Written by Pavan Kumar on May 8, 2008
The first part of this article made a debut entry on google sharokh.exe, a widespread virus. And now, I am dealing with the next step malwares which will start themselves even in safe mode. To state in particular, I was infected with rqRJyxWO.dll and awtqqNef.dll. The second one was not creating so much inconvinience. I explain how to remove them.
As I told second one was not a big problem but the first one, was the first one of its kind I have ever seen in my life. That was stored in system32 folder and used to start itself in association with winlogon.exe, a critical system process for windows. I could not even end the process nor I could delete the viral file. It was detected by my antivirus program, but that too failed to clean the file. The main problem this dll created was to kill my explorer.exe process, so whenever the windows is startup, this used to get activated with winlogon.exe and end my explorer process, this was even true with safe mode. Even if I start explorer manually, it got killed again. As I was busy with my project work, I restored my system with ghost, but finally got a solution to the problem which I am going to explain step by step.
- You need: Unlocker, RRT and your antivirus updated. Install unlocker.
- I don’t deal much with RRT now as you all are already aware how to solve viral attack with that.
- The central solution here is for a virus/ adware/ malware which is detected but could not be deleted by antivirus tool.
- In your antivirus tool, note down the location of such files.
- Goto that location and right click on the file, use unlocker to delete the file as shown in the snap below.
I recommend you the most to keep your partition backup using ghost for quick recovery of your system in case of any OS problems.
Solution for autorun.exe virus disabling your partition open/explore:
Though you don’t have any virus detected by your antivirus, whenever you double click on any partition, a "open with" dialogue pops up for you to choose which application to use to open that drive.
That is because of autorun.inf file stored on the drive which instructs computer to open a particular application whenever there is an attempt to open that drive and that application will be a virus which is already deleted / quarantined by your antivirus.
Now, you have to open folder options and make all files visible and delete the autorun.inf file. Alternately, you may create a new autorun.inf file and paste on the existing one to replace that and delete the new one manually. To create a dummy file, open notepad, goto file>save as>choose all files rather than text files(.txt) and key in the file name autorun.inf and save in a location and use that.
Now, just rename your partition and you are done! Now, its accessible.
People who liked this also read: