Some Virus Removal Tips

Hi all i have some virus removal tips..
but it is quite long can i post it..?
Depends upon your Feedback and Reply i will make it soon

Replies

  • vinod12345madhu
    vinod12345madhu
    sure.you can
  • nandu070691
    nandu070691
    Post it. Of course, it will be widely accepted.
  • Kaustubh Katdare
    Kaustubh Katdare
    Start a new thread and keep adding new post for each new tip 😀
  • as_nawin
    as_nawin
    i just found this on net from various sources.i hope it will be very useful for u so i posted it
    How to Remove Autorun.inf

    Autorun.inf Virus Removal

    What is autorun.inf?

    Autorun.inf is a setup information file or INF used to install or setup softwares and drivers. This is usually used and seen on the CD ROM with the Autoplay. The autorun.inf makes the CD ROM will autoplay, it means this will automatically play or setup upon clicking or play itself or what we called auto installation. If you can see an autorun.inf in your CD ROM drive, this is normal.

    When do we say that Autorun.inf is a Virus?

    Some people says autorun.inf is a virus but the reality is not. Autorun.inf was only used by the virus to execute or install themself by clicking. On the autorun.inf it contains a setup information or a program setup that will trigger the virus to execute when they are being clicked by the user. This autorun.inf was usually found in the windows C: or in the removable disk. And it is mostly set to invisible or hidden in the windows drive or removable drive.

    Ok here we go, let start removing the autorun.inf in your system drive.

    First you must enable your Folder Options, make your hidden files be visible to your eyes. You can enable by clicking-left to your My Computer > Tools > Folder Options.
    You can follow this configuration when you enable the Folder Option to visible all the hidden files in to your system drive.

    After this, you can now start deleting the autorun.inf into your drive C: or removable drive. And you can also remove the unknown files like Braviax.exe, Ravmon.exe, Kxvo.exe, Amvo.exe, Bar311.exe, Svchost.exe or any unknown files that are exist in to the system drive.

    How to Remove Kxvo.exe Virus Manually

    OK here is another trojan virus again that one of the common problem in our PC is the virus - a computer's parasite. Your PC performance will become slow and almost hang-up that would turn to invalid boot-up of your PC. I just want to share it to you again a trojan virus that i've been experience in my friend's internet cafe shop. This trojan/backdoor virus is almost thesame with the amvo.exe virus which is very harmful that might your PC shutting down. After I have posted about how to remove amvo.exe virus manually, some of you used this instructions and it works successfully, and some are not. Well, in removing the kxvo.exe virus is almost thesame for process of amvo.exe virus. Below you can check on how to do this, but we need to study first, what is kxvo.exe virus is?

    What is kxvo.exe virus?

    * kxvo.exe is Trojan/Backdoor - it is similar to amvo.exe virus, i think this is their family virus.

    Symptoms

    * Folder Option is not working - you cannot enable the Folder Option or show the hidden files running into you computer. It will reverted either you have change it and after a while it will change back.
    * Hidden file problem
    * "An exception breakpoint has been reached" a message dialog box came from your Yahoo Messenger.

    How to solve this?

    This is the solution on how to remove the kxvo.exe and to fix the folder option problem. Just follow this steps:

    1. Uncheck kxvo.exe from msconfig>> startup (type msconfig in run and click on the startup tab) also and restart your system

    1. Click Start > Run and type REGEDIT
    2. Go to HKEY_CURRENT_USER > SOFTWARE > Microsoft > Windows > CurrentVersion > Explorer > Advanced
    3. On the right side, double click the hidden value and give it a value of 1.
    4. Same for HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > Windows > CurrentVersion > Explorer > Advanced > Folder > Hidden > SHOW ALL Change the value of Checked Value to 1.
    5. Check if your Folder Option if its working now. If it works! OK you are now ready to delete the kxvo.exe virus now.

    Go to your Folder Option and enable the show all the hidden files and you remove the following files if they are exist in the exact location or directory:

    c:\autorun.inf
    c:\u.bat
    c:\amvo.exe

    c:\kxvo.exe

    c:\awda2.exe
    c:\d.com
    c:\mvo.dll
    c:\amvo1.dll
    c:\windows\system32\ amvo.exe

    c:\windows\system32\ akxvo.exe
    c:\windows\system32\ awda2.exe
    c:\windows\system32\ d.com
    c:\windows\system32\ mvo.dll
    c:\windows\system32\ amvo1.dll
    c:\windows\system32\u.bat

    Lastly go to Run and type cmd then type regedit, press Ctrl + F to find the files kxvo.exe and delete it. You can now reboot your PC.

    Similar procedure to amvo.exe virus removal.


    How to remove Bar311.exe virus manually in your PC?

    When I was using my PC at home this morning I encountered a simple problem on my PC it?s simply annoying, yes it is true. I have tried to used my CMD and gets my PC shutdown automatically. And there?s a pop-up message that my PC encountered some problems. I was really mad after my all works has not been yet saved to my documents. I was so terrible angry what kind of this living organism is this?

    After a minute I was calm and research in the net if what is this, is a virus or just a PC problems? I found an articles that this problems was caused by the virus bar311.exe and I immediately check-out for that file only systems if that exist. Oh, noh! its exist. I automatically remove it manually into my PC, so I just wana to share to you guys on how I remove this bar311.exe virus. But before for that I want to let you know what is bar311.exe is?

    This bar311.exe virus is also known as winzip123.exe, as you see into your PC if the bar311.exe if not exist into your computer, you must find also the winzip123.exe. It also comprises as bar311.exe, pc-off.bat, password_viewer.exe, and photos.zip.exe

    Some programs and applications may not work cause by this bar311.exe ang all executed files and applications will not run, like the acrobat reader this icon will replace the acrobd.exe and many more applications running to you systems. It also disable the RUN, Folder Options, Registry and also create the pc-off.bat into your system this batch file has a syntax ?@echo off shutdown -s -f -t 2 ?c? that located in the windows system. If you will used the CMD your system will shutdown automatically.

    OK here we go on how to remove this bar311.exe into your PC. J I will show you in manual removal process without using any software or applications.

    1. Restart your PC and go the Windows Safe Mode by pressing F8. Why do you need to do this? Yes so that the other files and application will not run like the virus.

    Go to MSCONFIG by typing msconfig in the RUN. And check the start-up settings and un-checked the following files ?bar311.exe?, password_viewer.exe, or the ?photos.zip.exe if they exist.

    2. Next go to your REGEDIT to edit some registry files that may cause the problems. Go to Run and type REGEDIT edit the following registry .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="userinit.exe,bar311.exe" ?> remove ", bar311.exe" only? leave userinit.exe because this is used by Windows when you log-in?

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\
    CurrentVersion\Explorer\Advanced]
    "Hidden"=dword:00000001
    "HideFileExt"=dword:00000000
    "ShowSuperHidden"=dword:00000001

    [HKEY_CURRENT_USER\Software\Microsoft\Command Processor]
    "autorun"="c:\Windows\pc-off.bat" ?> remove "c:\Windows\pc-off.bat" or delete the autorun key.

    3. Press Window + R and place a drive you want to access like this C:, D: and Enter, when accessing the drives to avoid triggering the autorun? Delete the autorun.inf and password_viewer.exe or bar311.exe if they exist. And restart your PC now.

    You maybe used the step #2 to checked if the bar311.exe if exist on the registry directories.

    4. Use this method to delete the following files if you like just open notepad then type this following syntax below:

    @echo off
    del /a /f c:\Windows\bar311.exe
    del /a /f c:\Windows\password_viewer.exe
    del /a /f c:\Windows\photos.zip.exe
    del /a /f c:\Windows\pc-off.bat
    pause

    Then please save this as virusremoval.bat then click to run. This will execute the syntax to remove virus running into your system.

    If you are lazy to do this you can follow and go to this directories location and delete this file manually:

    C:\Windows\bar311.exe
    C:\Windows\password_viewer.exe
    C:\Windows\photos.zip.exe
    C:\Windows\pc-off.bat

    And you?re done! Just simply of that you PC is now safe for the bar311.exe virus. You maybe used this but I always recommend you to used any updated antivirus.

    How to Remove Braviax.exe Virus?

    After reviewing the braviax.exe virus while ago, I just want to share also on how to remove it into your system files and folders running. That I know some of our users today are annoying in this kind of virus running to your system, some anti-spyware advertisement pop-ups, that makes you annoying to your work jobs.

    Ok here we go! Before doing this and following this steps on how to remove braviax.exe, please make sure to back-up first your computer to avoid system lost and data.

    Please note: This manual removal process may be difficult and you run the risk of destroying your computer..
    Step 1: Use File Search Tool to Find braviax.exe

    1. Just go to Start > Search > All Files or Folders.
    2. In the "All or part of the the file name" section, type in "braviax.exe" file name(s).
    3. To get better results, select "Look in: Local Hard Drives" or "Look in: My Computer" and then click "Search" button.
    4. After the windows finishes your search, hover over the "In Folder" of "braviax.exe", highlight the file and copy/paste the path into the address bar. Save the file's path on your clipboard because you'll need the file path to delete braviax.exe in the following manual removal steps.

    Step 2: Use Windows Task Manager to Remove braviax.exe Processes

    1. To open the Windows Task Manager, use the combination of CTRL+ALT+DEL or CTRL+SHIFT+ESC.
    2. Click on the "Image Name" button to search for "braviax.exe" process by name.
    3. Select the "braviax.exe" process and click on the "End Process" button to kill it.

    Step 3: Detect and Delete Other braviax.exe Files

    1. To open the Windows Command Prompt, go to Start > Run > cmd and then press the "OK" button.
    2. Type in "dir /A name_of_the_folder" (for example, C:\my-folder), which will display the folder's content even the hidden files.
    3. To change directory, type in "cd my_folder".
    4. Once you have the file you're looking for type in del "my_file".
    5. To delete a file in folder, type in "del my_file".
    6. To delete the entire folder, type in "rmdir /S my_folder".
    7. Select the "braviax.exe" process and click on the "End Process" button to kill it.

    Good luck to everyone, and hope this instructions might help you to remove the virus on your computer. I will be waiting for your great feedback, comments, and suggestions regarding this issue by leaving your message in the comment box.




    What is Braviax.exe Virus?

    Braviax.exe Virus Information

    Virus Name: Braviax.exe
    Known as: Trojan.Virantix.C, TROJ_RENOS.ADT
    Command Location: C:\Windows\System32\braviax.exe

    Some of the antiviruses detect as a Trojan.Virantix.C Trojan that starts automatically into Run, RunOnce, RunServices, or RunServicesOnce entry in the registry. This Trojan displays fake a security alerts in your Windows taskbar that advertises rogue anti-spyware products.

    This braviax.exe virus is also create, copies, and deletes some files and folders like autoexec.bat and create a file like c:\windows\system32\univrs32.dat into your systems

    Some braviax.exe virus behavior:

    * Created as a process on disk
    * Executed as a Process
    * Has code inserted into its Virtual Memory space by other programs
    * Added as a Registry auto start to load Program on Boot up
    * Terminated as a Process
    * Registered as a Dynamic Link Library File

    It also uses some filename aliases that running into your PC like a system files, like shown on the list below:

    * UNYIHYV.TMP
    * GQRMSIT.TMP
    * 24234393.DAT
    * 95164862.DAT
    * 31018098.SVD
    * 36346119.DAT
    * 29434265.SVD
    * 27044453.SVD
    * 57134588.DAT
    * BEHAVIAX.EXE
    * 56846728.EXE
    * BRAVIAX.EX_
    * 63594485.EXE
    * 16782586.SVD
    * 37741952.EXE

    If you are having this kind of virus into your computer, please scan your PC immediately and remove this trojan viruses the might get harm your systems files and data store on your computer.

    You may also use this step on how to remove braviax.exe virus? that would help you on this problems, just try and follow some instructions. on how to remove it.

    How to Remove SCVHOST.EXE, SVCHOST.EXE Virus Manually

    This are the following tips on how to remove the SCVHOST.EXE virus/worm. Firstly we must know what is SCVHOST.EXE is.

    What is SCVHOST.EXE?

    In some antivirus they are detected as W32/YahLover.Worm.gen from McAfee Antivirus and Win32/Autorun.R.worm from NOD32.

    This virus will installs itself into your PC by using its INF file autorun.inf. The Autorun.inf file has an scripts that will trigger to execute the SCVHOST.EXE. Mostly in a removable disk is this occurred as you noticed that there is an Autoplay instead of Open. Once you double click the drive or removable disk, the autorun.inf run its scripts that this will trigger to execute the SCVHOST.EXE and spreading itself unto your system. It also copies itself through all your shared folders directories and on your computers throughout the network and run itself in the registry entries remotely using a GUEST account (through System:Remote).

    Symptoms:

    * When pressing Ctrl+Alt+Del it blocks to launch the Task Manager
    * It blocks the Registry Editor.
    * When you try to go to the command prompt CMD, it will restarts the computer.
    * The shared folders will duplicates itself to different locations of. The duplicated virus uses a FOLDER icon with an .exe file extension. The configuration of your Yahoo Messenger has been changed.

    How to Remove It

    OK here we go, you must follow this step on how to remove this virus in manually method:

    * Restart your PC and press F8 and select the option Safe Mode Command Prompt Only
    * And after you log-in the command prompt you must log-in as Administrator.
    * Type cd C:\windows\system32
    * Type dir /ah, to display all hidden files on this directory folder. You will see the following files which is used by the virus to spread itself: AUTORUN.INI, BLASTCLNNN.EXE, and SCVHOST.EXE
    * Type ATTRIB -H -R -S SCVHOST.EXE
    * Type ATTRIB -H -R -S BLASTCLNNN.EXE
    * Type ATTRIB -H -R -S AUTORUN.INI
    * Type DEL SCVHOST.EXE
    * Type DEL BLASTCLNNNN.EXE
    * Type DEL AUTORUN.INI
    * Type CD\
    * Type ATTRIB -H -R -S AUTORUN.INF
    * Type DEL AUTORUN.INF

    You are almost done, reboot your PC you may seat back and relax.. [​IMG] while loading...

    Go Start Menu and click the Run and type the REGEDIT command. Take note guys before make any changes into your Registry Editor you must make a full back-up to your registry to avoid system errors. [​IMG]

    Look the location entry:

    HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run, if you see an entry Yahoo! Messengger (it?s spelled like this) with a value c:\windows\system32\scvhost.exe, Delete this entry.

    Look the location entry:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, in the entry named: SHELL, a value = Explorer.exe,SCVHOST.EXE. Edit this value, delete the SCVHOST.EXE only and the value must be Explorer.exe. Once you delete all this value, your computer will not login anymore.

    OK we are now done.. Please Restart your PC now and Enjoy!!! Thank you and hope this tips will help for everyone..Just post your comments about this problem.

    How to Remove the Amvo.exe Virus Manually

    First of all you we must know what is the amvo.exe is? what the symptoms when we have amvo.exe in our PC and how to remove it manually without using any software. Ok here we go!

    What is Amvo.exe?

    * Amvo.exe is Trojan/Backdoor

    Symptoms

    * Folder Option is not working - you cannot enable the Folder Option or show the hidden files running into you computer.
    * Hidden file problem
    * Always open new windows in all drives
    * Error occur of the memory reference (Low Disk Space)

    How to solve this?

    This is the solution on how to remove the amvo.exe and to fix the folder option problem. Just follow this steps:

    1. Uncheck amvo.exe from msconfig>> startup (type msconfig in run and click on the startup tab) also and restart your system

    1. Click Start > Run and type REGEDIT
    2. Go to HKEY_CURRENT_USER > SOFTWARE > Microsoft > Windows > CurrentVersion > Explorer > Advanced
    3. On the right side, double click the hidden value and give it a value of 1.
    4. Same for HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > Windows > CurrentVersion > Explorer > Advanced > Folder > Hidden > SHOW ALL Change the value of Checked Value to 1.
    5. Check if your Folder Option if its working now. If it works! OK you are now ready to delete the Amvo.exe virus now.

    Go to your Folder Option and enable the show all the hidden files and you remove the following files if they are exist in the exact location or directory:

    c:\autorun.inf
    c:\u.bat
    c:\amvo.exe
    c:\awda2.exe
    c:\d.com
    c:\mvo.dll
    c:\amvo1.dll
    c:\windows\system32\ amvo.exe
    c:\windows\system32\ awda2.exe
    c:\windows\system32\ d.com
    c:\windows\system32\ mvo.dll
    c:\windows\system32\ amvo1.dll
    c:\windows\system32\u.bat


    Lastly go to Run and type cmd then type regedit, press Ctrl + F to find the files amvo.exe and delete it. After that, reboot your PC. OK that's it. Guys please your comments if your PC is working now for using this procedure.. Thank you..
  • Kaustubh Katdare
    Kaustubh Katdare
    Please try to avoid copy pasting. Original articles bring more value to the forums.
  • as_nawin
    as_nawin
    The_Big_K
    Please try to avoid copy pasting. Original articles bring more value to the forums.
    Don't Mistake Me The articles released by me is not copied from other site's
    mostly from my own blog spot for that i put some effort to post.
    Depends on the members interest i will continue the posting ......

    Young Voice: Blog about Science, Politics and Business...!!!
  • as_nawin
    as_nawin
    AVG,MCAFEE, KASpersky or bitdefender
    The original version of any of these can be efficiently remove viruses
  • nandu070691
    nandu070691
    Nice work Nawin.
  • vik001ind
    vik001ind
    I prefer avast home edition & nod32 eset, avast home edition is free, lighter & works great.
  • PraveenKumar Purushothaman
    PraveenKumar Purushothaman
    A best software would be ComboFix, which is used by many to fix things up and remove malware content, if the system is affected. It is created by Bleeping Computer and you can find more information in their website: ComboFix: A guide and tutorial on using ComboFix

You are reading an archived discussion.

Related Posts

Three things that even Microsoft can't explain! MAGIC #1 An Indian found that nobody can create a FOLDER anywhere on the Computer which can be named as "CON". This is...
Indian software major announced its Q2, 2009 results. Check out the link: https://www.tcs.com/SiteCollectionDo...tations/TCS_PressRelease_IndianGAAP_Q2_10.pdf Definitely a positive message for the Indian IT Industry 😀
Hi all 😁, i want know the difference between the near zone and far zone of antenna . Thanks aksa
Hi. I have a request. Can anyone tell me any computer or communication engineering problems with calculations in C++? For example, calculations for converting 3gp to avi, etcetera. As soon...
Hi guys just try this.Even i had the same problem but i fixed it with the following steps: 1.Go to start -->Run,then type Regedit 2.Navigate to the registry folder HKEY_LOCAL_MACHINE_\SOFTWARE\Microsoft\windows\...