1. Download the free tool MoveOnBoot
2. Open MoveOnBoot
3. Go to Rename Action -> Rename File
4. A dialog box will open, select the file. Since these virus files are hidden files , you won’t be able to browse and see it. Please enter enter “C:\protectfile.vbs” in select-file section.
5. Enter “C:\protectfile.html” in the destination file section. Enter OK.
6. Similarly repeat steps 2 to 4 for the file “C:\autorun.inf” and rename it to “C:\autorun.html”
7. Don’t restart your computer. We have set moveonboot to rename the ProtectFile.vbs in just one of the drives.
8. Repeat step 2 to 5 for each of the drives. For example if you have 4 drives in your computer(C, D, E, F), then you will have to rename “C:\protectfile.vbs”, “D:\protectfile.vbs”, “E:\protectfile.vbs” and “F:\protectfile.vbs” to “C:\protectfile.html”, “D:\protectfile.html”, “E:\protectfile.html” and “F:\protectfile.html” respectively. Similarly rename “autorun.inf” files in all the drives to corresponding “autorun.html” files.
9. Restart your computer. We have disabled the virus.
10. Now we will remove them completely.
11. Open MoveOnBoot again.
12. Go to Delete Actions -> Delete Files
13. You won’t be able to browse and reach the files. So click browse and enter “C:\protectfile.html”, “D:\protectfile.html”, “E:\protectfile.html” ,”F:\protectfile.html”, “C:\autorun.html”, “D:\autorun.html”, “E:\autorun.html” and “F:\autorun.html”
14. Restart your computer.
To remove protectfile.vbs from your system
1. Go to Task manager(Press Ctrl+Alt+Del).
2. In the Processes tab , Kill the processes : explorer and wscript.exe(if available)
3. Now go to Applications tab and press new task
4. Enter cmd .Go to the drive c:\
5. Type del /f/q/a protectfile.vbsand del /f/q/a autorun.inf
6. Go to c:\windows\system32and enter del /f/q/a secureguard.vbsNow you have deleted all the infected files in your system
7. Goto regedit(enter regedit in Run) and search for protectfile.vbs and delete all entries with this name.
8. Now search for the secureguard.vbs and modify it as in the path del only"c:\windows\system32\secureguard.vbs... and let the other part of the path be there alive..
9. Restart your system
No comments:
Post a Comment