How To Remove " New Folder.EXE " Manually !!
===============================
Sometimes we can be affected by " New Folder.exe " virus in our system by
Disabling Task Manager.
Disabling Registry Editor.
Creates a startup entry to start upon system start and Creates its own exe files in Shared Documents folder which appear like ordinary folders.
Disables Folder Options Uses your 50% or more processor.
If so,
You can solve by Using any one of these methods. These are same. Only difference is explanation and detail.
Method 1
Search and delete the Autorun.inf
Open Windows Task Scheduler or go to Control Panel > Scheduled tasks and remove any suspicious task
Click on Start > run and type > ‘msconfig’.
In the startup tab, find entries like NewFolder.exe or regsvr.exe and uncheck them.
အေရးႀကီးဆံုး
Remove the following keys from registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
“@”=[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Yahoo Messengger”= [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] “Shell”=”Explorer.exe “
Open Task Manager. In the processes tab, delete any process with the name of NewFolder.exe or regsvr.exe
Open Registry by typing ‘Regedit’ in the Run command box. Please take a backup of the registry before proceeding. Now search for regsvr.exe and Newfolder.exe.
If you find any entries, delete them. Please delete the entries having the exact name as regsvr.exe and not anything else.
If that is appended with other entries, delete its occurrence only and not the whole thing.
Restart the Computer
Method 2
Use Windows File Search Tool to Find newfolder.exe Path
Go to Start > Search > All Files or Folders.
In the “All or part of the the file name” section, type in “newfolder.exe” file name(s).
To get better results, select “Look in: Local Hard Drives” or “Look in: My Computer” and then click “Search” button.
When Windows finishes your search, hover over the “In Folder” of “newfolder.exe”, highlight the file and copy/paste the path into the address bar. Save the file’s path on your clipboard because you’ll need the file path to delete newfolder.exe in the following manual removal steps.
Use Windows Task Manager to Remove newfolder.exe Processes
To open the Windows Task Manager, use the combination of CTRL+ALT+DEL or CTRL+SHIFT+ESC.
Click on the “Image Name” button to search for “newfolder.exe” process by name.
Select the “newfolder.exe” process and click on the “End Process” button to kill it.
Detect and Delete Other newfolder.exe Files
To open the Windows Command Prompt, go to Start > Run > cmd and then press the “OK” button.
Type in “dir /A name_of_the_folder” (for example, C:Spyware-folder), which will display the folder’s content even the hidden files.
To change directory, type in “cd name_of_the_folder”.
Once you have the file you’re looking for type in del “name_of_the_file”.
To delete a file in folder, type in “del name_of_the_file”.
To delete the entire folder, type in “rmdir /S name_of_the_folder”.
Select the “newfolder.exe” process and click on the “End Process” button to kill it.
Method 3
Search for autorun.inf file. It is a read only file. Selecting the properties of file(s) and un-check the read only option.
Open the file in notepad and delete everything and save the file.Now change the file status back to read only mode so that the virus could not get access again.
Click start->run and type msconfig and click ok
Go to startup tab look for regsvr and uncheck the option click OK.
Click on Exit without Restart.
Go to control panel -> scheduled tasks, and delete the At1 task listed their.
Click on start -> run and type gpedit.msc and click Ok.
Go to users configuration->Administrative templates->system
Find prevent access to registry editing tools and change the option to disable.
Once you do this you have registry access back.
Click on start->run and type regedit and click ok
Go to edit->find and start the search for regsvr.exe,
Delete all the occurrence of regsvr.exe; remember to take a backup before deleting. KEEP IN MIND regsvr32.exe is not to be deleted. Delete regsvr.exe occurrences only.
At one or two places you will find it after explorer.exe in theses cases only delete the regsvr.exe part and not the whole part. E.g. Shell = Explorer.exe regsvr.exe the just delete the regsvr.exe and leave the explorer.exe
Click on start->search->for files and folders.
There click all files and folders
Type *.exe as filename to search for
Click on ‘when was it modified ‘ option and select the specify date option
Type from date as current also type To date as current date
Now hit search and wait for all the exe’s to show up.
Once search is over select all the exe files and shift+delete the files,
Also selecting lot of files together might make your computer unresponsive so delete them in small bunches.
Also find and delete regsvr.exe, svchost .exe (notice an extra space between the svchost and .exe)
Now do a reboot and you are done.
How to fix Newfolder.exe manually? For advanced users only
This problem can be solved manually by deleting all registry keys and files connected with this software, removing it from starup list and unregistering all corresponding DLLs. Additionally missing DLL's should be restored from distribution in case they are corrupted by Iddono. To fix this threat, you should:
1. Kill the following processes and delete the appropriate files:
libedit.dll
newfolder.exe
shelliddono.dll
srv0104.ids
srvidd20.exe
If these files can't be deleted during normal Windows work or recreate themselves, reboot into Safe Mode and repeat deletion. If you do not see all of these files, then they are hiding themselves. You need special software to kill those hidden files.
2. Delete the following malicious registry entries and\or values:
Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Run for nwiz.exe
Value: @
Key: software\microsoft\windows\currentversion\run\alchem
Value: @
Key: software\microsoft\windows\currentversion\run\zzb
Value: @
software down ရန္ site (www.new-folder-virus.com/fix-wizard/NewFolderRemovalTool.exe)
No comments:
Post a Comment