New Potential Script Virus Found : Steps to Remove the Virus Manually

11:51 | Posted by Admin


Recently my laptop got affected by a new virus.The sad part is that even the latest Anti viruses couldn't identify this virus.Finally i found one method to manually remove this virus from my PC.Today I am going to share this method with you. I don't know whether this is a absurd method but it worked perfectly fine for me. So here is the trick.

Virus Behavior


Usually the viruses will have some name but i couldn't find a name for this virus.So i will tell you some of the behaviors of this virus.
  • Like most of the viruses you cannot open MsConfig ( Start -> Run->type msconfig and click run)
  • You will get dialog boxes as shown below frequently or during startup.




  • You cannot install new software's if your PC is affected by this virus. The setup will run and will close  automatically after sometime.
  • When you plug your pen drive you will find shortcuts instead of real folders.Sometimes you cannot open those files.

How to Remove this Virus Manually 


This virus is a script virus.
  • Run your task manager (ALT+CTRL+DEL)
  • Goto Processes. In the list you can find wscript.exe .Select it and End that Process.

  • Now Goto ->Start menu and search for msconfig or Goto -> start -> Run -> Type msconfig and click run.
  • Goto -> Startup tab->Uncheck the processes shown below. In my PC, the names were 613C and 367. It may change in another system. Also these will have value Unknown under Manufacturer column. Now Click Ok




  • Now Goto -> C:/Users/xxx(your user account)/Local /Temp . You can find some files with similar names as above in this folder.Remove those files or Clear this Temp Folder completely once. Now you have temporarily disabled the virus. But it is still there in your PC.

To remove the virus completely from your PC 

Please Note : The Following method require registry editing so be careful while editing your PC registry.Serious problems might occur if you modify the registry incorrectly! Therefore, i recommend that you backup the current state of your registry.
  • Goto start-> Run ->  type Regedit and click Run
  • Goto Edit -> Find -> type msconfig and click find next (Check only keys)



  • Open the msconfig subfolder and here you will find folders called startupreg and startupfolder
  • Inside the startupreg folder you can find one of the virus key. In my case its 613C (Right click on 613C and then remove the folder)
  • Similarly You can find other virus key inside startupfolder . Delete that key also.

Now the virus is completely removed from your PC :-) Share Your Stories as Comments Below !


Labels:,,,

6 comments:

  1. Anonymous8 April 2013 at 07:44

    Wow Nice Post bro :-)

    ReplyDelete
  2. Admin27 April 2013 at 10:49

    Thanks For the appreciation :-)

    ReplyDelete
  3. Digizoop.Inc7 May 2013 at 11:10

    My laptop is affectd by this virus but i didn't find prblm in installing software but shwing pop ups during start up

    ReplyDelete
    Replies
    1. Admin7 May 2013 at 21:45

      Initially i also didn't find any problem in installing new softwares.But later it came. Well Did you remove the virus ?

      Delete
  4. Anonymous25 May 2013 at 00:26

    i followed the steps but when i got to the msconfig folder there was no subfolder startreg and startupfolder

    ReplyDelete
    Replies
    1. Admin28 May 2013 at 23:21

      You will definitely find something like this in the Regedit - Msconfig !!!

      See Screenshot

      Delete

Subscribe to: Post Comments (Atom)

Receive All Free Updates Via Facebook.