delete autorun virus
How to showed these 3 files in window ?you have to use DOS command.Below are the step to show you how to delete autorun virus.
step 1 - Click 'Start' -> 'Run' ->key in 'cmd',then 'Enter',it will show command prompt
step 2 - Check every drive (C,D,E,...).If you wanted to check the Cdrive,
key in dir c:\ /a/w in command prompt.
If for drive D,key in
dir d:\ /a/w
step 3 - All the system and exe.files will show up in the command prompt,please check is there any autorun.inf and ntdeleted.com inside.Before delete these 2 files.we need to disable 'hidden','system' and 'read only' attributes.
For C drive,key in (in command prompt)
attrib -s -h -r c:\autorun.inf
attrib -s -h -r c:\ntdelect.com
For D drive
attrib -s -h -r d:\autorun.inf
attrib -s -h -r d:\ntdelect.com
step 4 - after disable the attributes,then start to manual delete these 2 files.
(Be careful don't key in ntdetect.com,the actual virus file is ntdelect.com. ntdetect.com is important start up system file,you will know what will happen if deleted ntdetect.com)
C drive key in
del c:\autorun.inf
del c:\ntdelect.com
D drive key in
del d:\autorun.inf
del d:\ntdelect.com
step 5 - After manual delete 'autorun.inf' and 'ntdelect.com',the next step is 'kavo.exe'.You need to delete kavo.exe file in C:\windows\system32\ .Repeat the step 3 to step 4 to disable the attributes and delete the file procedures,key in
attrib -s -h -r c:\windows\system32\kavo.exe
Then delete it with key in
del c:\windows\system32\kavo.exe
step 6 - Delete 'kavo.exe' in registry.
Open registry editor,go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows \CurrentVersion\Run,and
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows \CurrentVersion\Run
What you need to do is delete kavo and c:\windows\system32\kavo.exe value.
step 7 - to enable 'show hidden files and folder'
Open Notepad with new file,copy and paste below registry value and rename as .reg file and save it,then double click on it to save into registry.
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"Text"="@shell32.dll,-30500"
"Type"="radio"
"CheckedValue"=dword:00000001
"ValueName"="Hidden"
"DefaultValue"=dword:00000002
"HKeyRoot"=dword:80000001
"HelpID"="shell.hlp#51105"
step 1 - Click 'Start' -> 'Run' ->key in 'cmd',then 'Enter',it will show command prompt
step 2 - Check every drive (C,D,E,...).If you wanted to check the Cdrive,
key in dir c:\ /a/w in command prompt.
If for drive D,key in
dir d:\ /a/w
step 3 - All the system and exe.files will show up in the command prompt,please check is there any autorun.inf and ntdeleted.com inside.Before delete these 2 files.we need to disable 'hidden','system' and 'read only' attributes.
For C drive,key in (in command prompt)
attrib -s -h -r c:\autorun.inf
attrib -s -h -r c:\ntdelect.com
For D drive
attrib -s -h -r d:\autorun.inf
attrib -s -h -r d:\ntdelect.com
step 4 - after disable the attributes,then start to manual delete these 2 files.
(Be careful don't key in ntdetect.com,the actual virus file is ntdelect.com. ntdetect.com is important start up system file,you will know what will happen if deleted ntdetect.com)
C drive key in
del c:\autorun.inf
del c:\ntdelect.com
D drive key in
del d:\autorun.inf
del d:\ntdelect.com
step 5 - After manual delete 'autorun.inf' and 'ntdelect.com',the next step is 'kavo.exe'.You need to delete kavo.exe file in C:\windows\system32\ .Repeat the step 3 to step 4 to disable the attributes and delete the file procedures,key in
attrib -s -h -r c:\windows\system32\kavo.exe
Then delete it with key in
del c:\windows\system32\kavo.exe
step 6 - Delete 'kavo.exe' in registry.
Open registry editor,go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows \CurrentVersion\Run,and
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows \CurrentVersion\Run
What you need to do is delete kavo and c:\windows\system32\kavo.exe value.
step 7 - to enable 'show hidden files and folder'
Open Notepad with new file,copy and paste below registry value and rename as .reg file and save it,then double click on it to save into registry.
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"Text"="@shell32.dll,-30500"
"Type"="radio"
"CheckedValue"=dword:00000001
"ValueName"="Hidden"
"DefaultValue"=dword:00000002
"HKeyRoot"=dword:80000001
"HelpID"="shell.hlp#51105"
Comments