Solving virus/malware attacks: Part 2

Written by Pavan Kumar in Thursday, May 8th 2008 under computer   


 

The first part of this article made a debut entry on google sharokh.exe, a widespread virus. And now, I am dealing with the next step malwares which will start themselves even in safe mode. To state in particular, I was infected with rqRJyxWO.dll and awtqqNef.dll. The second one was not creating so much inconvinience. I explain how to remove them.

As I told second one was not a big problem but the first one, was the first one of its kind I have ever seen in my life. That was stored in system32 folder and used to start itself in association with winlogon.exe, a critical system process for windows. I could not even end the process nor I could delete the viral file. It was detected by my antivirus program, but that too failed to clean the file. The main problem this dll created was to kill my explorer.exe process, so whenever the windows is startup, this used to get activated with winlogon.exe and end my explorer process, this was even true with safe mode. Even if I start explorer manually, it got killed again. As I was busy with my project work, I restored my system with ghost, but finally got a solution to the problem which I am going to explain step by step.

  • You need: Unlocker, RRT and your antivirus updated. Install unlocker.
  • I don’t deal much with RRT now as you all are already aware how to solve viral attack with that.
  • The central solution here is for a virus/ adware/ malware which is detected but could not be deleted by antivirus tool.
  • In your antivirus tool, note down the location of such files.
  • Goto that location and right click on the file, use unlocker to delete the file as shown in the snap below.

unlocker

 I recommend you the most to keep your partition backup using ghost for quick recovery of your system in case of any OS problems.

Solution for autorun.exe virus disabling your partition open/explore:

Though you don’t have any virus detected by your antivirus, whenever you double click on any partition, a "open with" dialogue pops up for you to choose which application to use to open that drive.

That is because of autorun.inf file stored on the drive which instructs computer to open a particular application whenever there is an attempt to open that drive and that application will be a virus which is already deleted / quarantined by your antivirus.

Now, you have to open folder options and make all files visible and delete the autorun.inf file. Alternately, you may create a new autorun.inf file and paste on the existing one to replace that and delete the new one manually. To create a dummy file, open notepad, goto file>save as>choose all files rather than text files(.txt) and key in the file name autorun.inf and save in a location and use that.

Now, just rename your partition and you are done! Now, its accessible.

Popularity: 36% [?]

Share and Enjoy:
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google
  • Furl
  • IndianPad
  • Live
  • Netvouz
  • Reddit
  • SphereIt
  • Spurl
  • StumbleUpon
  • Technorati
  • TwitThis
  • YahooMyWeb

Our Random Articles

--> Read about the latest web hosting news, tips and tricks. I really enjoy reading it and you can find your best suitable hosting on mytradedomain.com

6 Comments

MyAvatars 0.2
Siddharth Said in Friday, May 9th, 2008 @3:14 am  

This post will be useful for many :) :mrgreen:
yesterday a virus from my brother’s USB was trying to make changes in the system
but my spybot’s real time protection asked me b4 making any registrey changes and I was saved.
The only thing that happened was the change in IE’s title bar :P

MyAvatars 0.2
Pavan Kumar Said in Friday, May 9th, 2008 @11:38 am  

@ Siddharth,

I always keep a separate account with limited access and I never use the pen drives on administrator account. One more way to save my system…. :idea:
Pavan Kumars last blog post..Solving virus/malware attacks: Part 2

MyAvatars 0.2
Siddharth Said in Sunday, May 11th, 2008 @3:34 am  

thts gr8 thing pavan :mrgreen:
but actually every second time I am on my computer I have to do something that requires administrator access :P
Siddharths last blog post..Orkut has a new and cool logo!

MyAvatars 0.2
Pavan Kumar Said in Sunday, May 11th, 2008 @11:20 am  

@ Siddharth

I don’t own a pen drive, so no question of sharing data with others regularly. I only plug in pen drive rarely, some 3-4 times a week, so its not a problem for me. Also I don’t log myself off from administrator account, I just switch the user account to limited.

Pavan Kumars last blog post..Updates with Google and Orkut…

MyAvatars 0.2
fauzan b Said in Tuesday, July 1st, 2008 @8:32 am  

how about delextra.exe pavan?
(sorry OOT)
this is make my computer out of memory

MyAvatars 0.2
Pavan Kumar Said in Thursday, July 3rd, 2008 @9:40 pm  

@ Fauzan

Sorry for late reply. I wrote above solution as I was infected by those threats. I did not come across delextra.exe, so the solution I am providing here is not mine. You can read the solution here:

http://www.greatis.com/appdata/d/d/delextra.exe_Removal.htm

Leave Your Comments Here

Popular Articles
« Can you select this text?
Alexa first update of traffic rank after changing »