This post is to address the infection of the NoooH worm that no antivirus, antispyware or any other method has been succesful in finding or removing it so here goes.......
01 - Go into windows safe mode
02- Don't go into any harddrives ........
open control panel>>>>folder options
uncheck: Hide protected operating system files (Recommended)
03- Now RIGHT-CLICK on c:\ drive DOOOOO NOT DOUBLE CLICK!!!!!!!!!!!
select: open
you will find: sys
autorun
delete them
Then go into c:\windows\web
you will find: sys
02- Don't go into any harddrives ........
open control panel>>>>folder options
uncheck: Hide protected operating system files (Recommended)
03- Now RIGHT-CLICK on c:\ drive DOOOOO NOT DOUBLE CLICK!!!!!!!!!!!
select: open
you will find: sys
autorun
delete them
Then go into c:\windows\web
you will find: sys
delete it
Now RIGHT-CLICK on d:\ drive DOOOOO NOT DOUBLE CLICK!!!!!!!!!!!
select: open
you will find: sys
autorun
delete them
repeat for all drives
IF YOU DOUBLE CLICK RESTART AND START OVER
04- Enter Start>>Run>> gpedit.msc
This will get you into group policy
Then: User config>>>> administrative templates>>>>> system
Then: Ctrl +Alt+Del options
Right click on each of the 4 choices and choose: properties
In properties: choose: disable...
Then go back and you will find: prevent access to registry editing tools
Right-click>>>properties>>>>disable
Your computer is healed
Note: This worm is transmitted through flash drives and the like so plug in your flash drive
AND RIGHT-CLICK>>>>>open DOOOOOOOOOOO NOT DOUBLECLICK or you go back to step 1
you will find: sys
autorun
Delete them
Your flash drive is healed
No comments:
Post a Comment