Hello guys,
follow these steps to remove Ahsan's virus from your system.
1. start windows in safe mode in with command prompt.
2. use RRT Tool to enable run " if disabled". "Search in google"
3. Enable regediting if disabled with following reg key.
Code: Select all
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f
4. Open regedit, search and delete all entries with name "Ahsan" , site 110mb.com and Bush.
5. If your folder option is disabled enable it with following reg key "
Code: Select all
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre nt Version\Policies\Explorer
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr ent Version\Policies\Explorer
Check if a DWORD value named NoFolderOptions exists in the pane on the right hand side of the screen
Delete it
6. If you are still unable to view the hidden files, which is disabled by virus, enable it with following proc and key.
Code: Select all
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\Advanced. Find the value "Hidden" . Rightclick it and modify it to 1. If Key value hidden is not present create it
7. Check the following registery values and set the values given below in each registery key.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Advanced\Folder\Hidden\NOHIDDE N]
"CheckedValue"=dword:02
"ValueName"="Hidden"
"DefaultValue"=dword: 02
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=dword: 01
"ValueName"="Hidden"
"DefaultValue"=dword:02
8. Now enable "show all hidden files / Hidden system files and folders", and search for following files and delete them all.
Code: Select all
system.exe
csrss.exe
Home video.avi.exe
autorun
Note: these files will be in parrent drives (D:, C
and in windows folder.
9. Dont worrie, you are done. now restart and Enjoy !
Bookmarks