Scribd
Upload
142 views2 pages

New Folder

The document provides instructions to remove malware from an infected Windows system. It includes commands to kill malicious processes, enable the Task Manager and Registry Editor, show hidden files, delete infected files, modify registries, and includes precautions like disabling shared documents.

Uploaded by

api-3764530
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
142 views2 pages

New Folder

The document provides instructions to remove malware from an infected Windows system. It includes commands to kill malicious processes, enable the Task Manager and Registry Editor, show hidden files, delete infected files, modify registries, and includes precautions like disabling shared documents.

Uploaded by

api-3764530
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
You are on page 1/ 2

Solution

~~~~~~

End Task(updated on 27/11/2007)


————————
Start> run

taskkill /f /t /im “New Folder.exe”

taskkill /f /t /im “SCVVHSOT.exe”

taskkill /f /t /im “SCVHSOT.exe”

taskkill /f /t /im “scvshosts.exe”

taskkill /f /t /im “hinhem.scr”

taskkill /f /t /im “blastclnnn.exe”

Enable Task Manager


——————-
1. Start> run
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v
DisableTaskMgr /t REG_DWORD /d 0 /f
2. Start> run
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v
DisableTaskMgr /t REG_DWORD /d 0 /f

Enable Regedit
————–
1. Start> run
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v
DisableRegistryTools /t REG_DWORD /d 0 /f
2. Start> run
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v
DisableRegistryTools /t REG_DWORD /d 0 /f

Folder Option & Hidden Files


—————————-
1. Start> run
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v
NoFolderOptions /t REG_DWORD /d 0 /f
2. Start> run
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v
NoFolderOptions /t REG_DWORD /d 0 /f
3. Start> run
reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v
Hidden /t REG_DWORD /d 1 /f
4. Start>run
reg add
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hid
den\SHOWALL /v CheckedValue /t REG_DWORD /d 1 /f

reg add
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hid
den\SHOWALL /v DefaultValue /t REG_DWORD /d 2 /f
reg add
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hid
den\NOHIDDEN /v CheckedValue /t REG_DWORD /d 2 /f

reg add
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hid
den\NOHIDDEN /v DefaultValue /t REG_DWORD /d 2 /f

Other steps
——————

Delete the files

C:\WINDOWS\SCVVHSOT.exe
C:\WINDOWS\SCVHSOT.exe
C:\WINDOWS\hinhem.scr
C:\WINDOWS\system32\SCVHSOT.exe
C:\WINDOWS\system32\blastclnnn.exe
C:\WINDOWS\system32\autorun.ini
C:\Documents and Settings\All Users\Documents\SCVHSOT.exe

Modify some registries


\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\ Shell REG_SZ –> explorer.exe
\Software\Microsoft\Windows\CurrentVersion\Run\ Yahoo Messengger –>delete

Precaution
~~~~~~~~~

Never double click on such files which look like folders, instead use folder view for
navigation.
You may like to disable “Shared Documents”.

You might also like