Wondering how to remove new folder exe or regsvr exe or autorun inf virus?
This virus is known popularly as regsvr.exe virus, or as a new folder.exe virus. Most people identify this one by seeing the autorun.inf file on their pen drives.
But recently it was micro identified as WORM_DELF.FKZ. It is spreading mostly using pen drives as the medium.
Manual Process of removal
I prefer removing it manually because it allows me to learn new things in the process.
1.Cut The Supply Line
Search for the autorun.inf file. It is a read only file, so you will have to change it to normal by right-clicking the file, selecting the properties, and un-checking the read only option.
Open the file in notepad, delete everything, and save the file.
Now change the file status back to read only mode so that the virus can not get access again.
2. Click start->run and type “msconfig” and then click ok
Go to the startup tab, look for “regsvr” and uncheck that option. Click OK.
Click on “Exit without Restart” because there are still a few things we need to do before we can restart the PC.
Now go to control panel -> scheduled tasks, and delete the At1 task listed there.
If you are Windows XP Home Edition user, you might not have gpedit.msc. In that case, download and install it from Windows XP Home Edition: gpedit.msc and then follow these steps.
Go to users configuration->Administrative templates->system
Find â€Å“prevent access to registry editing tools†and change the option to disable.
Once you do this, you have registry access back.
3.Launch The Attack At The Heart Of The CastleThis virus is known popularly as regsvr.exe virus, or as a new folder.exe virus. Most people identify this one by seeing the autorun.inf file on their pen drives.
But recently it was micro identified as WORM_DELF.FKZ. It is spreading mostly using pen drives as the medium.
Manual Process of removal
I prefer removing it manually because it allows me to learn new things in the process.
1.Cut The Supply Line
Search for the autorun.inf file. It is a read only file, so you will have to change it to normal by right-clicking the file, selecting the properties, and un-checking the read only option.
Open the file in notepad, delete everything, and save the file.
Now change the file status back to read only mode so that the virus can not get access again.
2. Click start->run and type “msconfig” and then click ok
Go to the startup tab, look for “regsvr” and uncheck that option. Click OK.
Click on “Exit without Restart” because there are still a few things we need to do before we can restart the PC.
Now go to control panel -> scheduled tasks, and delete the At1 task listed there.
If you are Windows XP Home Edition user, you might not have gpedit.msc. In that case, download and install it from Windows XP Home Edition: gpedit.msc and then follow these steps.
Go to users configuration->Administrative templates->system
Find â€Å“prevent access to registry editing tools†and change the option to disable.
Once you do this, you have registry access back.
Click on start->run and type regedit and click ok
Go to edit->find and start the search for regsvr.exe,
4. Delete all occurrences of regsvr.exe; remember to make a backup before deleting. KEEP IN MIND regsvr32.exe is not to be deleted. Delete regsvr.exe occurrences ONLY.
At one or two places, you will find it after explorer.exe. In these cases only delete the regsvr.exe part and not the whole part. E.g. Shell = Exlorer.exe regsvr.exe just delete the regsvr.exe and leave the explorer.exe
5.Seek And Destroy the enemy soldiers; no one should be left behind
 Click on start->search->for files and folders.
 Their click all files and folders
 Type â€Å“*.exe†as filename to search for
 Click on ‘when was it modified ‘ option and select the specify date option
 Type from date as 1/31/2008 and also type to date as 1/31/2008
 Now hit search and wait for all the exe’s to show up.
 Once the search is over, select all the exe files and shift+delete the files, caution must be taken so that you don’t delete the legitimate exe file that you have installed on 31st January.
 Selecting many files together might make your computer unresponsive so delete them in small bunches.
 Also find and delete regsvr.exe, svchost.exe (notice an extra space between the svchost and .exe)
6.Time For Celebrations
Now do a cold reboot (i.e., press the reboot button) and you are finished!
