HOW TO REMOVE ntde1ect and autorun.inf CREATED BY Win32/PSW.Agent.NDP trojan
Open Task Manager and in Processes tab end explorer.exe and wscript.exe process
Open up File –> New Task (Run) in the Task manager
Type cmd and hit Enter
TO REMOVE AUTORUN from other drivers other than C:
TO REMOVE AUTORUN from other drivers other than C:
Type in the prompt C:\document and settings\username>X: ….where X is your infected drive
Then the the prompt will show as follows X:\> …. Where X is your drive
Type attrib at the end of the prompt as follows X:\> attrib
this will list all the files that are in that drive
If you see any entry called autorun.inf or any .pif file delete it as follows
Type this on the prompt as shown below
X:\> del autorun.inf /f/a/s/q/p
When prompted click Yes to delete
Then to delete .pif entries type on the prompt as shown below
X:\> del *.pif /f/a/s/q/p
DELETEING AVPO.EXE ENTRIES
IF IT IS DRIVE C THAT HAS avpo.exe then
del /a:h /f c:\autorun.*
del /a:h /f c:\autorun.*
Go to your Windows\System32 directory by typing cd c:\windows\system32
Type dir /a:h /f avp*.*
If you see any files names avpo.dll or avpo.exe or avpo.exe, use the
Type dir /a:h /f avp*.*
If you see any files names avpo.dll or avpo.exe or avpo.exe, use the
Del /a:h /f avpo.exe
- Open up File –> New Task (Run) in the Task manager, Type regedit
- Navigate to HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
If there are any entries for avpo.exe, delete them.
Do a complete search of your registry for ntdelect.com and delete any entries you find. - To Restore Folder Options Settings, Navigate to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Explorer\Advanced\Folder\Hidden\SHOWALL
Look at the “CheckedValue” key… This should be a DWORD key. If it isn’t, delete the key.Create a new key called “CheckedValue” as a DWORD (hexadecimal) with a value of 1. The “Show hidden files & folders” check box should now work normally.
WHEN THE REGISTRY IS LOCKED…. BY THE ADMINISTRATOR
The virus a times disable the registry ….for editing …
The easiest way is to use this tool from symantech (Norton)….. it is a small file that resembles a text file it is called UnHookExec.inf
Get from here
Download or save it ….. then right click and press install
For more about the tool go toREAD MORE ABOUT THE TOOL AUTORUN.INF HERE
ANOTHER GOOD TOOLS FROM NORTON GET THEM FROM HERE....ENABLE TASK MANAGER TOOL , CLEAN REGISTRY TOOL ETC
…..
I WILL BE BACK ON MORE ON WINDOWS REGISTRYAND LINUX SHORT CUTS
0 comments:
Post a Comment