Friday, March 6, 2009

new_folder.exe removal guidenew_folder.exe removal guide

new_folder.exe is a virus which infects computer through autorun.inf (to disable autorun.inf, click here) in removable drive. It will disable your task manager, folder option, command prompt and even your anti-virus. When you start any program which contain the words related to antivirus, it will terminate the programs. Thus, antivirus or any famous anti-spyware also cannot remove it completely. However, we can clean it manually by following the procedures:
  1. Download a-squared HiJackFree , install it and rename its executable file (a2HiJackFree.exe) to other name which is not related to antivirus, such as dfskjhfds743 so that it will not be terminated immediately after running.

  2. Run the renamed executable file. It may be terminated by the virus. Thus, you should rerun it a few times until you can kill the virus's process.

  3. Use it to kill the following processes:
    compmgmt.exe, system.exe, debug_32.exe, dmadmin_1.exe and new_folder.exe
    (how? click here.)

  4. Repeat step 2 and step 3 until you successfully kill the processes.

  5. Enable your command prompt, task manager, folder options, registry editor etc with RRT or download the tool created by me here. You may need to enable them a few times as the worm will disable them automatically.

  6. Delete compmgmt.exe, system.exe, debug_32.exe, dmadmin_1.exe and new_folder.exe in command prompt. (How to enter command prompt? click here.) In command prompt, type:
    cd\ and press enter
    del /A /F /S dmadmin_1.exe and press enter
    del /A /F /S compmgmt.exe and press enter
    del /A /F /S system.exe and press enter
    del /A /F /S debug_32.exe and press enter
    exit and press enter

  7. Goto registry editor, remove all keys and values related to compmgmt.exe, system.exe, debug_32.exe, dmadmin_1.exe and new_folder.exe

  8. Done!
Read also:

1 comment:

Post a Comment