How to remove: Newfolder.exe Virus (Complete Removal Instructions)

Newfolder.exe Virus (Complete Removal Instructions)

• An ".exe" file is being created with the same name as the folder itself in all drivers and cannot be deleted?
• Your task manager, folder option are disabled, you "can not open the registry" because "it has been disabled by your administrator", your pen drive is infected and the system running too slow?
• And you do not know how to remove NewFolder.exe because it recreates itself everytime you delete it.
• Get rid of it - Security Stronghold security team has developed Newfolder.exe Virus removal.

Here you will find complete description and solution for "newfolder.exe" problem.

his problem can be solved manually by deleting all registry keys and files connected with this software, removing it from starup list and unregistering all corresponding DLLs. Additionally missing DLL's should be restored from distribution in case they are corrupted by Iddono. To fix this threat, you should:

1. Kill the following processes and delete the appropriate files:

• libedit.dll

• newfolder.exe

• shelliddono.dll

• srv0104.ids

• srvidd20.exe

If these files can't be deleted during normal Windows work or recreate themselves, reboot into Safe Mode and repeat deletion. If you do not see all of these files, then they are hiding themselves. You need special software to kill those hidden files.

2. Delete the following malicious registry entries and\or values:

• Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Run for nwiz.exe

Value: @

• Key: software\microsoft\windows\currentversion\run\alchem

Value: @

• Key: software\microsoft\windows\currentversion\run\zzb

Value: @

Or Download Anti Virus To Remove IT-Download Now

SoBig Virus - too Fast, too Furious!

More than 20 million users opened and passed along the Sobig.F virus, the fastest spreading Web worm ever. It infects computers running Microsoft Windows, told Reuters and FOX news.

The attack seems to have caught out a lot of people in China. About 30% of China's net users have been infected by the virus -- news based on Chinese survey, Said BBC news.

----------------------
SOBIG SUBJECT LINES
----------------------
1)Re: details
2)Re: approved
3)Re: my details
4)Re: Thankyou!
5)Re: That movie
6)Re: wicked screensaver
6)Re: your application
8)Your details
9)Thankyou
----------------------

The virus is programmed to try the download every Friday and Sunday, between 3 pm and 6 pm(eastern time). The "Sobig" virus started appearing last Tuesday.

Prevent Spam Mail In Yahoo!!!!

-->>> Go to your Yahoo! Mail Plus page and click the Options link in the upper-right corner of the page.
-->>> The Mail Options page appears.
-->>> Under the Spam column on the Mail Options page, click the AddressGuard link.
-->>> If this is the first time that you've used AddressGuard, the AddressGuard introductory page appears. (Otherwise the regular AddressGuard page appears.)
-->>> On the AddressGuard introductory page, click the Get Started Now button.
-->>> The first AddressGuard setup page appears.
-->>> Enter a base name of your choice, then click the Continue button.

NOTE: Your base name must begin with a letter, contain no spaces or symbols and be different from your Yahoo! ID.

-->>> AddressGuard checks whether or not the base name you've entered is available. If it's not available, AddressGuard directs you to choose another base name.

-->>> Confirm that you want to use the available base name, or specify another base name by clicking the Continue button.

-->>> The next page prompts you to create your first disposable address. Enter a keyword to use with your base name, then click the Continue button.

-->>> Specify your preferences for this disposable address, then click the Set Up AddressGuard button to finish the setup process.

Do Not Able To View Hidden Folder - Here The Solution

1. Go to Start --> Run, then type Regedit
2. Navigate to the registry folder HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
3. Find a key called CheckedValue.
4. Double Click CheckedValue key and modify it to 1. This is to show all the hidden files.
Now you should be able to view all the hidden files..

Get Rid The Funny UST Scandal.avi. exe (Vista and XP)

Remove Funny UST Scandal.avi. exe (Vista and XP)Details:
1) This will block your Task Manager, Registry Editor and Command Prompt.
2) It hacks in your Yahoo Messenger and sends stupid and senseless messages to them and even a copy of itself. (ask gigacore if you don’t believe me!!!:P)
3) It will log your all key strokes and send them to an unknown email address through IM.
4) It slows down your system badly and reinstalling the OS will do no good.
5) It will disable the search and viewing of hidden files.
It’s built using AutoIt V3 virus programming software.--( source= some blog)

Windows XP:
This virus was made mainly to infect XP and Windows NT systems.
In XP and NT systems, it makes the following files:
a) Killer.exe (4084 kb) in c:\windows\
b) lsass.exe (3920kb) in c:\documents and settings\all users\start menu\programs\ startup
c) xmss.exe (4088kb) in all partitioned drives and in c:\windows
d) autorun.inf (1kb) in all partitioned drives with a script.
e) Funny UST Scandal.avi. exe in all partitions and Funny UST Scandal.exe in c:\Windows.

This Virus makes the following registry entries:
a) HKLM\Software\ Microsoft\ WindowNT\ CurrentVersion\ Wi nlogonshell(killer. exe or xmss.exe)
b) HKCU\Software\ Microsoft\ windows\Currentv ersion\RunRunonce(c:\windows\ xmss.exe)If the virus has completely installed itself, then you can find all these files in your system.
To remove this virus:
a) In order to removes the files, you’ll first have to stop the execution of this virus. To do so, download this file and run it.
b) Now open cmd.exe and go the above mentioned locations and unhide the files by typing: attrib –h –s Funny UST Scandal.exe for C:\windows and so on for all the other files in different locations. You might get an error while unhiding Funny UST Scandal.avi. exe which is placed in all partitions. If you get that error, just leave that file.
c) After unhiding all these files, delete them from your hard disk.
d) Download REPLACER and open it.
e) In the REPLACER type: c:\Funny UST Scandal.avi. exe and press enter. It will now ask you for another file. Create a text file named a.txt in C:\ and then type: c:\ a.txt and press enter. Press Y and press enter. Go to C: drive and there you’ll find 3 files named Funny UST Scandal.backup, Funny UST Scandal.exe and a Temp file. Delete them.
f) Repeat Step e) for all you partitions.

Windows Vista: Files included:
a) xmss.exe (4088kb) in all partitioned drives and in c:\windows
b) autorun.inf (1kb) in all partitioned drives with a script.
c) Funny UST Scandal.avi. exe in all partitions and Funny UST Scandal.exe in c:\Windows.
Registry Entries:
a) HKLM\Software\ Microsoft\ WindowNT\ CurrentVersion\ Wi nlogonshell(killer. exe or xmss.exe)
b) HKCU\Software\ Microsoft\ windows\Currentv ersion\RunRunonce(c:\windows\ xmss.exe)The second key might no be present.

Removing the Virus:
To remove this virus:
a) In order to removes the files, you’ll first have to stop the execution of this virus. To do so, download this file and run it.(File include in Attachment)
b) Now open cmd.exe and go the above mentioned locations and unhide the files by typing: attrib –h –s Funny UST Scandal.exe for C:\windows and so on for all the other files in different locations. You might get an error while unhiding Funny UST Scandal.avi. exe which is placed in all partitions. If you get that error, just leave that file.
c) After unhiding all these files, delete them from your hard disk.
d) Download REPLACER and open it.
e) In the REPLACER type: c:\Funny UST Scandal.avi. exe and press enter. It will now ask you for another file. Create a text file named a.txt in C:\ and then type: c:\ a.txt and press enter. Press Y and press enter. Go to C: drive and there you’ll find 3 files named Funny UST Scandal.backup, Funny UST Scandal.exe and a Temp file. Delete them.
f) Repeat Step e) for all you partitions.
As you can see that the procedure for both the OS is same just the files are different. I have tested the steps myself on Windows XP sp2 (my desktop), Windows Vista Home Basic (my lappy), Windows Vista Home Premium (my friends lappy) and Windows Vista Ultimate (my desktop).Hope this guide is useful. Happy Removing…

Remove microsoftpowerpoint.exe Virus

Mircosoftpowerpoint .exe is a file that is created by a virus named w32.USBWorm. This virus is an epidemic and spreads very rapidly through USB drives. When a USB drive is connected to a computer which is already affected by this virus, it gets affected. The virus in the computer will transfer all its files into the drive. When this USB drive is connected to another unaffected computer, it will transfer all the required files to the computer's hard drive.
Once the program runs, your computer system is infected. This virus will not destroy any of your system files. It hides all the hidden folders and disables "Show hidden folders" option in folder options menu. It runs its process in the memory. This makes the worm to start with windows start-up and and displays annoying pop-up like "I dont hate mozilla, but use IE or else", Orkut is banned you fool. It will not let you open Orkut using Internet Explorer. It will not let you access even YouTube too.
The virus, after affecting your computer, creates a folder named "heap41a" in your root drive ie; C drive, where it resides. This folder will be hidden and since this virus disables show hidden files and folders option, it is not easy to locate. This folder contains following:

* Offspring - an empty folder.

* 2.mp3 - a laughing sound.

* Icon.ico - a blank icon file.

* reproduce .txt - codes to change registry entries.

* svchost.exe - gives all kinds of pop-ups.

* script1.txt - codes for displaying pop-ups.

* std.txt - codes to change registry entries.
You can find this folder by typing C:\heap41a in Start Menu> Run. If you go through the text files, you will get an idea what the worm does to your computer. It runs the executable file vchost.exe and also changes the following keys in the registry which in turn inactivates the hidden files and folders option.

>> regread,regdata, REG_DWORD, HKEY_LOCAL_ MACHINE,SOFTWARE \ Microsoft\Windows\ CurrentVersion\ Explorer\ Advanced\ Folder\ Hidden\SHOWALL, checkedvalueifno tequal,regdata, 2

>> regwrite,REG_ DWORD,HKEY_ LOCAL_MACHINE, SOFTWARE\ Microsoft\ Windows\CurrentVers ion\Explorer\ Advanced\ Folder\Hidden\ SHOWALL,checkedvalu e,2
To rectify this, you will have to change these keys in the registry, back to actuals. To open the registry editro, go to Start Menu>> Run>> and type 'regedit'. Browse to find the following entries and change them.HKEY_CURRENT_ USER\Software\ Microsoft\ Windows\ CurrentVersion\ Explorer\ Advanced. To the right hand side, you will find the value "Hidden. Right click and modify it to 1. HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Explorer\ Advanced\ Folder\Hidden\ SHOWALL and find the Checked all key to the right and change it to 1 from 2. This will enable "Show hidden files and folders" in the folder option menu.Now open Windows Task Manager and end the process named svchost.exe that runs under your user name. Then delete the folder C:\heap41a and go to HKEY_LOCAL_MACHINE\ SOFTWARE\Microsoft\ Windows\CurrentV ersion\policies\ Explorer\ Run and clear the entry that says heap41a.
Now to make sure that the computer is free from infections, search the entire computer system and see whether there are any files with the same name as the .exe file mentioned earlier. If found, delete them. Now your computer system is completely free from worm infection. But make sure that you format the USB drive. This will prevent the virus, if present in the USB drive, infect other computers too. If you are a little careful, you can prevent your computer system from virus infections through USB drives, otherwise called Pen drives or Flash drives.