Beruflich Dokumente
Kultur Dokumente
By Zolkiflee M S
zolkiflee@yahoo.com
Preface
Not all computer users are aware of virus attack on their systems. The reason being
users do not apply force to protect their systems from being infected by computer
virus.
With widely use of thumbdrive and external hardisk, one would not realise virus
worm or trojan are embedded in their systems untill something weird happen.
I take this opportunity to share what i have in solving current virus problems.
The system
Before i proceed with steps to remove the autorun virus, lets think back who users
your computer or laptop. Take note of these users and the mobile device that they
use including yourself.
Thumbdrive, external hardisk and mobile phone memory cards are carriers of
trojan virus.
Even with strong antivirus in your system, it would not detect the presence of the
core file that execute these viruses, because your anti virus program will only start
when window starts and exec all the .ini files. Your antivirus program will only
detect and kill the worm virus called the autorun.inf or others like secret.exe, but it
will not detect othe files like 9.cmd or kavo.exe or maybe using ada file name suck
as nmoho.bat.
Symptoms
The first thing to take note is whether your systems can display hidden file or
folders. The core virus file will disable your View Hidden File.
To display Hidden File
1. Click on My Computer
2. Click On C: Drive
3. From the menu Tools click on Folder Options
4. Select the View tab
5. Look For the section Hidden Files And Folders
6. The default selection would be Do Not Show Hidden File And Folder
7. Click on the selector Display Hidden File And Folder
8. Click the box to remove the selection on Hide Extension and Hide Protected
9. Click Ok
10. If your system is not infected new files will be displayed in yor C:drive such
as AUTOEXEC.BAT boot.ini CONFIG.SYS IO.SYS MSDOS.SYS
NTDETECT.COM ntldr pagefile.sys
11. If you do see any of this files repeat step 4 to step 6
12. If The default is still similar to step 6 this means your system is infected
How to remove
1. Shut down your system
2. Disconnect from any mobile device, networking and internet connection.
3. Restart your system while pressing the F8 button on your keyboard until it
display a Menu that gives you the selection to start windows.
4. You should be seing the following start menu
a. Start in safe mode
b. Start in safe mode with networking
c. Start in safe mode with command prompt
5. Use your up arrow key to select the Start In Safe Mode With Command
Prompt
6. Once windows start it will display the screen below
39. If you succeeded to this stage , and able to display all the hidden and
systems file, you are cool.
40. Now what you have to do is scan your hardisk using your anti virus
program. Again do not connect to internet yet until you have completed the
virus scanning.
PRECAUTIONS
Before inserting any thumbdrive that you are not sure its free from virus
scan first by starting your system using Safe Mode With Command Prompt.
Display the content of the thumbdrive using the command DIR /A:H and
removing the autorun.inf and any suspected virus file.
After scanning your hardisk for virus infected file. If you find out that your
file explorer.exe is not infected you can proceed to connect to the internet, or
else if the explorer.exe is infected heal it first or move to vault.