r -s e:\tel.exe
attrib -h -r -s e:\__d__.lnk
attrib -h -r -s e:\__e__.lnk
attrib -h -r -s e:\__f__.lnk
attrib -h -r -s e:\__g__.lnk
attrib -h -r -s e:\__h__.lnk
attrib -h -r -s e:\__i__.lnk
attrib -h -r -s e:\__j__.lnk
attrib -h -r -s e:\__k__.lnk
attrib -h -r -s e:\fanny.bmp
attrib -h -r -s f:\svichosst.exe
attrib -h -r -s f:\xo8wr9.exe
attrib -h -r -s f:\awda2.exe
attrib -h -r -s f:\ravmon.exe
attrib -h -r -s f:\autorun.inf
attrib -h -r -s f:\ntde1ect.com
attrib -h -r -s f:\svichossst.exe
attrib -h -r -s f:\1dg.exe
attrib -h -r -s f:\v.exe
attrib -h -r -s f:\tel.exe
attrib -h -r -s f:\__d__.lnk
attrib -h -r -s f:\__e__.lnk
attrib -h -r -s f:\__f__.lnk
attrib -h -r -s f:\__g__.lnk
attrib -h -r -s f:\__h__.lnk
attrib -h -r -s f:\__i__.lnk
attrib -h -r -s f:\__j__.lnk
attrib -h -r -s f:\__k__.lnk
attrib -h -r -s f:\fanny.bmp
attrib -h -r -s g:\svichosst.exe
attrib -h -r -s g:\xo8wr9.exe
attrib -h -r -s g:\awda2.exe
attrib -h -r -s g:\ravmon.exe
attrib -h -r -s g:\autorun.inf
attrib -h -r -s g:\ntde1ect.com
attrib -h -r -s g:\svichossst.exe
attrib -h -r -s g:\1dg.exe
attrib -h -r -s g:\v.exe
attrib -h -r -s g:\tel.exe
attrib -h -r -s f:\__d__.lnk
attrib -h -r -s g:\__e__.lnk
attrib -h -r -s g:\__f__.lnk
attrib -h -r -s g:\__g__.lnk
attrib -h -r -s g:\__h__.lnk
attrib -h -r -s g:\__i__.lnk
attrib -h -r -s g:\__j__.lnk
attrib -h -r -s g:\__k__.lnk
attrib -h -r -s g:\fanny.bmp
attrib -h -r -s h:\svichosst.exe
attrib -h -r -s h:\xo8wr9.exe
attrib -h -r -s h:\awda2.exe
attrib -h -r -s h:\svichossst.exe
attrib -h -r -s h:\ravmon.exe
attrib -h -r -s h:\autorun.inf
attrib -h -r -s h:\ntde1ect.com
attrib -h -r -s h:\1dg.exe
attrib -h -r -s h:\v.exe
attrib -h -r -s h:\tel.exe
attrib -h -r -s f:\__d__.lnk
attrib -h -r -s h:\__e__.lnk
attrib -h -r -s h:\__f__.lnk
attrib -h -r -s h:\__g__.lnk
attrib -h -r -s h:\__h__.lnk
attrib -h -r -s h:\__i__.lnk
attrib -h -r -s h:\__j__.lnk
attrib -h -r -s h:\__k__.lnk
attrib -h -r -s h:\fanny.bmp
attrib -h -r -s i:\svichosst.exe
attrib -h -r -s i:\xo8wr9.exe
attrib -h -r -s i:\awda2.exe
attrib -h -r -s i:\ravmon.exe
attrib -h -r -s i:\autorun.inf
attrib -h -r -s i:\ntde1ect.com
attrib -h -r -s i:\svichossst.exe
attrib -h -r -s i:\1dg.exe
attrib -h -r -s i:\v.exe
attrib -h -r -s i:\tel.exe
attrib -h -r -s i:\__d__.lnk
attrib -h -r -s i:\__e__.lnk
attrib -h -r -s i:\__f__.lnk
attrib -h -r -s i:\__g__.lnk
attrib -h -r -s i:\__h__.lnk
attrib -h -r -s i:\__i__.lnk
attrib -h -r -s i:\__j__.lnk
attrib -h -r -s i:\__k__.lnk
attrib -h -r -s i:\fanny.bmp
attrib -h -r -s j:\svichosst.exe
attrib -h -r -s j:\xo8wr9.exe
attrib -h -r -s j:\awda2.exe
attrib -h -r -s j:\ravmon.exe
attrib -h -r -s j:\autorun.inf
attrib -h -r -s j:\ntde1ect.com
attrib -h -r -s j:\svichossst.exe
attrib -h -r -s j:\1dg.exe
attrib -h -r -s j:\v.exe
attrib -h -r -s j:\tel.exe
attrib -h -r -s j:\__d__.lnk
attrib -h -r -s j:\__e__.lnk
attrib -h -r -s j:\__f__.lnk
attrib -h -r -s j:\__g__.lnk
attrib -h -r -s j:\__h__.lnk
attrib -h -r -s j:\__i__.lnk
attrib -h -r -s j:\__j__.lnk
attrib -h -r -s j:\__k__.lnk
attrib -h -r -s j:\fanny.bmp
attrib -h -r -s k:\svichosst.exe
attrib -h -r -s k:\xo8wr9.exe
attrib -h -r -s k:\awda2.exe
attrib -h -r -s k:\ravmon.exe
attrib -h -r -s k:\autorun.inf
attrib -h -r -s k:\ntde1ect.com
attrib -h -r -s k:\svichossst.exe
attrib -h -r -s k:\1dg.exe
attrib -h -r -s k:\v.exe
attrib -h -r -s k:\tel.exe
attrib -h -r -s k:\__d__.lnk
attrib -h -r -s k:\__e__.lnk
attrib -h -r -s k:\__f__.lnk
attrib -h -r -s k:\__g__.lnk
attrib -h -r -s k:\__h__.lnk
attrib -h -r -s k:\__i__.lnk
attrib -h -r -s k:\__j__.lnk
attrib -h -r -s k:\__k__.lnk
attrib -h -r -s k:\fanny.bmp
del c:\xo8wr9.exe
del c:\awda2.exe
del c:\ravmon.exe
del c:\windows\mdm.exe
del c:\autorun.inf
del c:\ntde1ect.com
del c:\svichossst.exe
del c:\windows\Rvhost.exe
del c:\windows\system32\Rvhost.exe
del c:\windows\svichosst.exe
del c:\windows\svichossst.exe
del c:\windows\system32\svichosst.exe
del c:\windows\system32\svichossst.exe
del c:\windows\system32\avpo.exe
del c:\windows\svchost.exe
del c:\windows\system32\svchost.exe
del c:\1dg.exe
del c:\v.exe
del c:\tel.exe
del c:\__d__.lnk
del c:\__e__.lnk
del c:\__f__.lnk
del c:\__g__.lnk
del c:\__h__.lnk
del c:\__i__.lnk
del c:\__j__.lnk
del c:\__k__.lnk
del c:\fanny.bmp
del c:\tel.exe
del c:\Windows\System32\__d__.lnk
del c:\Windows\System32\__e__.lnk
del c:\Windows\System32\__f__.lnk
del c:\Windows\System32\__g__.lnk
del c:\Windows\System32\__h__.lnk
del c:\Windows\System32\__i__.lnk
del c:\Windows\System32\__j__.lnk
del c:\Windows\System32\__k__.lnk
del d:\xo8wr9.exe
del d:\awda2.exe
del d:\windows\mdm.exe
del d:\windows\svchost.exe
del d:\ravmon.exe
del d:\autorun.inf
del d:\ntde1ect.com
del d:\svichossst.exe
del d:\svichosst.exe
del d:\1dg.exe
del d:\v.exe
del d:\tel.exe
del d:\__d__.lnk
del d:\__e__.lnk
del d:\__f__.lnk
del d:\__g__.lnk
del d:\__h__.lnk
del d:\__i__.lnk
del d:\__j__.lnk
del d:\__k__.lnk
del d:\fanny.bmp
del e:\svichosst.exe
del e:\xo8wr9.exe
del e:\awda2.exe
del e:\ravmon.exe
del e:\autorun.inf
del e:\ntde1ect.com
del e:\svichossst.exe
del e:\1dg.exe
del e:\v.exe
del e:\tel.exe
del e:\__d__.lnk
del e:\__e__.lnk
del e:\__f__.lnk
del e:\__g__.lnk
del e:\__h__.lnk
del e:\__i__.lnk
del e:\__j__.lnk
del e:\__k__.lnk
del e:\fanny.bmp
del f:\svichosst.exe
del f:\xo8wr9.exe
del f:\awda2.exe
del f:\ravmon.exe
del f:\autorun.inf
del f:\ntde1ect.com
del f:\svichossst.exe
del f:\1dg.exe
del f:\v.exe
del f:\tel.exe
del f:\__d__.lnk
del f:\__e__.lnk
del f:\__f__.lnk
del f:\__g__.lnk
del f:\__h__.lnk
del f:\__i__.lnk
del f:\__j__.lnk
del f:\__k__.lnk
del f:\fanny.bmp
del g:\svichosst.exe
del g:\xo8wr9.exe
del g:\awda2.exe
del g:\ravmon.exe
del g:\autorun.inf
del g:\ntde1ect.com
del g:\svichossst.exe
del g:\1dg.exe
del g:\v.exe
del g:\tel.exe
del g:\__d__.lnk
del g:\__e__.lnk
del g:\__f__.lnk
del g:\__g__.lnk
del g:\__h__.lnk
del g:\__i__.lnk
del g:\__j__.lnk
del g:\__k__.lnk
del g:\fanny.bmp
del h:\svichosst.exe
del h:\xo8wr9.exe
del h:\awda2.exe
del h:\ravmon.exe
del h:\autorun.inf
del h:\ntde1ect.com
del h:\svichossst.exe
del h:\1dg.exe
del h:\v.exe
del h:\tel.exe
del h:\__d__.lnk
del h:\__e__.lnk
del h:\__f__.lnk
del h:\__g__.lnk
del h:\__h__.lnk
del h:\__i__.lnk
del h:\__j__.lnk
del h:\__k__.lnk
del h:\fanny.bmp
del i:\svichosst.exe
del i:\xo8wr9.exe
del i:\awda2.exe
del i:\ravmon.exe
del i:\autorun.inf
del i:\ntde1ect.com
del i:\svichossst.exe
del i:\1dg.exe
del i:\v.exe
del i:\tel.exe
del i:\__d__.lnk
del i:\__e__.lnk
del i:\__f__.lnk
del i:\__g__.lnk
del i:\__h__.lnk
del i:\__i__.lnk
del i:\__j__.lnk
del i:\__k__.lnk
del i:\fanny.bmp
del j:\svichosst.exe
del j:\xo8wr9.exe
del j:\awda2.exe
del j:\ravmon.exe
del j:\autorun.inf
del j:\ntde1ect.com
del j:\svichossst.exe
del j:\1dg.exe
del j:\v.exe
del j:\tel.exe
del j:\__d__.lnk
del j:\__e__.lnk
del j:\__f__.lnk
del j:\__g__.lnk
del j:\__h__.lnk
del j:\__i__.lnk
del j:\__j__.lnk
del j:\__k__.lnk
del j:\fanny.bmp
del k:\svichosst.exe
del k:\xo8wr9.exe
del k:\awda2.exe
del k:\ravmon.exe
del k:\autorun.inf
del k:\ntde1ect.com
del k:\svichossst.exe
del k:\1dg.exe
del k:\v.exe
del k:\tel.exe
del k:\__d__.lnk
del k:\__e__.lnk
del k:\__f__.lnk
del k:\__g__.lnk
del k:\__h__.lnk
del k:\__i__.lnk
del k:\__j__.lnk
del k:\__k__.lnk
del k:\fanny.bmp
If you understand then its okay otherwise comment me i will tell you
Do I have to delete c:\windows\system32\mscorwin.dll as well?
ReplyDeleteThanks
no no you dont you just .exe file by unlocker exe
ReplyDeletedel c:\windows\system32\svchost.exe !!!!!
ReplyDeleteWhy are you deleting svchost.exe located at C:\Windows\System32 folder. Its a critical system file without which Windows will not function at all.