hello guys, i'm new around here, and i've been through a very painful "war" with a virus, and i guess many others are having this same issue right now, so i'm planning on giving those who are still on that fight a solution, find it below:
Well, let’s start cleaning the virus
First
Stopping the virus:
________________________________________
u need to check the task manager to see if there is a (SVCHOST.EXE) running under the current logged in username and try to terminate it
Note:
After u terminate the virus try not to double click on any of you computer driver coz this action will start the virus allover again, when u need to access any of ur drivers (Hard Disk Partition), type it’s drive letter in the address bar and it will open without starting the virus process.
Second
Fixing the show hidden files and folders:
________________________________________
Then u need to open “Registry Editor” and then go to “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL”
And delete the Existing “CheckedValue” of the type “String” and create another one of the same name but of the type “DWORD” and set it’s value to “1”
Then open “My Computer” and go to: Tools> Folder Options> View> and select “Show hidden files and folders” and Uncheck “Hide protected operating system files”
Third
Deleting the virus:
________________________________________
The easiest part, all u have to do is to delete the following files from ur computer ( don’t forget how u should open the drivers or u will have to do it from the start )
1.C:\windwos\SVCHOST.EXE
2.C:\windwos\SVCHOST.inf or ini (probably they will be together side by side)
3.C:\RAVMON.EXE
4.C:\Autorun.inf
Then check the rest of the hard drivers you have on your computer ( D, E, or whatever) for the files Number (3 and 4)
Restart your computer and run XoftspySE latest Version (4.31.232) u can download it from the internet.
i hope i was of a help!
Well, let’s start cleaning the virus
First
Stopping the virus:
________________________________________
u need to check the task manager to see if there is a (SVCHOST.EXE) running under the current logged in username and try to terminate it
Note:
After u terminate the virus try not to double click on any of you computer driver coz this action will start the virus allover again, when u need to access any of ur drivers (Hard Disk Partition), type it’s drive letter in the address bar and it will open without starting the virus process.
Second
Fixing the show hidden files and folders:
________________________________________
Then u need to open “Registry Editor” and then go to “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL”
And delete the Existing “CheckedValue” of the type “String” and create another one of the same name but of the type “DWORD” and set it’s value to “1”
Then open “My Computer” and go to: Tools> Folder Options> View> and select “Show hidden files and folders” and Uncheck “Hide protected operating system files”
Third
Deleting the virus:
________________________________________
The easiest part, all u have to do is to delete the following files from ur computer ( don’t forget how u should open the drivers or u will have to do it from the start )
1.C:\windwos\SVCHOST.EXE
2.C:\windwos\SVCHOST.inf or ini (probably they will be together side by side)
3.C:\RAVMON.EXE
4.C:\Autorun.inf
Then check the rest of the hard drivers you have on your computer ( D, E, or whatever) for the files Number (3 and 4)
Restart your computer and run XoftspySE latest Version (4.31.232) u can download it from the internet.
i hope i was of a help!
