SAVE YOUR COMPUTER......

This is my first lens.
This lens is about removing nasty virus which eats up your cpu power & slow computing.Most of these unwanted programs comes through "USB thumb drives"


Analysing whether you are infected or not

Do your computer runs slow after inserted a usb thumb drive, or some strange things happen, like

a) When hitting the alt ctrl del gives an error message taskmanager is disabled by administrator eventhough you are the administrator.

b) You are not able to see the hidden files evenif you selest the show hidden files in folder options.

c) Every program you runs get minimized to taskbar.

if any of these problems are present,then this is the thing you need to read.

STEP BY STEP PROCESS

Identify the VILLAN(the virus)

First you have to identify the virus program which will be running in background. For this run the taskmanager(it may be disabled by virus no problem) and see which all processes are eating up the cpu. You may notice some processes have the same or similar names that of system services. the suspicious processes may be lsass.exe (2 of them running with one running on user), isass.exe, svvchost.exe, scvhost.exe, new folder.exe, regsvr.exe etc...

The tools you need to download

These are all freewares and small in size. i recommend softpedia.com for freeware downloads.

1.Processexplorer -size 1.52 MB
2.RRT (Remove Restriction Tool) -size 48.9 KB
3.Hijackthis -size 208 kb
4.Tweakui -size 146kb

1.Disabling the Virus programs that are running

Run processxp.exe, kill all processes that have the icon of a folder.(REMEMBER there is no application that has an icon that of a folder) kill the processes which comes below the explorer.exe and has names similar to system services.after this DONOT double click any of the hard disk drives or usb drives, if you want to open a file use the explore button from the toolbar and browse the contents.

2.Removing the restrictions made by Virus

Virus makes some restrictions in the computer so that it cannot be identified easily, some common restrictions are disabling the taskmanager, disabling the show hidden files option in folder options, virus may be using the xp's autorun feature to run itself when we double click a hard disk drive and these autorun.inf and autorun.exe files are hidden.

For removing these restrictions run RRT.EXE and tick all the restrictions and select REMOVE button. This will remove the restrictions .(DoNOT restart now)

3.Deleting the virus

Run the SEARCH and search for *.exe with extented to include hidden files in advanced option, this will show all the exe files and delete all files which has the icon of a folder (easy way to find these files is by arranging it by file size , all these files usually have same size like 164 kb, 102kb etc..)
Open all the drives by using the explore option (not by right clicking the drive use it from toolbar) and open the file named autorun.inf and view which file is that it may run. Delete the destination file and the autorun.inf files.

4.Restoring the registry changes made by virus

Run hijackthis.exe and do a system scan. tick all the boxes and click fix all button.(if you know which all programs you need you can avoid those programs from the list)

5.Prevention is better than cure

Run the tweakui.exe.in this open My Computer/Autoplay/Types untick "enable autoplay for removable drives". This will prevent usb drives from autorunning the virus (if present) from the drive as they are inserted.

DoNOT double click the removable drives at first, explore end see if there is any autorun.inf file leading to a virus program. DELETE it also.

NOW RESTART AND REGAIN YOUR COMPUTER'S SPEED.