new_folder.exe is a virus which infects computer through autorun.inf (to disable autorun.inf, click here) in removable drive. It will disable your task manager, folder option, command prompt and even your anti-virus. When you start any program which contain the words related to antivirus, it will terminate the programs. Thus, antivirus or any famous anti-spyware also cannot remove it completely. However, we can clean it manually by following the procedures:
- Download a-squared HiJackFree , install it and rename its executable file (a2HiJackFree.exe) to other name which is not related to antivirus, such as dfskjhfds743 so that it will not be terminated immediately after running.
- Run the renamed executable file. It may be terminated by the virus. Thus, you should rerun it a few times until you can kill the virus's process.
- Use it to kill the following processes:
compmgmt.exe, system.exe, debug_32.exe, dmadmin_1.exe and new_folder.exe
(how? click here.)
- Repeat step 2 and step 3 until you successfully kill the processes.
- Enable your command prompt, task manager, folder options, registry editor etc with RRT or download the tool created by me here. You may need to enable them a few times as the worm will disable them automatically.
- Delete compmgmt.exe, system.exe, debug_32.exe, dmadmin_1.exe and new_folder.exe in command prompt. (How to enter command prompt? click here.) In command prompt, type:
cd\ and press enter
del /A /F /S dmadmin_1.exe and press enter
del /A /F /S compmgmt.exe and press enter
del /A /F /S system.exe and press enter
del /A /F /S debug_32.exe and press enter
exit and press enter
- Goto registry editor, remove all keys and values related to compmgmt.exe, system.exe, debug_32.exe, dmadmin_1.exe and new_folder.exe
- Remove Fake Antivirus
- Safe Browser - Free 100% Protection!
- Correct way of using Browser to surf internet
- Why use Firefox rather than IE?
- How to kill a process effectively?
- Prevent Pendrive Virus forever
- Don't disable UAC or your computer will be attacked by malwares!
- Remove WGA (Windows Genuine Advantage) Notifications effectively
- How to patch without running WGA validation