There is a Trojan/virus (either the Win32/Pacex virus or the Win32/PSW.Agent.NDP trojan) that uses the two files ntde1ect and autorun.inf Here is how you can get rid of them:
1] Open Task Manager and in Processes tab end explorer.exe and wscript.exe process
2] Open up File –> New Task (Run) in the Task manager
3] Type cmd and hit Enter (go to boot drive e.g. C:\>, D:\>)
4] Type del /a:h /f c:\autorun.*
5] Go to your Windows\System32 directory by typing cd c:\ windows\ system32 Type dir /a:h /f avp*.*
If you see any files names avpo.dll or avpo.exe or avpo.exe, use the
Del /a:h /f avpo.exe
6] Open up File –> New Task (Run) in the Task manager, Type regedit
7] Navigate to:
HKEY_CURRENT_USER\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Run
If there are any entries for avpo.exe, delete them.
Do a complete search of your registry for ntdelect.com and delete any entries you find.
If there are any entries for avpo.exe, delete them.
Do a complete search of your registry for ntdelect.com and delete any entries you find.
8] Go to HKLM\ SOFTWARE\ Microsoft\ WindowsNT\ CurrentVersion\ Winlogon
Shellhas been change to -> explorer.exe svichosst.exewhen it should be -> explorer.exe
9] To Restore Folder Options Settings, Navigate to
HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Explorer\ Advanced\ Folder\Hidden\SHOWALL
9] To Restore Folder Options Settings, Navigate to
HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Explorer\ Advanced\ Folder\Hidden\SHOWALL
No comments:
Post a Comment