Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

Photo Gallery!Top 100 Charts on your Mozilla - Check out

[hack0rz]

Check this Post to fasilitate you work:
http://gstek.blogspot.com/2009/08/online-service-for-checking-virus.html

and http://gstek.info/forum/index.php?topic=345.msg3098#msg3098

Begginning of tut:

Start->Run->type cmd
in each drive type attrib /s /d it will display the list of all files in that drive along with folders.concntrate on files having SHR attribute.normally virus files have two characteristics
1.SHR attribute
2.Queer name like amvo.exe,r6r.exe,autorun.inf etc.

Note:some system files also have this attribute like MSDOS.SYS,IO.SYS etc so before deleting googling about that file will help.

to delete these files type c:\>del /f /s /a <filename with extension>

>> to view the content of files with .inf,.vbs,.c etc i.e files which r not batch files or executables.goto explorer n then goto the required drive or folder n type the filename with extension it wil open up in notepad.

>>there is another method also.goto the required location n type attrib -s -h -r filename
then use gui to see that hiiden file.if it is not n exe or .bat or then open it with notepad.Here you will get some information like a file name or a registry key which the virus affects or a startup item or process.Change this or uncheck the startup.

if file is not deleted like it says access denied it means it already used by some process.open task manager n find a process of the same name or some process which is not a valid windows process(better google) n end that process.

if not found open msconfig goto statrup tab n look at if a startup items seems queer(u wil have this feeling if u r n experienced windows user otherwise all da startup items may seem queer.)uncheck that.u may also learn about da startup item by googling.after unchecking restart the computer then restart the computer.

This method is effective in removing some spywares or some small but annoying virii like maskrider etc. which r sometimes not detected by antivirus softwares.

If u want to learn more u want read a more explicit tut then u may read my tut on maskrider removal here in this sextion

[SaurabhStar]

Thanx Hack0rz for ur tut......... i'll try it

[digiboy]

gud yaar

maine bhi i tut(badi mehnat se) banaya tha apni x forum me ye baat alag hai in logon pada nahi
jabki usse in sabke fubdae kaafi clear hote

[hac_king]

You pepoles wont blve i nvr formatted and reinstalled my os or hard drive due to Virus. Evn when i was noob :o Appr. 90 % i used to clean it manually and by now i am an expert in it.. yes google helps alot in findings a particulr file..

Best method to delete obstinate viruses is WINRAR

Just open winrar and goto ur infected drive ane here you can see all hidden and persistent files.. Delete such files from here (Easy and far better than dos prompt)

One more thing if you want to remove the virus or worm of an infected pen drive then dare it to do as i do..
First of all kill your explorer from process tab in Task manager..
Now goto "NEW TASK"
and locate winrar ..
now insert pen drive in usb and come pen drive icon in winrar. And here you will find some Autorun.inf , powerpointresentation.exe , krar.vbs etc. Just enter " Shift + Delete "
.

[hac_king]

one more thing after doing above task. Goto New task in Task manager and enter Explorer .. Click Ok..
you will find a virus free world.

[vipansh]

Thanx admin but after deleting da infacted file or autorun.inf or exe file wid shift+del, whn we agian start da PC da same file is again there. How can we remov dis type of file ?

[hac_king]

Then u r talking about virus which is already entered in pc. Not the pen drive.. Isnt it?
~!~ fist of all check startup from Msconfig..dlte ny suppicious entry.
~!~ Now note downthe name of virus from winrar.
~!~ Goto registry editor and search for it. Del all the entries.
~!~ Also check in sytem32 for suspicous file..
now repeat the winrar procedure on all partitons of Hdd..

[rahul_mk]

how to remove the virus in which our privilege to show hidden files get disabled..i followed ur procedure and removed autorun and mxmd.cmd hidden files and also deleted the amvo entry in the registry..but still i can set the option to set all shol all files...

[P ī ® ä † ě ™]

best way is use a good antivirus. safe and reliable.

bye.

[hac_king]

Goto Registry editor >>> Current user >> software >>> microsoft >> windows >> Current version >> explorer >> ADVANCE --- Now in Right window >>
Check "Hidden" should have 1 value
"Show super hidden" should be 0 value and "Super hidden should have 1

Now come to HKEY_LOCAL_MACHINE >>
>>SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden

here you will see Two sub menu NOHIDDEN and SHOW ALL
come to No hidden and now in right pane make sure CHECKED and DEFAULT values are 2
come to Show all and make sure Checked value is 1 and Deafult value is 2 .

I am assuming that you have basic knowledge of Xp that's why i explained
in favour of brevity.... Enjoy and if you are still unable then 500% its your fault
in following my all steps from win rar to Registery coz i have immuned Dozens of
PC manually from the same way...

[rahul_mk]

@admin..thanks a lot....it worked.................

[hac_king]

Download this tool >>


http://gstek.gs.funpic.org/files/root%20kit%20reavelar_ice%20sword-hac_king-realm.zip

It is extremely helpfull to know the path of running process. It is the most helpfull part in removing virus manually coz Task manager doesn't shows that from where a running process is located???
But you can get it from this tool.

Continue....

[smarty]

@ admin....thanks a lot.......very usefull tool to know path of running process.......some viruses disable task manager by registry editing and we cant run task manager even from gpedit.msc........so I think ice very helpfull in that condition.

[vipansh]

thanx admin 4 ice sword.exe its realy very effactive n easy to use.
n i dont found ny virus in my pc.

[gmail]

One big guestion, how can u identify a virus just by look and observing files.It is practically impossible. If u c a p@tch and if it has a torjan u will never be able to identify it and the torjan maker can easily gain remote access to ur pc and steal data

[hac_king]

@gmail bro we are talking about removing that virus which has already entered in ur p.c. , not about the precautions. And its not impossible to nail down if something unofficgal wandering in our p.c.

[nsk]

@hack0rz
@admin

thnxx for help i removed virus named "ieantivirus" with ur tipsss
thnxxxx

[hac_king]

There are some more tools for such persistence viruses.
Like Folder.exe Virus (which recreates a copy of .exe original
folder name within every folder) , Trojans which blocks your
REGISTRY EDITOR , TASK MANGER , Folder option etc.


"Both Tools in attachments" 

[hac_king]

If your computer infected with IE Explorer or Free-viruscan.com viruses(malware) then download this tool and update(near about 1MB)............start scan and remove viruses from reports..........I m 100% sure it will remove....

It was tested by me that kaspersky 2009 and Norton 2009 cant remove these viruses

[ZEESHAN]

@ admin n all...
I hav  an infected pc with some spyware or virus...

Effects:
1. Control panel is disabled
2. First 2 drives i.e., C and D are not appearing.... Although I can access them via command, and entering manually in the adress bar..


That thing disables my taskman too. but I recovered it with gpedit..
I tried to recover the control panel with gpedit.. but in vain..

any possible remedy....

one more thing I have got access to the files of the virus i.e., dgksvbpn.dll in windows..This stops the message coming from virus about some update...

[P ī ® ä † ě ™]

hi  zeeshan004 

that file "dgksvbpn.dll" is a malware 

look here for detials

http://www.bleepingcomputer.com/startups/dgksvbpn.dll-23813.html


try this software ,size 3mb

http://www.incodesolutions.com/downloads/removeitpro_trial.exe

hope it helps 

[ZEESHAN]

Tanks all der...
Finally I have a clean system..

Thanks to Pirate and admin for the tools..

[ZEESHAN]

hi  zeeshan004 

that file "dgksvbpn.dll" is a malware 

look here for detials

http://www.bleepingcomputer.com/startups/dgksvbpn.dll-23813.html


try this software ,size 3mb

http://www.incodesolutions.com/downloads/removeitpro_trial.exe

hope it helps 

@pirate  your 1st.link is not working...

Thanks ayway......

[hac_king]

By the way zeeshan have u tried tools that i given in my previous posts ?
And also have u used winrar to see why c n d are not accessible ? I mean is then any autorun file in that drive that caused it?
Also did u searched that malware name in Registry?

[ZEESHAN]

@admin...

After removing the directory [created by malware] and its dll, I used your tools for unrestricting the administrator permissions [RRT (this worked)] and finally removed the malware by malware removal utility [mbam] you have given.

no autorun in C and D!