7:13 PM

HOW TO ENABLE TASK MANAGER AND CLEAR AUTORUN.INF....AND ENABLE REGITRY



HOW TO REMOVE  ntde1ect and autorun.inf  CREATED BY Win32/PSW.Agent.NDP trojan
  Open Task Manager and in Processes tab end explorer.exe and wscript.exe process
  Open up File –> New Task (Run) in the Task manager
  Type cmd and hit Enter 


TO REMOVE AUTORUN from other drivers other than C:
  Type  in the prompt  C:\document and settings\username>X: ….where X is your infected drive
  Then the the prompt will show as follows X:\>  …. Where X is your drive
 Type attrib  at the end of  the prompt as follows X:\>  attrib
 this will list all the files that are in that drive
 If you see any entry called autorun.inf  or any .pif  file delete it as follows
               Type this on the prompt as shown below
              X:\>  del autorun.inf  /f/a/s/q/p
             When prompted click Yes to delete
            Then     to delete  .pif  entries   type on the prompt  as shown below
             X:\>  del *.pif  /f/a/s/q/p
DELETEING AVPO.EXE ENTRIES
IF IT IS DRIVE C THAT HAS avpo.exe then
del /a:h /f c:\autorun.*

Go to your Windows\System32 directory by typing cd c:\windows\system32
Type dir /a:h /f avp*.*
 If you see any files names avpo.dll or avpo.exe or avpo.exe, use the     

Del /a:h /f avpo.exe
  • Open up File –> New Task (Run) in the Task manager, Type regedit
  • Navigate to HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    If there are any entries for avpo.exe, delete them.
    Do a complete search of your registry for ntdelect.com and delete any entries you find.
  • To Restore Folder Options Settings, Navigate to
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
          Explorer\Advanced\Folder\Hidden\SHOWALL
         Look at the “CheckedValue” key… This should be a DWORD key. If it isn’t,  delete the key.Create a new key called “CheckedValue” as a DWORD (hexadecimal) with a value of 1. The “Show hidden files & folders” check box should now work normally.

WHEN THE REGISTRY IS LOCKED…. BY THE ADMINISTRATOR
The virus a times disable the registry ….for editing …
The easiest way is to use this tool from symantech (Norton)….. it is a small file that resembles a text file it is called UnHookExec.inf 
Get from here
Download  or save it …..  then right click and press install
For more about the tool go toREAD MORE ABOUT THE TOOL AUTORUN.INF HERE

ANOTHER GOOD TOOLS FROM NORTON GET THEM FROM HERE....ENABLE TASK MANAGER TOOL , CLEAN REGISTRY TOOL ETC
…..
I WILL BE BACK ON MORE ON WINDOWS REGISTRY
AND LINUX  SHORT CUTS




0 comments:

Post a Comment