My computer has been infected by Ahsan virus. "My Computer" has changed to "Ahsan's Computer" and Recycle Bin has changed to "G.W.Bush". Also there is "Home Video.exe" running on the system. I tried resolving this from solutions posted on other forums (using safe mode etc.), but the programs don't stay open for more than 5 seconds. Kindly help me out.
My computer has been infected by Ahsan virus. "My Computer" has changed to "Ahsan's Computer" and Recycle Bin has changed to "G.W.Bush". Also there is "Home Video.exe" running on the system. I tried resolving this from solutions posted on other forums (using safe mode etc.), but the programs don't stay open for more than 5 seconds. Kindly help me out.
Check if a DWORD value named NoFolderOptions exists in the pane on the right hand side of the screen Delete it
6. If you are still unable to view the hidden files, which is disabled by virus, enable it with following proc and key.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced. Find the value "Hidden" . Rightclick it and modify it to 1. If Key value hidden is not present create it
7. Check the following registery values and set the values given below in each registery key.
Hi,
ReplyDeleteMy computer has been infected by Ahsan virus. "My Computer" has changed to "Ahsan's Computer" and Recycle Bin has changed to "G.W.Bush". Also there is "Home Video.exe" running on the system. I tried resolving this from solutions posted on other forums (using safe mode etc.), but the programs don't stay open for more than 5 seconds. Kindly help me out.
Thanks in advance!
Hi,
ReplyDeleteMy computer has been infected by Ahsan virus. "My Computer" has changed to "Ahsan's Computer" and Recycle Bin has changed to "G.W.Bush". Also there is "Home Video.exe" running on the system. I tried resolving this from solutions posted on other forums (using safe mode etc.), but the programs don't stay open for more than 5 seconds. Kindly help me out.
Thanks in advance!
Detailed steps to remove Ahsan's virus :
ReplyDelete1. start windows in safe mode with command prompt(user:admin, preferably a user other than having attacked)
2. use RRT Tool to enable run " if disabled".
3. Enable regediting if disabled with following reg key.
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f
4. Open regedit, search and delete all entries with name "Ahsan" , site 110mb.com and Bush.
5. If your folder option is disabled enable it with following reg key "
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Explorer
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version\Policies\Explorer
Check if a DWORD value named NoFolderOptions exists in the pane on the right hand side of the screen
Delete it
6. If you are still unable to view the hidden files, which is disabled by virus, enable it with following proc and key.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced. Find the value "Hidden" . Rightclick it and modify it to 1. If Key value hidden is not present create it
7. Check the following registery values and set the values given below in each registery key.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN]
"CheckedValue"=dword:02
"ValueName"="Hidden"
"DefaultValue"=dword: 02
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=dword: 01
"ValueName"="Hidden"
"DefaultValue"=dword:02
8. Now enable "show all hidden files / Hidden system files and folders", and search for following files and delete them all.
system.exe
csrss.exe
Home video.avi.exe
autorun
Note: these files will be in parent drives (D:, C:) and in windows folder.
9.Now you are done !