How to remove Orkut Virus from computer

Let this be the first technical post here ..Since a lot our hostelites are suffering frm the virus ..

This is because of a virus named USBWORM ( orkut ,youtube blocking virus ) do the following step to get the result.

Automatically remove :

Complete fixation could be downloaded from here ...

It could remove the problem of losing hidden files too...

Usage Instructions:

1) Download the fix and run on infected machine.
2) It will ask for a re login.
3) After logging again run the fix again. The worm will be removed succesully.

Manually do it :

1. Go to your Start menu, click on Run and open up your Registry Editor by typing "regedit"
2. Once there go to: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folde r\Hidden\SHOWALL
3. Delete the value CheckedValue. (Its type should be REG_SZ and data should be 2.)
4. Create a new DWORD value called CheckedValue (same as above, except that the type is REG_DWORD) by right clicking on the right pane->New->DWORD Value. Modify the value data to 1 (0x00000001).




After the whole thing there is a chance for the virus to getin again ..unless u re-install the Mozilla ...If u didn't do this the virus may be activated once again if u take mozilla after the whole thing ..his be the first technical post here ..Since a lot our hostelites are suffering frm the virus ..This is because of a virus named USBWORM ( orkut ,youtube blocking virus ) do the following step to get the result.Automatically remove :Complete fixation could be downloaded from here ...It could remove the problem of losing hidden files too...
Usage Instructions:1) Download the fix and run on infected machine.2) It will ask for a re login.3) After logging again run the fix again. The worm will be removed succesully.Manually do it :1. Go to your Start menu, click on Run and open up your Registry Editor by typing "regedit"2. Once there go to: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folde r\Hidden\SHOWALL3. Delete the value CheckedValue. (Its type should be REG_SZ and data should be 2.)4. Create a new DWORD value called CheckedValue (same as above, except that the type is REG_DWORD) by right clicking on the right pane->New->DWORD Value. Modify the value data to 1 (0x00000001).After the whole thing there is a chance for the virus to getin again ..unless u re-install the Mozilla ...If u didn't do this the virus may be activated once again if u take mozilla after the whole thing ..

How to Remove Newfolder.exe Virus from XP

Automatically remove using :
Tool1 , Tool2
Tool1 (Newfolder.exe) removal will remove it frm ur system as well as usb drives
Tool2 (sdfix.exe) will be needed when u r late reaching here ..that is to fix registry and to prevent this virus ..
Manually remove it (new folder.exe Fix)
Delete File named svichossst.exe
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]“@”=[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]“Yahoo Messengger”=[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]“Shell”=”Explorer.exe “

Ahsan Virus - How to remove from XP

Log in to safe mode as Administrator:


0.Create and Save files named "Home Video.exe" and "csrss.exe" in all drives with 0 kb(If you can't do it within 5 seconds ,do it from a bootable media)
----You can't ignore this 0th step----



Stop system.exe and userinit using taskmanager before it get closed
Run RRt and disable virus effects : check all tick marks and press 'remove'
Virus is out ; if your cmd.exe is enabled now .Take the command prompt from %system32%\cmd.exe
Open regedit, search and delete all entries with his damn name "Ahsan" ,his site 110mb.com and that GW Bush
Enable "Run":
Take regedit : HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
and delete NoRun make the same with value 0
Even now if you are not able to handle the situation do SDFix
Thats it !!
+++++
Detailed steps to remove Ahsan's virus :1. start windows in safe mode with command prompt(user:admin, preferably a user other than having attacked)2. use RRT Tool to enable run " if disabled".3. Enable regediting if disabled with following reg key.REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f4. Open regedit, search and delete all entries with name "Ahsan" , site 110mb.com and Bush.5. If your folder option is disabled enable it with following reg key "HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\ExplorerHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version\Policies\ExplorerCheck if a DWORD value named NoFolderOptions exists in the pane on the right hand side of the screenDelete it6. If you are still unable to view the hidden files, which is disabled by virus, enable it with following proc and key.HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced. Find the value "Hidden" . Rightclick it and modify it to 1. If Key value hidden is not present create it7. Check the following registery values and set the values given below in each registery key.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN]"CheckedValue"=dword:02"ValueName"="Hidden""DefaultValue"=dword: 02[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]"CheckedValue"=dword: 01"ValueName"="Hidden""DefaultValue"=dword:028. Now enable "show all hidden files / Hidden system files and folders", and search for following files and delete them all.system.execsrss.exeHome video.avi.exeautorunNote: these files will be in parent drives (D:, C:) and in windows folder.9.Now you are done !