Ahsan Virus - How to remove from XP

Log in to safe mode as Administrator:


0.Create and Save files named "Home Video.exe" and "csrss.exe" in all drives with 0 kb(If you can't do it within 5 seconds ,do it from a bootable media)
----You can't ignore this 0th step----



Stop system.exe and userinit using taskmanager before it get closed
Run RRt and disable virus effects : check all tick marks and press 'remove'
Virus is out ; if your cmd.exe is enabled now .Take the command prompt from %system32%\cmd.exe
Open regedit, search and delete all entries with his damn name "Ahsan" ,his site 110mb.com and that GW Bush
Enable "Run":
Take regedit : HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
and delete NoRun make the same with value 0
Even now if you are not able to handle the situation do SDFix
Thats it !!
+++++
Detailed steps to remove Ahsan's virus :1. start windows in safe mode with command prompt(user:admin, preferably a user other than having attacked)2. use RRT Tool to enable run " if disabled".3. Enable regediting if disabled with following reg key.REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f4. Open regedit, search and delete all entries with name "Ahsan" , site 110mb.com and Bush.5. If your folder option is disabled enable it with following reg key "HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\ExplorerHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version\Policies\ExplorerCheck if a DWORD value named NoFolderOptions exists in the pane on the right hand side of the screenDelete it6. If you are still unable to view the hidden files, which is disabled by virus, enable it with following proc and key.HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced. Find the value "Hidden" . Rightclick it and modify it to 1. If Key value hidden is not present create it7. Check the following registery values and set the values given below in each registery key.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN]"CheckedValue"=dword:02"ValueName"="Hidden""DefaultValue"=dword: 02[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]"CheckedValue"=dword: 01"ValueName"="Hidden""DefaultValue"=dword:028. Now enable "show all hidden files / Hidden system files and folders", and search for following files and delete them all.system.execsrss.exeHome video.avi.exeautorunNote: these files will be in parent drives (D:, C:) and in windows folder.9.Now you are done !