Sunday, May 4, 2008

How to Remove the ntde1ect.com and autorun.inf files


There is a Trojan/virus (either the Win32/Pacex virus or the Win32/PSW.Agent.NDP trojan) that uses the two files ntde1ect and autorun.inf Here is how you can get rid of them:

1] Open Task Manager and in Processes tab end explorer.exe and wscript.exe process

2] Open up File –> New Task (Run) in the Task manager

3] Type cmd and hit Enter (go to boot drive e.g. C:\>, D:\>)

4] Type del /a:h /f c:\autorun.*

5] Go to your Windows\System32 directory by typing cd c:\ windows\ system32 Type dir /a:h /f avp*.*
If you see any files names avpo.dll or avpo.exe or avpo.exe, use the
Del /a:h /f avpo.exe

6] Open up File –> New Task (Run) in the Task manager, Type regedit

7] Navigate to:
HKEY_CURRENT_USER\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Run
If there are any entries for avpo.exe, delete them.
Do a complete search of your registry for ntdelect.com and delete any entries you find.

8] Go to HKLM\ SOFTWARE\ Microsoft\ WindowsNT\ CurrentVersion\ Winlogon
Shellhas been change to -> explorer.exe svichosst.exewhen it should be -> explorer.exe

9] To Restore Folder Options Settings, Navigate to
HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Explorer\ Advanced\ Folder\Hidden\SHOWALL

No comments: