arungeek
Hacks and Tweaks



Uncategorized

October 16, 2009

Virus Removal Tips and Tricks : Must Know

More articles by »
Written by: arunenigma


Autorun.inf


What is autorun.inf ?

Autorun.inf is a setup information file or INF used to install or setup softwares and drivers. The autorun.inf makes the CD ROM autoplay, it means this will automatically play the setup upon clicking or play itself or what we called auto installation. If you can see an autorun.inf in your CD ROM drive, this is normal.

When do we say that Autorun.inf is a Virus?

Some people say autorun.inf is a virus but the reality is, it is not. Autorun.inf is only used by the virus to execute or install itself upon clicking. The autorun.inf contains a setup information or a program setup that will trigger the virus to execute, when it is being clicked by the user. This autorun.inf is usually found in windows C: or in the removable disk. And it is mostly set to invisible or hidden in the windows drive or in removable drive.

How to remove autorun.inf in your system drive ?

First you must enable your Folder Options, make your hidden files be visible to your eyes.

My Computer > Tools > Folder Options.

Unhide all the files to make visible all the hidden files in to your system drive.

After this, start deleting the autorun.inf into your drive C: or removable drive. And you can also remove the unknown files like Braviax.exe, Ravmon.exe, Kxvo.exe, Amvo.exe, Bar311.exe, Svchost.exe or any unknown files that are exist in to the system drive.

Kxvo.exe

How to Remove Kxvo.exe Virus Manually ?

Kxvo.exe is a Trojan/Backdoor virus – a very harmful computer parasite. When infected with it, your PC’s performance will become slow and almost hang-up that would turn to invalid boot-up of your PC. This trojan/backdoor virus is almost the same as the amvo.exe virus and shuts your PC down often.

Symptoms

* Folder Option is not working – you cannot enable the Folder Option or show the hidden files running into you computer. It will reverted either you have change it and after a while it will change back.

* Hidden file problem.

* “An exception breakpoint has been reached” a message dialog box came from your Yahoo Messenger.

How to solve this?

This is the solution on how to remove the kxvo.exe and to fix the folder option problem. Just follow this steps:

1. Uncheck kxvo.exe from msconfig>> startup (type msconfig in run and click on the startup tab) also and restart your system

1. Click Start > Run and type REGEDIT

2. Go to HKEY_CURRENT_USER > SOFTWARE > Microsoft > Windows > CurrentVersion > Explorer > Advanced

3. On the right side, double click the hidden value and give it a value of 1.

4. Same for HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > Windows > CurrentVersion > Explorer > Advanced > Folder > Hidden > SHOW ALL Change the value of Checked Value to 1.

5. Check if your Folder Option if its working now. If it works! OK you are now ready to delete the kxvo.exe virus now.

Go to your Folder Option and enable the show all the hidden files and you remove the following files if they are exist in the exact location or directory:

c:\autorun.inf
c:\u.bat
c:\amvo.exe
c:\kxvo.exe
c:\awda2.exe
c:\d.com
c:\mvo.dll
c:\amvo1.dll
c:\windows\system32\ amvo.exe
c:\windows\system32\ akxvo.exe
c:\windows\system32\ awda2.exe
c:\windows\system32\ d.com
c:\windows\system32\ mvo.dll
c:\windows\system32\ amvo1.dll
c:\windows\system32\u.bat

Lastly go to Run and type cmd then type regedit, press Ctrl + F to find the files kxvo.exe and delete it. You can now reboot your PC.

Bar311.exe

Remove Bar311.exe virus manually from your PC:

Bar311.exe virus is also known as winzip123.exe. It may also exist in your with other names like bar311.exe, pc-off.bat, password_viewer.exe, and photos.zip.exe
.

Some programs and applications may not work cause when your computer is infected by bar311.exe and most of executed files and applications will not run, like the acrobat reader. The icon generated by bar311.exe completely replaces all the icons of applications running in your PC. It also disables the RUN, Folder Options, Registry and also creates pc-off.bat into your system. The batch file has a syntax ?@echo off shutdown -s -f -t 2 ?c? that is located in the windows system. If you use Command Prompt, your system will shutdown automatically.

How to Remove bar311.exe Virus Manually ?

1. Restart your PC and go the Windows Safe Mode by pressing F8.

Do you strictly need to do this?
Yes, so that the other files and application will not run like the virus.

Go to MSCONFIG by typing msconfig in the RUN. And check the start-up settings and un-checked the following files ?bar311.exe?, password_viewer.exe, or the ?photos.zip.exe if they exist.

2. Next go to your REGEDIT to edit some registry files that may cause the problems. Go to Run and type REGEDIT edit the following registry .

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
“Userinit”=”userinit.exe,bar311.exe” ?> remove “, bar311.exe” only? leave userinit.exe because this is used by Windows when you log-in?

[HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Explorer\Advanced]
“Hidden”=dword:00000001
“HideFileExt”=dword:00000000
“ShowSuperHidden”=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Command Processor]
“autorun”=”c:\Windows\pc-off.bat” ?> remove “c:\Windows\pc-off.bat” or delete the autorun key.

3. Press Window + R and place a drive you want to access like this C:, D: and Enter, when accessing the drives to avoid triggering the autorun? Delete the autorun.inf and password_viewer.exe or bar311.exe if they exist. And restart your PC now.

You maybe used the step #2 to checked if the bar311.exe if exist on the registry directories.

4. Use this method to delete the following files if you like just open notepad then type this following syntax below:

@echo off
del /a /f c:\Windows\bar311.exe
del /a /f c:\Windows\password_viewer.exe
del /a /f c:\Windows\photos.zip.exe
del /a /f c:\Windows\pc-off.bat
pause

Then please save this as virusremoval.bat then click to run. This will execute the syntax to remove virus running into your system.

If you are lazy enough to do this, you can follow and go to the directory location and delete this file manually:

C:\Windows\bar311.exe
C:\Windows\password_viewer.exe
C:\Windows\photos.zip.exe
C:\Windows\pc-off.bat

And you’re done ! Your PC is now safe from the bar311.exe virus. To be free from all other viruses, I always recommend you to used any updated antivirus.

Braviax.exe

What is Braviax.exe Virus?

Braviax.exe Virus Information

Virus Name: Braviax.exe
Known as: Trojan.Virantix.C, TROJ_RENOS.ADT
Command Location: C:\Windows\System32\braviax.exe

Antiviruses detect them as a Trojan named commonly as Virantix.C Trojan that starts automatically into Run, RunOnce, RunServices, or RunServicesOnce entry in the registry. This Trojan is capable of displaying fake security alerts in your Windows taskbar that advertises rogue anti-spyware products.

This braviax.exe virus can create, copy, and delete files and folders like autoexec.bat. It specifically creates a file univrs32.dat in c:\windows\system32\univrs32.dat

Some braviax.exe virus behavior:

* Created as a process on disk

* Executed as a Process

* Has code inserted into its Virtual Memory space by other programs

* Added as a Registry auto start to load Program on Boot up

* Terminated as a Process

* Registered as a Dynamic Link Library File

It also uses some filename aliases that runs into your PC like a system file.

The List is shown below:

* UNYIHYV.TMP
* GQRMSIT.TMP
* 24234393.DAT
* 95164862.DAT
* 31018098.SVD
* 36346119.DAT
* 29434265.SVD
* 27044453.SVD
* 57134588.DAT
* BEHAVIAX.EXE
* 56846728.EXE
* BRAVIAX.EX_
* 63594485.EXE
* 16782586.SVD
* 37741952.EXE

How to Remove Braviax.exe Virus?

After reviewing the braviax.exe virus a little while ago, I just want to share you the procedure which i learned to remove it from your system files and running folders.

Braviax.exe Virus is a common type of virus nowadays that comes across our way. It is in the form of an anti-spyware advertisement pop-ups which is very annoying. If not removed instantly, it may prove to be a really a great disturbance in completion of any task with your PC and ultimately require for an OS Format.

Ok, here we go! Before doing this, strictly follow the steps on how to remove braviax.exe and please make sure to back-up your computer first to avoid any data loss.

Please note: This manual removal process may be difficult and may run the risk of destroying your computer..

Step 1: Use File Search Tool to Find braviax.exe

1. Just go to Start > Search > All Files or Folders.

2. In the “All or part of the the file name” section, type in “braviax.exe” file name(s).

3. To get better results, select “Look in: Local Hard Drives” or “Look in: My Computer” and then click “Search” button.

4. After the windows finishes your search, hover over the “In Folder” of “braviax.exe”, highlight the file and copy/paste the path into the address bar. Save the file’s path on your clipboard because you’ll need the file path to delete braviax.exe in the following manual removal steps.

Step 2: Use Windows Task Manager to Remove braviax.exe Processes

1. To open the Windows Task Manager, use the combination of CTRL+ALT+DEL or CTRL+SHIFT+ESC.

2. Click on the “Image Name” button to search for “braviax.exe” process by name.

3. Select the “braviax.exe” process and click on the “End Process” button to kill it.

Step 3: Detect and Delete Other braviax.exe Files

1. To open the Windows Command Prompt, go to Start > Run > cmd and then press the “OK” button.

2. Type in “dir /A name_of_the_folder” (for example, C:\my-folder), which will display the folder’s content even the hidden files.

3. To change directory, type in “cd my_folder”.

4. Once you have the file you’re looking for type in del “my_file”.

5. To delete a file in folder, type in “del my_file”.

6. To delete the entire folder, type in “rmdir /S my_folder”.

7. Select the “braviax.exe” process and click on the “End Process” button to kill it.

Good luck to everyone, and hope this instructions might help you to remove the virus on your computer. I will be waiting for your great feedback, comments, and suggestions regarding this issue by leaving your message in the comment box.

SCVHOST.EXE

What is SCVHOST.EXE?

It is detected as W32/YahLover.Worm.gen by McAfee Antivirus and as Win32/Autorun.R.worm by NOD32.

This virus installs itself into your PC by using its INF file autorun.inf. The Autorun.inf file has an script which will trigger in order to execute the SCVHOST.EXE. It occurs mostly in removable disks and when occurred, you will notice an Autoplay instead of the standard Open. Once you double click the drive or removable disk, the autorun.inf run its scripts and triggers to execute the SCVHOST.EXE, spreading itself unto your system. It also copies itself through all your shared folders and directories and on your computers throughout the network and runs itself in the registry entries remotely using a GUEST account (through System:Remote).

Symptoms:

* When pressing Ctrl+Alt+Del it blocks to launch the Task Manager
* It blocks the Registry Editor.
* When you try to go to the command prompt CMD, it will restarts the computer.
* The shared folders will duplicates itself to different locations of. The duplicated virus uses a FOLDER icon with an .exe file extension. The configuration of your Yahoo Messenger has been changed.

How to Remove It

OK here we go, you must follow this step on how to remove this virus in manually method:

* Restart your PC and press F8 and select the option Safe Mode Command Prompt Only
* And after you log-in the command prompt you must log-in as Administrator.
* Type cd C:\windows\system32
* Type dir /ah, to display all hidden files on this directory folder. You will see the following files which is used by the virus to spread itself: AUTORUN.INI, BLASTCLNNN.EXE, and SCVHOST.EXE
* Type ATTRIB -H -R -S SCVHOST.EXE
* Type ATTRIB -H -R -S BLASTCLNNN.EXE
* Type ATTRIB -H -R -S AUTORUN.INI
* Type DEL SCVHOST.EXE
* Type DEL BLASTCLNNNN.EXE
* Type DEL AUTORUN.INI
* Type CD\
* Type ATTRIB -H -R -S AUTORUN.INF
* Type DEL AUTORUN.INF

You are almost done, reboot your PC you may seat back and relax.. while loading…

Go Start Menu and click the Run and type the REGEDIT command. Take note guys before make any changes into your Registry Editor you must make a full back-up to your registry to avoid system errors.

Look the location entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run, if you see an entry Yahoo! Messengger (it?s spelled like this) with a value c:\windows\system32\scvhost.exe, Delete this entry.

Look the location entry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, in the entry named: SHELL, a value = Explorer.exe,SCVHOST.EXE. Edit this value, delete the SCVHOST.EXE only and the value must be Explorer.exe. Once you delete all this value, your computer will not login anymore.

Ok you are done now. Please Restart your PC now and Enjoy !

Hope my tips will help everyone.. Just post your comments if you have any problem while removing the virus as stated by the above method.

Amvo.exe

How to Remove the Amvo.exe Virus Manually

First of all you we must know what is the amvo.exe is? what the symptoms when we have amvo.exe in our PC and how to remove it manually without using any software. Ok here we go!

What is Amvo.exe?

* Amvo.exe is Trojan/Backdoor

Symptoms

* Folder Option is not working – you cannot enable the Folder Option or show the hidden files running into you computer.
* Hidden file problem
* Always open new windows in all drives
* Error occur of the memory reference (Low Disk Space)

How to solve this?

Given below is the solution on how to remove the amvo.exe and to fix the folder option problem. Just follow this steps:

1. Uncheck amvo.exe from msconfig>> startup (type msconfig in run and click on the startup tab) also and restart your system

1. Click Start > Run and type REGEDIT

2. Go to HKEY_CURRENT_USER > SOFTWARE > Microsoft > Windows > CurrentVersion > Explorer > Advanced

3. On the right side, double click the hidden value and give it a value of 1.

4. Same for HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > Windows > CurrentVersion > Explorer > Advanced > Folder > Hidden > SHOW ALL Change the value of Checked Value to 1.

5. Check if your Folder Option if its working now. If it works! OK you are now ready to delete the Amvo.exe virus now.

Go to your Folder Option and enable the show all the hidden files and you remove the following files if they are exist in the exact location or directory:

c:\autorun.inf
c:\u.bat
c:\amvo.exe
c:\awda2.exe
c:\d.com
c:\mvo.dll
c:\amvo1.dll
c:\windows\system32\ amvo.exe
c:\windows\system32\ awda2.exe
c:\windows\system32\ d.com
c:\windows\system32\ mvo.dll
c:\windows\system32\ amvo1.dll
c:\windows\system32\u.bat

Lastly go to Run and type cmd then type regedit, press Ctrl + F to find the files amvo.exe and delete it. After that, reboot your PC.

Please Comment if you have any doubts or suggestions .


About the Author

arunenigma
Computer Science Graduate Student @ Case Western Reserve University, Cleveland, USA




 
 

 
Factory_1

Python Factory Design Patterns using Switch Case

I googled for Factory Method Design Pattern in Python but couldn’t find a good resource. So, I  am sharing an example program to demonstrate this design pattern in Python which I frequently use. The factory method pattern is...
by arunenigma
 

 
 
Gospers_glider_gun

Conway’s Game of Life Implemetation in Python with cool patterns

he Game of Life (or simply Life) is not a game in the conventional sense. There are no players, and no winning or losing. Once the “pieces” are placed in the starting position, the rules determine everything that ha...
by arunenigma
 

 
 
bin-tree

Python AVL Tree Implementation with ASCII visualization

n computer science, an AVL tree is a self-balancing binary search tree. It was the first such data structure to be invented. In an AVL tree, the heights of the two child subtrees of any node differ by at most one; if at any tim...
by arunenigma
 

 

 
bst

Binary Search Tree in Python with ASCII art visualization

Binary search tree implementation in Python with: in, post and pre-order traversals. Also includes methods for insertion, deletion and search of nodes. Deletion is fairly complex and is made possible by keeping track of parents...
by arunenigma
 

 
 
fibonacci

Python, Memoization, Dynamic Programming, Fibonacci Series and some Fun!

ython can implement the recursive formulation directly, caching return values. Memoization is a method where if a call is made more than once with the same arguments, and the result is returned directly from the cache. For exam...
by arunenigma
 

 




0 Comments


Be the first to comment!


You must be logged in to post a comment.